]>
WPIA git - gigi.git/log
Lucas Werkmeister [Sat, 25 Jan 2020 18:30:38 +0000 (18:30 +0000)]
Merge "fix: missing h4 on rules page"
Lucas Werkmeister [Sat, 25 Jan 2020 18:26:11 +0000 (18:26 +0000)]
Merge "upd: change wording"
Felix Dörre [Thu, 19 Dec 2019 07:19:14 +0000 (07:19 +0000)]
Merge "add: add (OU) to make sure what is the entry department used for"
Felix Dörre [Thu, 19 Dec 2019 07:18:24 +0000 (07:18 +0000)]
Merge "fix: remove SPKAC from certificate request routine"
INOPIAE [Tue, 17 Dec 2019 19:48:46 +0000 (20:48 +0100)]
fix: missing h4 on rules page
Change-Id: Ibc69d6b111fa9dfcb63042d5d11f0654d4e86192
INOPIAE [Thu, 5 Dec 2019 15:30:17 +0000 (16:30 +0100)]
upd: change wording
Change-Id: I5d531277b01f7f09017010d5f02e8f023e95ec11
INOPIAE [Tue, 24 Jul 2018 13:46:42 +0000 (15:46 +0200)]
add: enable Support to see the new RA Agent status
Change-Id: I211817db4565f7a033cb8837e51a086303d7d5eb
INOPIAE [Tue, 24 Jul 2018 11:44:53 +0000 (13:44 +0200)]
add: functionality to promote a user via test manager to RA Agent
Change-Id: Ic954b854bca4c32860db2a707f9cbbe6ecb4b179
INOPIAE [Fri, 6 Jul 2018 12:54:01 +0000 (14:54 +0200)]
add: handling of RA Agent Contract
Only covers the basic functionality.
The full text of the contract and the email will be covered in a later
patch.
The data contract.id and contract.token will be used for pdf-output in a
later patch.
The implementation of the restrictions connected to signed contract will
be covered in a later patch.
Change-Id: I5b47d31458779d227a4f9702a9e7563ab210e7e5
Marcus Mängel [Sun, 24 Nov 2019 23:28:10 +0000 (23:28 +0000)]
Merge "fix: change typo for year"
INOPIAE [Mon, 11 Nov 2019 20:45:24 +0000 (21:45 +0100)]
add: add (OU) to make sure what is the entry department used for
Change-Id: I447f790ea87a76e733ecfc829d299a8e0b1fc788
INOPIAE [Sun, 24 Nov 2019 04:41:31 +0000 (05:41 +0100)]
fix: change typo for year
Change-Id: Ie2e9c02adac96f2816c0c523c88d29565665cdc0
INOPIAE [Fri, 22 Nov 2019 15:06:20 +0000 (16:06 +0100)]
fix: change wording of error message
Text change according to
https://pad.ccs-baumann.de/p/audit-meeting-
20191121
Change-Id: I7ac3946f70ec87799c793ea3729f1fec254c9fc7
Marcus Mängel [Sun, 3 Nov 2019 06:25:47 +0000 (06:25 +0000)]
Merge "add: new function to set a challenge expired via test manager"
Felix Dörre [Sat, 19 Oct 2019 14:22:43 +0000 (14:22 +0000)]
Merge "add: password reset after certificate login"
Felix Dörre [Fri, 4 Oct 2019 15:02:38 +0000 (17:02 +0200)]
fix: use os-provided public suffix
Change-Id: I9b4fc3d9d0a6cbb54c3d8165bf225241041b9cf7
INOPIAE [Sun, 15 Sep 2019 09:40:01 +0000 (11:40 +0200)]
add: password reset after certificate login
fixes issue #173
Change-Id: If92565d0747ea2b10fa64066ca8ce7be79e46f27
INOPIAE [Mon, 23 Sep 2019 04:21:17 +0000 (06:21 +0200)]
fix: adjust output to show delete button correct
Change-Id: I708e9cda67d33a7a35b414b8d74a3d7ab204608d
INOPIAE [Sat, 21 Sep 2019 04:11:19 +0000 (06:11 +0200)]
add: new function to set a challenge expired via test manager
The function is added to enable testing with expired challenges.
