6e37fd7...
by
Bill Erickson
on 2011-10-11
Authentication block logging
* Login too-many- auth-failures message at Info level instead of Internal
* Log the username getting blocked
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
44687e2...
by
Galen Charlton
on 2011-10-06
fix authentication failure
Ensure that the auth_limit values are read when open-ils.auth
initializes, not during oilsAuthInit(). This solves a problem
observed on brick-based setups where authentication could
incorrectly fail because the drone that processes
open-ils. auth.authentica te.complete didn't have the the block
count value initialized yet.
Also fixed type nit when compare the fail count to the block
limit.
Signed-off-by: Galen Charlton <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
b53dec7...
by
Thomas Berezansky
on 2011-09-12
When workstation is invalid request a new seed
The original one may no longer be valid
Signed-off-by: Thomas Berezansky <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
daccc32...
by
Thomas Berezansky
on 2011-09-01
Make more auth values configurable
Amount of time seed is valid
Amount of time to keep failure count in memcache since last auth event
Number of failures before locking out auth attempts
Also, remove seed from memcache once it has been used once.
Signed-off-by: Thomas Berezansky <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
40b8cc7...
by
Thomas Berezansky
on 2011-08-30
Brute Force protection for authentication
Count auth failures in memcache.
If 10+ have occurred cause failure.
After 90 seconds of no activity counter resets.
Signed-off-by: Thomas Berezansky <email address hidden>
Signed-off-by: Bill Erickson <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
6025e32...
by
Jason Etheridge <email address hidden>
on 2011-06-15
lp797321: Disable the Apply Payment button during payment processing to mitigate chance of duplicate payments.
I can't actually reproduce the creation of duplicate payments locally with
trunk/2.x, but there are reports of it, and this doesn't seem to hurt. Not
Signed-off-by: Jason Etheridge <email address hidden>
Signed-off-by: Galen Charlton <email address hidden>
e54f0c4...
by
Dan Scott
on 2011-06-01
Whitespace cleanup in aisle 3 (O:A:Reporter)
Signed-off-by: Dan Scott <email address hidden>
8d03998...
by
Michael Peters
on 2011-06-01
LP#740466 Sort report folders by name
Add order_by to Reporter.pm to sort report folders by name
Signed-off-by: Michael Peters <email address hidden>
Signed-off-by: Dan Scott <email address hidden>
7f62c8a...
by
Michael Peters
on 2011-05-31
LP#739444 Incrementing opac.dtd copyright date
Signed-off-by: Michael Peters <email address hidden>
Signed-off-by: Dan Scott <email address hidden>
3b9385f...
by
Jason Etheridge <email address hidden>
on 2011-05-27
Fix Hold Capture Check-In Mode, similar to 9641dcf040798aa c1e274253c8ae8a 722674bcc2
Signed-off-by: Jason Etheridge <email address hidden>