lams-github / lams_central / web

login.jsp

Clone Tools

Stats

Commits this week: 0
Total Committers: 19
Last Commit: 29 Dec 23
Commits this week: 0

Lines of code count not available

Commit Activity

Commits By Day In Week
52 week commits volume
Commits By Day In Week
Commits by day
Commits By Day In Week
Commits by hour
Commits By Hour In Day
Commit calendar
 

Most active committers (90 days)

loading
loading
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Friday 29 Dec 2023
8:39 pm

Ernie Ghiglione

LDEV-5397 remove autofocus

When someone using an screen readers access a page, by forcing the user to focus on a field form, then all the instructions and page structure is skipped which can be quite confusing

Options
    • -1
    • +0
    ./login.jsp
  2. … 4 more files in changeset.
Wednesday 16 Nov 2022
6:47 pm

Marcin Cieslak

LDEV-4901 Try to fix stale session left after integrations login

Options
    • -1
    • +11
    ./login.jsp
Friday 07 Oct 2022
8:20 pm

Marcin Cieslak

LDEV-5178 Skip password expiration check on login via integrations

Options
    • -1
    • +6
    ./login.jsp
  2. … 2 more files in changeset.
Thursday 14 Apr 2022
4:04 am

Marcin Cieslak

LDEV-5304 Make Signup page process CSRF token correctly

Also better detect LoginAs and signup flow.

Options
    • -0
    • +6
    ./login.jsp
  2. … 3 more files in changeset.
Sunday 03 Apr 2022
2:59 pm

Marcin Cieslak

LDEV-5304 Secure login page from CSRF attack

Check for CSRF attack only for regular logins.

For LoginAs feature and integrations existing HTTP session gets

invalidated and so is the CSRF token.

Options
    • -2
    • +4
    ./login.jsp
  2. … 4 more files in changeset.
Wednesday 09 Jun 2021
12:33 pm

Ernie Ghiglione

LDEV-5200 add svg foreign object check

Options
    • -1
    • +1
    ./login.jsp
Sunday 17 Jan 2021
11:55 pm

Marcin Cieslak

LDEV-4901 Invalidate session on login only if auth as another user

If the user being reauthenticated is the same as current one, just let

him through as SsoHandler will redirect him instead of running

UniversalLoginModule.

Options
    • -1
    • +1
    ./login.jsp
Friday 19 Jun 2020
3:27 pm

Ernie Ghiglione

LDEV-5043 autocomplete stuff for 5.0 branch

Options
    • -3
    • +3
    ./login.jsp
  2. … 3 more files in changeset.
10:36 am

Ernie Ghiglione

LDEV-5043 update autocomplete login/change password form

Options
    • -3
    • +3
    ./login.jsp
  2. … 3 more files in changeset.
Saturday 21 Mar 2020
9:47 am

Andrey Balan

LDEV-4995 Upgrade to bootstrap 4

* Update LAMS code to use bootstrap 4

* Update and redesign index page

Options
    • -126
    • +223
    ./login.jsp
  2. … 198 more files in changeset.
Wednesday 08 Jan 2020
4:07 am

Andrey Balan

LDEV-4932 Start using /common/taglibs.jsp in lams_central

Options
    • -5
    • +2
    ./login.jsp
  2. … 68 more files in changeset.
Monday 18 Nov 2019
4:23 pm

Marcin Cieslak

LDEV-4902 Fix Login As feature when SAML is in use.

Does not seem to work well on Chrome.

Options
    • -2
    • +3
    ./login.jsp
Tuesday 05 Nov 2019
6:52 pm

Marcin Cieslak

LDEV-4901 Rewrite session invalidation mechanism

On WildFly 8 session invalidation mechanism had some bugs. Marek

introduced a workaround in LDEV-3413. The mechanism was adjusted in

LDEV-4293, especially in this commit

https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=131ce42e64069f574a2a4a9bc1e5c4be4918e5bb

Newer WildFly versions do not seem to have this bug. A part of

workaround was removed in LDEV-4696, but invalidation mechanism stayed

as if the bugs were still present. The mechanism introduced the problem

with timeouts. Now that the bugs seems to be gone, the invalidation

mechanism was rewritten to a more straightforward version which should

have been used from the start.

It is worth keeping in mind that when one user session is present and

another is being created (another browser, integration call, sysadmin's

LoginAs feature), then user gets authenticated, then old session gets

invalidated and the user gets authenticated AGAIN by WildFly using

cached credentials. Caching is so useful that we can not turn it off. It

means that, though, we need to keep login token generated by

LoginRequestServlet for longer than just first authentication, as we get

authentication call twice. Now we keep it until it is timed out.

Options
    • -2
    • +1
    ./login.jsp
  2. … 3 more files in changeset.
Monday 14 Oct 2019
5:38 pm

Andrey Balan

LDEV-4873 Revert LAMS copyright label removal

Options
    • -1
    • +5
    ./login.jsp
  2. … 1 more file in changeset.
Saturday 12 Oct 2019
4:42 am

Andrey Balan

LDEV-4873 Remove version numbering from login and main pages

And add it instead to sysadmin.jsp

Options
    • -11
    • +4
    ./login.jsp
  2. … 2 more files in changeset.
Wednesday 06 Feb 2019
11:04 am

Fiona Malikoff <Fiona.Malikoff@gmail.com>

LDEV-4759 Panels are now cards.