Change-Id: I36f71a23e12aecc0870f95c15b20818b444322f9
Lucas Werkmeister [Sat, 14 Sep 2019 12:34:17 +0000 (14:34 +0200)]
Merge "add: implement password change log"
Benny Baumann [Thu, 12 Sep 2019 17:30:13 +0000 (19:30 +0200)]
Merge "add: check that new email address is not linked to organisation domain"
INOPIAE [Sat, 23 Feb 2019 05:40:54 +0000 (06:40 +0100)]
add: implement password change log
fixes issue #42
Change-Id: I64a8ab5ff675852029b19e2e325f8fcd738544d5
Marcus Mängel [Wed, 11 Sep 2019 03:12:50 +0000 (05:12 +0200)]
Merge "add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:44 +0000 (05:12 +0200)]
Merge "add: ensure that for TTPAgent action there is a valid TTPAgent Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:39 +0000 (05:12 +0200)]
Merge "add: ensure that for OrgAgent action there is a valid OrgAgent Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:31 +0000 (05:12 +0200)]
Merge "add: ensure that for Support actions there is a valid Support Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:17 +0000 (05:12 +0200)]
Merge "add: ensure that for RA Agent actions there is a valid RA Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:11:54 +0000 (05:11 +0200)]
Merge "add: implement to check if user has valid challenges for roles"
Marcus Mängel [Wed, 11 Sep 2019 03:11:35 +0000 (05:11 +0200)]
Merge "add: ensure that for Org Administrator actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:24 +0000 (05:11 +0200)]
Merge "add: ensure that for Org Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:13 +0000 (05:11 +0200)]
Merge "add: ensure that for TTP Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:01 +0000 (05:11 +0200)]
Merge "add: ensure that for RA Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:10:49 +0000 (05:10 +0200)]
Merge "add: ensure that for support actions certificate login is used"
Felix Dörre [Tue, 10 Sep 2019 21:45:40 +0000 (23:45 +0200)]
Merge "add: implement to define a strong authenticated login"
CyB3RC0nN0R [Sat, 31 Aug 2019 19:35:26 +0000 (21:35 +0200)]
add: display fingerprint on RootCertPage, TestCACertificate class
Change-Id: Icdca73da47e87366b686f0fc83558736728357ef
INOPIAE [Thu, 18 Jul 2019 05:43:48 +0000 (07:43 +0200)]
add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge
last patch of series. Fixes issue #150
Change-Id: I17bf8fd5ea9af89792d6ac4fe8f39261e8aa0192
INOPIAE [Wed, 17 Jul 2019 08:50:09 +0000 (10:50 +0200)]
add: ensure that for TTPAgent action there is a valid TTPAgent Challenge
related to issue #150
Change-Id: Ia3658d5ccb5b41ec8954259160f2db2005109691
INOPIAE [Wed, 17 Jul 2019 04:06:36 +0000 (06:06 +0200)]
add: ensure that for OrgAgent action there is a valid OrgAgent Challenge
related to issue #150
Change-Id: I9e57e82da383c26ccbcb659a0f93d5de59816b15
INOPIAE [Tue, 16 Jul 2019 20:04:28 +0000 (22:04 +0200)]
add: ensure that for Support actions there is a valid Support Challenge
related to issue #150
Change-Id: Ibdec5fc46cde59a0f19cefa50f5d3c3508849717
INOPIAE [Tue, 16 Jul 2019 12:42:33 +0000 (14:42 +0200)]
add: ensure that for RA Agent actions there is a valid RA Challenge
related to issue #150
Change-Id: I2438e8941864103fe1b2d7c542736c19acb01419
INOPIAE [Tue, 16 Jul 2019 10:39:51 +0000 (12:39 +0200)]
