parent
69c03e7479
commit
828d773b49
1
NEWS
1
NEWS
|
@ -7,6 +7,7 @@ New features
|
||||||
Enhancements
|
Enhancements
|
||||||
- [web] prohibit duplicate calendar categories in Preferences module
|
- [web] prohibit duplicate calendar categories in Preferences module
|
||||||
- [web] added Romanian (ro) translation - thanks to Vasile Razvan Luca
|
- [web] added Romanian (ro) translation - thanks to Vasile Razvan Luca
|
||||||
|
- [web] add security flags to cookies (HttpOnly, secure) (#4525)
|
||||||
- [core] enable Oracle OCI support for CentOS/RHEL v7
|
- [core] enable Oracle OCI support for CentOS/RHEL v7
|
||||||
|
|
||||||
Bug fixes
|
Bug fixes
|
||||||
|
|
|
@ -383,6 +383,7 @@
|
||||||
{
|
{
|
||||||
WOCookie *authCookie;
|
WOCookie *authCookie;
|
||||||
NSString *cookieValue, *cookieString, *appName, *sessionKey, *userKey, *securedPassword;
|
NSString *cookieValue, *cookieString, *appName, *sessionKey, *userKey, *securedPassword;
|
||||||
|
BOOL isSecure;
|
||||||
|
|
||||||
//
|
//
|
||||||
// We create a new cookie - thus we create a new session
|
// We create a new cookie - thus we create a new session
|
||||||
|
@ -409,8 +410,14 @@
|
||||||
userKey, sessionKey];
|
userKey, sessionKey];
|
||||||
cookieValue = [NSString stringWithFormat: @"basic %@",
|
cookieValue = [NSString stringWithFormat: @"basic %@",
|
||||||
[cookieString stringByEncodingBase64]];
|
[cookieString stringByEncodingBase64]];
|
||||||
|
isSecure = [[[context serverURL] scheme] isEqualToString: @"https"];
|
||||||
authCookie = [WOCookie cookieWithName: [self cookieNameInContext: context]
|
authCookie = [WOCookie cookieWithName: [self cookieNameInContext: context]
|
||||||
value: cookieValue];
|
value: cookieValue
|
||||||
|
path: nil
|
||||||
|
domain: nil
|
||||||
|
expires: nil
|
||||||
|
isSecure: isSecure
|
||||||
|
httpOnly: YES];
|
||||||
appName = [[context request] applicationName];
|
appName = [[context request] applicationName];
|
||||||
[authCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
[authCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
||||||
|
|
||||||
|
|
|
@ -57,18 +57,6 @@
|
||||||
function getService($q, $http, $cookies, passwordPolicyConfig) {
|
function getService($q, $http, $cookies, passwordPolicyConfig) {
|
||||||
var service;
|
var service;
|
||||||
|
|
||||||
function readLoginCookie() {
|
|
||||||
var loginValues = null,
|
|
||||||
cookie = $cookies.get('0xHIGHFLYxSOGo'),
|
|
||||||
value;
|
|
||||||
if (cookie && cookie.length > 8) {
|
|
||||||
value = decodeURIComponent(cookie.substr(8));
|
|
||||||
loginValues = value.base64decode().split(':');
|
|
||||||
}
|
|
||||||
|
|
||||||
return loginValues;
|
|
||||||
}
|
|
||||||
|
|
||||||
service = {
|
service = {
|
||||||
login: function(data) {
|
login: function(data) {
|
||||||
var d = $q.defer(),
|
var d = $q.defer(),
|
||||||
|
@ -99,9 +87,8 @@
|
||||||
}).then(function(response) {
|
}).then(function(response) {
|
||||||
var data = response.data;
|
var data = response.data;
|
||||||
// Make sure browser's cookies are enabled
|
// Make sure browser's cookies are enabled
|
||||||
var loginCookie = readLoginCookie();
|
if (navigator && !navigator.cookieEnabled) {
|
||||||
if (!loginCookie) {
|
d.reject({error: l('cookiesNotEnabled')});
|
||||||
d.reject(l('cookiesNotEnabled'));
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Check password policy
|
// Check password policy
|
||||||
|
@ -145,7 +132,6 @@
|
||||||
|
|
||||||
changePassword: function(newPassword) {
|
changePassword: function(newPassword) {
|
||||||
var d = $q.defer(),
|
var d = $q.defer(),
|
||||||
loginCookie = readLoginCookie(),
|
|
||||||
xsrfCookie = $cookies.get('XSRF-TOKEN');
|
xsrfCookie = $cookies.get('XSRF-TOKEN');
|
||||||
|
|
||||||
$cookies.remove('XSRF-TOKEN', {path: '/SOGo/'});
|
$cookies.remove('XSRF-TOKEN', {path: '/SOGo/'});
|
||||||
|
@ -156,10 +142,7 @@
|
||||||
headers: {
|
headers: {
|
||||||
'X-XSRF-TOKEN' : xsrfCookie
|
'X-XSRF-TOKEN' : xsrfCookie
|
||||||
},
|
},
|
||||||
data: {
|
data: { newPassword: newPassword }
|
||||||
userName: loginCookie[0],
|
|
||||||
password: loginCookie[1],
|
|
||||||
newPassword: newPassword }
|
|
||||||
}).then(d.resolve, function(response) {
|
}).then(d.resolve, function(response) {
|
||||||
var error,
|
var error,
|
||||||
data = response.data,
|
data = response.data,
|
||||||
|
|
Loading…
Reference in New Issue