Options
    • -1
    • +1
    ./login.jsp
  2. … 506 more files in changeset.
Friday 01 Feb 2019
10:38 am

Fiona Malikoff <Fiona.Malikoff@gmail.com>

LDEV-4759 Authoring and monitoring tabs working

Options
    • -1
    • +1
    ./login.jsp
  2. … 315 more files in changeset.
Wednesday 30 Jan 2019
8:44 pm

Fiona Malikoff <Fiona.Malikoff@gmail.com>

LDEV-4759 Upgraded bootstrap-tour, dialogs opening at appropriate size

Options
    • -1
    • +1
    ./login.jsp
  2. … 17 more files in changeset.
Sunday 27 Jan 2019
10:24 am

Fiona Malikoff <Fiona.Malikoff@gmail.com>

LDEv-4759 Material Kit for Bootstrap 4 files installed into lams_central

Options
    • -66
    • +70
    ./login.jsp
  2. … 263 more files in changeset.
Wednesday 28 Nov 2018
3:50 pm

Marcin Cieslak

Merge remote-tracking branch 'origin/master' into lams31

Conflicts:

lams_central/src/java/org/lamsfoundation/lams/web/ForgotPasswordServlet.java

lams_central/web/forgotPassword.jsp

lams_central/web/forgotPasswordChange.jsp

lams_central/web/forgotPasswordProc.jsp

lams_tool_assessment/web/pages/learning/results.jsp

Options
    • -4
    • +18
    ./login.jsp
  2. … 10 more files in changeset.
3:54 am

Andrey Balan

LDEV-4710 Add config setting to enable "Forgot your password?" option

Also if people try to get to the login page by going to the URL

directly, we display a 404 error message.

Options
    • -4
    • +18
    ./login.jsp
  2. … 5 more files in changeset.
Friday 31 Aug 2018
5:19 pm

Marcin Cieslak

LDEV-4440 Various fixes in admin

Options
    • -4
    • +5
    ./login.jsp
  2. … 7 more files in changeset.
Saturday 21 Apr 2018
6:33 pm

Marcin Cieslak

Monthly merge from master to lams31

Conflicts:

lams_build/conf/slim/standalone.xml

lams_build/conf/standalone.xml

lams_build/lib/lams/lams-central.jar

lams_build/lib/lams/lams.jar

lams_central/src/java/org/lamsfoundation/lams/authoring/ObjectExtractor.java

lams_central/src/java/org/lamsfoundation/lams/authoring/template/web/LdTemplateAction.java

lams_central/src/java/org/lamsfoundation/lams/authoring/template/web/TBLTemplateAction.java

lams_central/src/java/org/lamsfoundation/lams/authoring/web/AuthoringAction.java

lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java

lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java

lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/action/MonitoringAction.java

lams_tool_scratchie/src/java/org/lamsfoundation/lams/tool/scratchie/service/ScratchieServiceImpl.java

Options
    • -0
    • +1
    ./login.jsp
  2. … 20 more files in changeset.
Thursday 12 Apr 2018
7:41 pm

Marcin Cieslak

LDEV-4548 Disable login button after clicking

Options
    • -0
    • +1
    ./login.jsp
  2. … 1 more file in changeset.
Monday 09 Oct 2017
9:14 pm

Marcin Cieslak

LDEV-4293 Tune session log out

Make sure mapping login->session is cleared in certain situations.

Check if a session already exists for the given login. If so, invalidate

one of the sessions.

Options
    • -5
    • +6
    ./login.jsp
  2. … 2 more files in changeset.
4:23 pm

Marcin Cieslak

LDEV-4293 Rewrite session invalidation mechanism

Server-side non-current session invalidation does not work well on

clustered WildFly 10. It breaks Infinispan distributed session cache and

makes a logged out user clear LAMS cookies, otherwise he/she gets a

blank screen. See WFLY-7281 and WFLY-7229.

So instead of invalidating a session we mark it for invalidation. The

next time the user tries to use it, the session gets invalidated and the

user gets an error screen (not a very clean solution, but more effective

than another filter which would nicely redirect the user to logout

screen).

This solution seems to work nicely if both browsers interact with the

same node. Since we use distributed session for failover rather than

replication, it should be OK.

Options
    • -4
    • +3
    ./login.jsp
  2. … 3 more files in changeset.
Wednesday 19 Jul 2017
6:30 pm

Fiona Malikoff <Fiona.Malikoff@gmail.com>

LDEV-4367 Skins can be created

The SASS files are now configured to allow a new variable file to be

set up with different colours and for users to be able to switch

between skins.

Options
    • -1
    • +1
    ./login.jsp
  2. … 156 more files in changeset.
Saturday 17 Dec 2016
7:41 am

erniegx <ernieg@gmail.com>

LDEV-4030: renaming label

Options
    • -1
    • +1
    ./login.jsp
Thursday 01 Dec 2016
4:46 pm

SanjanaPabsetti <Sanjana.pabsetti@gmail.com>

LDEV-4030 :Disable login for a few minutes after X number of attempts

Options
    • -1
    • +1
    ./login.jsp
  2. … 1 more file in changeset.
11:08 am

SanjanaPabsetti <Sanjana.pabsetti@gmail.com>

LDEV-4030 :Disable login for a few minutes after X number of attempts

Options
    • -0
    • +7
    ./login.jsp
  2. … 5 more files in changeset.