add: implement to check if user has valid challenges for roles
This is just the basic work for upcoming patches to enforce the
requirement to have a challenge passed within in the given time for
valid tests for certain areas. see issue #150
Change-Id: Ie53634cd2c1d74829c811cd4d35f584ddb0eb307
INOPIAE [Sun, 14 Jul 2019 09:44:40 +0000 (11:44 +0200)]
add: ensure that for Org Administrator actions certificate login is used
related to issue #150
Change-Id: I64beb829327d13f245792843e7bdf02e34b533dd
INOPIAE [Sun, 14 Jul 2019 05:33:56 +0000 (07:33 +0200)]
add: ensure that for Org Agent actions certificate login is used
related to issue #150
Change-Id: I9242be2df77ae9a7e9723bd0a5c5e577a22c3b54
INOPIAE [Sun, 14 Jul 2019 04:43:47 +0000 (06:43 +0200)]
add: ensure that for TTP Agent actions certificate login is used
related to issue #150
Change-Id: If6f636f09b9ea32a8558f1e44474a6585b09ef8d
INOPIAE [Wed, 10 Jul 2019 07:35:09 +0000 (09:35 +0200)]
add: ensure that for RA Agent actions certificate login is used
related to issue #150
Change-Id: Ia6e474a9c3d7fb716c736aeb9b21dfe1f765de6c
INOPIAE [Mon, 8 Jul 2019 12:53:28 +0000 (14:53 +0200)]
add: ensure that for support actions certificate login is used
related to issue #150
Change-Id: I2bc368a8b93d1ccbb3522e74213d2057bd9b2d67
INOPIAE [Mon, 8 Jul 2019 11:19:03 +0000 (13:19 +0200)]
add: implement to define a strong authenticated login
This is just the basic work for upcoming patches to enforce certificate
login for certain areas. see issue #150
Change-Id: I714be6e48a6860e73983be0cbe9e833afb80e78a
Marcus Mängel [Sun, 8 Sep 2019 14:03:38 +0000 (16:03 +0200)]
Merge "add: add sample data and instructions for locale testing"
Marcus Mängel [Sun, 8 Sep 2019 14:03:28 +0000 (16:03 +0200)]
Merge "upd: get enough space between radio/checkbox and following text"
Marcus Mängel [Sun, 8 Sep 2019 14:03:18 +0000 (16:03 +0200)]
Merge "upd: rephrase wording"
Lucas Werkmeister [Sat, 7 Sep 2019 12:23:27 +0000 (14:23 +0200)]
Merge "upd: fix to ensure that only comments are replaced"
Marcus Mängel [Mon, 2 Sep 2019 04:07:05 +0000 (06:07 +0200)]
Merge "upd: small changes for consistent wording and better translation"
INOPIAE [Mon, 2 Sep 2019 04:04:57 +0000 (06:04 +0200)]
upd: rephrase wording
Change-Id: I738e63fd051fea5df3506a4197c33431b69ed35d
INOPIAE [Tue, 13 Aug 2019 19:06:42 +0000 (21:06 +0200)]
upd: get enough space between radio/checkbox and following text
Change-Id: Iebdfa64a8444900d7406249abf875f577cee19e9
INOPIAE [Sat, 17 Aug 2019 12:12:20 +0000 (14:12 +0200)]
add: add sample data and instructions for locale testing
Change-Id: I85dcd7e3d3c6e326c4a174b811c5f03f97986093
INOPIAE [Fri, 30 Aug 2019 05:18:04 +0000 (07:18 +0200)]
upd: correct url in email when ping fails
Change-Id: I4c5c3006b48f0dfd645437284f2c1724a2d27f03
INOPIAE [Sat, 24 Aug 2019 12:16:34 +0000 (14:16 +0200)]
upd: fix to ensure that only comments are replaced
The current code replaces the "-" in "-----BEGIN CERTIFICATE-----" which
may be needed to have sample data for a certificate.
Change-Id: I5d364eba3003ea8e576dfcc9939cbaba2a1cca6a
INOPIAE [Sat, 17 Aug 2019 05:21:57 +0000 (07:21 +0200)]
upd: small changes for consistent wording and better translation
These changes arose while try to translate the GUI.
