| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* emailauth: Fix cookie problem when user is on https and the cgiurl
uses http, by making the emailed login link use https.
* passwordauth: Use https for emailed password reset link when user
is on https.
Not entirely happy with this approach, but I don't currently see a
better one.
I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.
This commit was sponsored by Michael Magin.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
directory.
Due to the use/abuse of CGI::Session to generate a token for the login
process, a new session database was created for each login, and left behind
afterwards. While each file is small, with many logings this could bloat
the size of /tmp significantly. Fixed by making CGI::Session write to
/dev/null, since there does not seem to be a way to entirely prevent the
writing.
This commit was sponsored by Henrik Riomar on Patreon.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The wikiname can be pretty un-helpful, the user will probably regognise the
url since they were just at it.
|
|
|
|
|
|
| |
There's no real problem if they do change it, except they may get confused
and expect to be able to log in with the changed email and get the same
user account.
|
| |
|
|
|
|
|
| |
Still some work to do since the user name is an email address and should
not be leaked.
|
| |
|
|
|