* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
* Add auto-registration when using http_auth
* Document HTTP auth auto-registration
* Check email variable for HTTP auth auto-registration
* Auto-create HTTP users by default
* Fix Context init
(I will provide in another PR a better fix requiring a bit of global refactoring)
* Init language
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
The `FreshRSS_Auth::hasAccess` method is called during auth
initialization (`app/FreshRSS.php:78`), only for `user#create` action.
However, at this step, the `user` configuration namespace hasn't be
initialized yet, and so users weren't able to register because of the
exception... quite critical!
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
* Use cookie_duration correctly
* WIP allow cookie_duration to be modified from GUI
* Allow cookie_duration to actually be updated
* Update view to properly display cookie_duration
* Add new strings in Translation Files
* Fix typo
* Fix trailing whitespace
* I18n: French translation
* I18n fr: Forgot todo
- We have still to fix actualize_script and greader api (refactoring?)
- We have to fix the FreshRSS_Configuration calls
- We have to fix availableLanguages calls
See https://github.com/FreshRSS/FreshRSS/issues/730
General attribute has been removed from system config.
Now subattributes (e.g. environment, salt, title, etc.) are directly accessible.
YOU HAVE TO FIX YOUR ./data/config.php file!
- Remove the general array
- Values inside this array must be kept
- To see what it must look like, please have a look to ./data/config.default.php
(but keep your values!!).
See https://github.com/FreshRSS/FreshRSS/issues/730
- Use only Minz_Configuration
- register() method to load a new configuration file
- get() to get a configuration
- new exceptions related to configuration
- fix a list configuration calls to have FRSS working
Current problems to resolve:
- How to handle configuration param verifications (i.e. check auth_type
is a value from none, http_auth, persona or form)
- We must use $conf = Minz_Configuration::get('system'); $general_conf = $conf->general;
to access global system configuration which is quite annoying. How to change that?
See https://github.com/FreshRSS/FreshRSS/issues/730