Change-Id: I6dc7842f7b34703fbbcd8a18e115540f30f299f7
INOPIAE [Thu, 8 Aug 2019 08:11:46 +0000 (10:11 +0200)]
fix: corrected layout of table after bootstrap update
Change-Id: I415387db0756eb9c817290cef4ca2f6f16270ba0
Felix Dörre [Wed, 7 Aug 2019 07:20:56 +0000 (09:20 +0200)]
Merge "upd: added new test to ensure that no underscores are in domain part"
Felix Dörre [Wed, 7 Aug 2019 07:20:50 +0000 (09:20 +0200)]
Merge "upd: move bootstrap from 3.5.1 to 4.3.1"
INOPIAE [Fri, 10 May 2019 11:08:28 +0000 (13:08 +0200)]
add: check that new email address is not linked to organisation domain
Change-Id: If5b0c52ae7111539bf4e792e23158a0686afcea4
INOPIAE [Thu, 18 Jul 2019 12:38:45 +0000 (14:38 +0200)]
upd: restructure order of data checks
Get the order of possible error messages in order with the form fields
Change-Id: Iaf8b5027000ac860d45b0cdc11db1802781fc3c6
INOPIAE [Thu, 18 Jul 2019 12:10:00 +0000 (14:10 +0200)]
add: accept data protection policy during registration
fixes issue #174
Change-Id: I079febbb7dbdfd89257c30a9c499f54d89db3170
INOPIAE [Wed, 19 Jun 2019 20:23:45 +0000 (22:23 +0200)]
upd: added new test to ensure that no underscores are in domain part
According to BR 7.1.4.2.1 no underscores are allowed in dNSName entries.
fixes issue #172
Change-Id: I245b35198b20030292b6bf21ae91e23b53efa516
INOPIAE [Wed, 1 May 2019 12:02:24 +0000 (14:02 +0200)]
upd: move bootstrap from 3.5.1 to 4.3.1
Change-Id: I7763f17efc74bc406aed2464255bce3a92752821
INOPIAE [Sat, 23 Feb 2019 04:04:57 +0000 (05:04 +0100)]
fix: remove SPKAC from certificate request routine
fixes issue #137
Change-Id: I67f71265c8b675c8a746539db66f534660d8cd55
INOPIAE [Fri, 1 Feb 2019 05:03:28 +0000 (06:03 +0100)]
upd: fix to upper case to be consistent with labeling of buttons
Change-Id: I3cdc00967f8979023b0fbd4fde576ba082ee9380
INOPIAE [Tue, 8 Jan 2019 05:03:59 +0000 (06:03 +0100)]
upd: change sorting of trainings to descending
Enable user to find the last records easier, especially for support.
Change-Id: I3a1aacbf8d4c128b99640e443df1a97606786005
Lucas Werkmeister [Sun, 23 Dec 2018 10:34:50 +0000 (11:34 +0100)]
Merge "add: show sha-1 and sha-256 fingerprint on certificate page "
INOPIAE [Sat, 15 Dec 2018 11:05:06 +0000 (12:05 +0100)]
add: show sha-1 and sha-256 fingerprint on certificate page
Change-Id: I9feb13ab227ed85dd640f3757996556a0f01e69b
Felix Dörre [Mon, 17 Dec 2018 20:00:32 +0000 (21:00 +0100)]
Merge "chg: rephrase wording to make clear that OrgAdmin works on behalf of org"
Felix Dörre [Mon, 17 Dec 2018 19:40:02 +0000 (20:40 +0100)]
Merge "chg: use imported name"
Felix Dörre [Mon, 17 Dec 2018 19:39:48 +0000 (20:39 +0100)]
Merge "fix: ensure no blanks are entered between name parts and hyphens"
Felix Dörre [Sun, 16 Dec 2018 01:25:31 +0000 (02:25 +0100)]
Merge "fix: make MyDetails/SwitchToOrg work again"
INOPIAE [Wed, 12 Dec 2018 20:29:49 +0000 (21:29 +0100)]
chg: rephrase wording to make clear that OrgAdmin works on behalf of org
Change-Id: I88fd5eee6250f68c32e7de7945b14c0f66dd29ea
Lucas Werkmeister [Wed, 12 Dec 2018 23:18:25 +0000 (00:18 +0100)]
chg: use imported name
Since change I6ac4ac919b (commit
443b1f0954 ), this file imports
java.util.Date, so we no longer need the fully qualified name.
