7x31/mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add OWASP CSRF Protector, add more secure session handling

Browse Source
This commit is contained in:
andryyy
2017-05-07 13:38:31 +02:00
parent 8c8bfc0108
commit 3c937f75ba
9 changed files with 174 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/web/inc/lib/composer.json
View File

@@ -1,6 +1,7 @@
{
"require": {
"robthree/twofactorauth": "^1.6",
"yubico/u2flib-server": "^1.0"
"yubico/u2flib-server": "^1.0",
"owasp/csrf-protector-php": "dev-master"
}
}

42
data/web/inc/lib/composer.lock generated
View File

@@ -4,8 +4,44 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "5652a086b6d277d72d7ae0341e517b1e",
"content-hash": "413fc63dc6c7815f0a175217bccb490a",
"packages": [
{
"name": "owasp/csrf-protector-php",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/mebjas/CSRF-Protector-PHP.git",
"reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/mebjas/CSRF-Protector-PHP/zipball/aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
"reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
"shasum": ""
},
"require-dev": {
"satooshi/php-coveralls": "~1.0"
},
"type": "library",
"autoload": {
"classmap": [
"libs/csrf/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"APACHE"
],
"description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
"homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
"keywords": [
"csrf",
"owasp",
"security"
],
"time": "2017-04-12 05:47:07"
},
{
"name": "robthree/twofactorauth",
"version": "1.6",
@@ -92,7 +128,9 @@
"packages-dev": [],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"stability-flags": {
"owasp/csrf-protector-php": 20
},
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],

8
data/web/inc/lib/vendor/composer/autoload_classmap.php vendored
View File

@@ -6,6 +6,14 @@ $vendorDir = dirname(dirname(__FILE__));
$baseDir = dirname($vendorDir);
return array(
'alreadyInitializedException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'baseJSFileNotFoundExceptio' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'configFileNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'csrfProtector' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'incompleteConfigurationException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'jsFileNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'logDirectoryNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'logFileWriteError' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'u2flib_server\\Error' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
'u2flib_server\\RegisterRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
'u2flib_server\\Registration' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',

8
data/web/inc/lib/vendor/composer/autoload_static.php vendored
View File

@@ -21,6 +21,14 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
);
public static $classMap = array (
'alreadyInitializedException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'baseJSFileNotFoundExceptio' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'configFileNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'csrfProtector' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'incompleteConfigurationException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'jsFileNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'logDirectoryNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'logFileWriteError' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
'u2flib_server\\Error' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
'u2flib_server\\RegisterRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
'u2flib_server\\Registration' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',

38
data/web/inc/lib/vendor/composer/installed.json vendored
View File

@@ -84,5 +84,43 @@
],
"description": "Library for U2F implementation",
"homepage": "https://developers.yubico.com/php-u2flib-server"
},
{
"name": "owasp/csrf-protector-php",
"version": "dev-master",
"version_normalized": "9999999-dev",
"source": {
"type": "git",
"url": "https://github.com/mebjas/CSRF-Protector-PHP.git",
"reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/mebjas/CSRF-Protector-PHP/zipball/aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
"reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
"shasum": ""
},
"require-dev": {
"satooshi/php-coveralls": "~1.0"
},
"time": "2017-04-12T05:47:07+00:00",
"type": "library",
"installation-source": "source",
"autoload": {
"classmap": [
"libs/csrf/"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"APACHE"
],
"description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
"homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
"keywords": [
"csrf",
"owasp",
"security"
]
}
]

1
data/web/inc/lib/vendor/owasp/csrf-protector-php vendored Submodule

Submodule data/web/inc/lib/vendor/owasp/csrf-protector-php added at aec0d69669