parent
69c03e7479
commit
828d773b49
1
NEWS
1
NEWS
|
@ -7,6 +7,7 @@ New features
|
|||
Enhancements
|
||||
- [web] prohibit duplicate calendar categories in Preferences module
|
||||
- [web] added Romanian (ro) translation - thanks to Vasile Razvan Luca
|
||||
- [web] add security flags to cookies (HttpOnly, secure) (#4525)
|
||||
- [core] enable Oracle OCI support for CentOS/RHEL v7
|
||||
|
||||
Bug fixes
|
||||
|
|
|
@ -383,6 +383,7 @@
|
|||
{
|
||||
WOCookie *authCookie;
|
||||
NSString *cookieValue, *cookieString, *appName, *sessionKey, *userKey, *securedPassword;
|
||||
BOOL isSecure;
|
||||
|
||||
//
|
||||
// We create a new cookie - thus we create a new session
|
||||
|
@ -409,8 +410,14 @@
|
|||
userKey, sessionKey];
|
||||
cookieValue = [NSString stringWithFormat: @"basic %@",
|
||||
[cookieString stringByEncodingBase64]];
|
||||
isSecure = [[[context serverURL] scheme] isEqualToString: @"https"];
|
||||
authCookie = [WOCookie cookieWithName: [self cookieNameInContext: context]
|
||||
value: cookieValue];
|
||||
value: cookieValue
|
||||
path: nil
|
||||
domain: nil
|
||||
expires: nil
|
||||
isSecure: isSecure
|
||||
httpOnly: YES];
|
||||
appName = [[context request] applicationName];
|
||||
[authCookie setPath: [NSString stringWithFormat: @"/%@/", appName]];
|
||||
|
||||
|
|
|
@ -57,18 +57,6 @@
|
|||
function getService($q, $http, $cookies, passwordPolicyConfig) {
|
||||
var service;
|
||||
|
||||
function readLoginCookie() {
|
||||
var loginValues = null,
|
||||
cookie = $cookies.get('0xHIGHFLYxSOGo'),
|
||||
value;
|
||||
if (cookie && cookie.length > 8) {
|
||||
value = decodeURIComponent(cookie.substr(8));
|
||||
loginValues = value.base64decode().split(':');
|
||||
}
|
||||
|
||||
return loginValues;
|
||||
}
|
||||
|
||||
service = {
|
||||
login: function(data) {
|
||||
var d = $q.defer(),
|
||||
|
@ -99,9 +87,8 @@
|
|||
}).then(function(response) {
|
||||
var data = response.data;
|
||||
// Make sure browser's cookies are enabled
|
||||
var loginCookie = readLoginCookie();
|
||||
if (!loginCookie) {
|
||||
d.reject(l('cookiesNotEnabled'));
|
||||
if (navigator && !navigator.cookieEnabled) {
|
||||
d.reject({error: l('cookiesNotEnabled')});
|
||||
}
|
||||
else {
|
||||
// Check password policy
|
||||
|
@ -145,7 +132,6 @@
|
|||
|
||||
changePassword: function(newPassword) {
|
||||
var d = $q.defer(),
|
||||
loginCookie = readLoginCookie(),
|
||||
xsrfCookie = $cookies.get('XSRF-TOKEN');
|
||||
|
||||
$cookies.remove('XSRF-TOKEN', {path: '/SOGo/'});
|
||||
|
@ -156,10 +142,7 @@
|
|||
headers: {
|
||||
'X-XSRF-TOKEN' : xsrfCookie
|
||||
},
|
||||
data: {
|
||||
userName: loginCookie[0],
|
||||
password: loginCookie[1],
|
||||
newPassword: newPassword }
|
||||
data: { newPassword: newPassword }
|
||||
}).then(d.resolve, function(response) {
|
||||
var error,
|
||||
data = response.data,
|
||||
|
|
Loading…
Reference in New Issue