Change-Id: I458c3240d87855047c7f84f52a7af1e38a2c8ac5
Felix Dörre [Sun, 9 Dec 2018 12:01:13 +0000 (13:01 +0100)]
fix: make MyDetails/SwitchToOrg work again
MyDetails.java needs this parameter to know to which form to dispatch
the request as there are two forms that post
to the same url. See src/club/wpia/gigi/pages/account/MyDetails.java#L49
Change-Id: I8aade6f43193b3df5676e86857d2db9f016cddc4
Lucas Werkmeister [Wed, 12 Dec 2018 23:17:46 +0000 (00:17 +0100)]
Merge "add: display on cert status check if cert is valid and expired"
INOPIAE [Tue, 27 Nov 2018 06:43:46 +0000 (07:43 +0100)]
upd: adjust time conditions according to BR requirements
fix issue #167
Change-Id: I47145e69e277c7d765aca8f4ff635b4627dc31aa
INOPIAE [Wed, 22 Aug 2018 05:48:19 +0000 (07:48 +0200)]
add: display on cert status check if cert is valid and expired
Change-Id: I6ac4ac919bf721419be296012ec1e091af2990f5
Lucas Werkmeister [Tue, 21 Aug 2018 18:02:26 +0000 (20:02 +0200)]
Merge "add: make sure org admin cannot delete domain from org account"
INOPIAE [Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)]
add: make sure org admin cannot delete domain from org account
Only an Org RA Agent should be able to delete a domain from an
organisation account
Change-Id: I2617f5e75afaea3a877036b4aa29d66abaefa3b6
INOPIAE [Tue, 24 Jul 2018 19:11:22 +0000 (21:11 +0200)]
fix: make sure a single name is not empty
Change-Id: Ic375db394c6fc7524e71dd026cd68e26999596a2
Lucas Werkmeister [Mon, 23 Jul 2018 20:46:30 +0000 (22:46 +0200)]
Merge "add: ensure org ra agents cannot manage org where they are org admin"
Benny Baumann [Mon, 23 Jul 2018 20:39:24 +0000 (22:39 +0200)]
Merge "add: handling of who issued a certificate"
INOPIAE [Sat, 14 Jul 2018 08:09:53 +0000 (10:09 +0200)]
add: ensure org ra agents cannot manage org where they are org admin
As org admin of the organisation they should only be able to edit org
admins of that organisation but no organisation details.
Change-Id: Icbdd215f9f50ed106176c6af5e796cb62fcb5593
INOPIAE [Sun, 22 Jul 2018 08:31:08 +0000 (10:31 +0200)]
fmt: adjust correct wording
Change-Id: I33408bfa2367feb95b9f8f75d34fc74c94a9fc98
INOPIAE [Wed, 27 Jun 2018 06:51:45 +0000 (08:51 +0200)]
add: handling of who issued a certificate
fixes issue #155
Change-Id: I868c9b9147e647d940508c8f131691e5062c1cf3
INOPIAE [Fri, 13 Jul 2018 06:08:03 +0000 (08:08 +0200)]
fix: ensure no blanks are entered between name parts and hyphens
fixes issue #156
Change-Id: I3796dc8dfdf20cb64b325b56f3879030957e02d3
INOPIAE [Sat, 7 Jul 2018 03:59:47 +0000 (05:59 +0200)]
fmt: proper use of lower case to have consistent warning messages
Change-Id: I14ee00620fb9393fb8e20b47fa3e0bbcec0e32dd
Lucas Werkmeister [Mon, 9 Jul 2018 21:32:09 +0000 (23:32 +0200)]
add: labels for checkboxes
Associating a checkbox with its label improves accessibility and makes
it more convenient to toggle the checkbox.
For most checkboxes, this adds an `id` for the checkbox and associates
the label with it via the `for` attribute, but for checkboxes in a loop
we can’t use that (multiple checkboxes would have the same `id`), so
there the technique of wrapping the input inside the label is used
instead.
Change-Id: I01b3b8cc57bcdb667bae27f6d88e3c65533a21f5
Lucas Werkmeister [Wed, 4 Jul 2018 22:35:35 +0000 (00:35 +0200)]
chg: remove unused import
Change-Id: I8184fde037157d220ded2ab2a8e1cb5b75c96844
INOPIAE [Sun, 1 Jul 2018 09:06:52 +0000 (11:06 +0200)]
upd: added warning to error message
The error message is more a warning.
Change-Id: I0b27886b54fce016249f26b68446d35c3dd0625b
Lucas Werkmeister [Thu, 14 Jun 2018 21:25:39 +0000 (23:25 +0200)]
add: test for PasswordHashChecker
The last of the four assertions is intended to record the fact that we
don’t currently check the hash of a “simplified” (here: lowercased)
version of the password. We might want to do this in the future, but in
my opinion that should then be a deliberate decision, which includes
updating the test accordingly.
Change-Id: I1c8f45a7382bea96bbab80c6730179d55072fc8f
Lucas Werkmeister [Tue, 19 Jun 2018 21:23:34 +0000 (23:23 +0200)]
fix: short files in PasswordHashChecker
For short files (or, presumably, for very rare hashes on all files),
PasswordHashChecker would occasionally attempt to read before the start
or past the end of a file; avoid this with clamping (in two cases where
there is no potentially infinite iteration) or aborting (in the one
other case, where clamping might yield an infinite loop).
Change-Id: Ia1d4f527a2b8589ec43732e0e1a1cf80cb3e2bac
Lucas Werkmeister [Tue, 19 Jun 2018 21:20:22 +0000 (23:20 +0200)]
chg: ignore NoSuchFileException for Pwned Passwords
If we can’t open the Pwned Passwords database because the file does not
exist, there’s no need to print a detailed stack trace: the warning
message should be enough to gently inform the system administrator that
they can improve their security by installing the database. Any other
errors (e. g. permission errors) are still reported.
This is mainly motivated by the dozens of NoSuchFileException stack
traces in CI builds, which this commit should silence.
Change-Id: Id08afc1600a70acfc49b2c4335b533949413b09a
Felix Dörre [Tue, 19 Jun 2018 18:20:54 +0000 (20:20 +0200)]
Merge changes from topic '143'
* changes:
add: optionally check pwned passwords
add: PasswordHashChecker implementation
add: DelegatingPasswordChecker implementation
chg: move PasswordChecker object to Gigi class
add: PasswordChecker interface
Lucas Werkmeister [Sat, 2 Jun 2018 19:53:15 +0000 (21:53 +0200)]
add: optionally check pwned passwords
A new configuration option is added, specifying the path to a file of
known password hashes which Gigi will refuse to accept for user
accounts. If the option is not specified, Gigi attempts to use the Pwned
Passwords database (see the pwned-passwords-bin package) but continues
startup if the database cannot be opened. This is intended to be useful
for developers: production users should always configure the path to the
file explicitly, so that Gigi will refuse to start if the file cannot be
accessed for whatever reason.
The PasswordHashChecker, if used, is chained behind the usual
PasswordStrengthChecker using a DelegatingPasswordChecker.
Change-Id: I9e54bd45fa35d7ea81d44677f50635d6ab8514e0
Felix Dörre [Sun, 14 Jan 2018 23:40:03 +0000 (00:40 +0100)]
add: PasswordHashChecker implementation
The implementation is mostly taken from code in the “lookhash”
repository and its first (only) issue. knownPasswordHash and
estimateHashOffset were written by Felix Dörre, while checkPassword,
compareHashes and the surrounding bits of the class were written by
Lucas Werkmeister.
Part of #143.
Change-Id: I6c4175c85ed40544b2ca6a86673814a0cfbb6dcd