* added sha1 and bcrypt submodules
* added bcrypt and sha to src build process
* added test sha1 and bcrypt code to validate working
* bcrypt auth migration in PHP land
* added include path
* add sha source
* added bcrypt to others
* put link_dir ahead of add_executable
* fixed typo
* try add_library instead
* absolute path
* absolute path
* build bcrypt as static
* move to wrapper
* move to fork
* logs tweak
* added lib-ssl/dev for JWT signing
* Moved to openSSL SHA1, initial JWT plugin
* removed vog
* fixed SHA1 algo
* typo
* use php-jwt, use proper way to add PHP modules, via composer
* fixed module path
* first attempt to fix cast error
* own fork
* own fork
* add composer vendor directory
* go back to jwt-cpp as PR merged
* moved to jwt-cpp after PR merge
* New token= query for JWT
* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading
* JWT integration, validate JWT token via validateToken
* added token validation to zms/zmu/zmuser
* add token to command line for zmu
* move decode inside try/catch
* exception handling for try/catch
* fix db read, forgot to exec query
* remove allowing auth_hash_ip for token
* support refresh tokens as well for increased security
* remove auth_hash_ip
* Error out if used did not create an AUTH_HASH_SECRET
* fixed type conversion
* make sure refresh token login doesn't generate another refresh token
* fix absolute path
* move JWT/Bcrypt inside zm_crypt
* move sha headers out
* move out sha header
* handle case when supplied password is hashed, fix wrong params in AppController
* initial baby step for api tab
* initial plumbing to introduce token expiry and API bans per user
* remove M typo
* display user table in api
* added revoke all tokens code, removed test code
* use strtoul for conversion
* use strtoul for conversion
* use strtoul for conversion
* more fixes
* more fixes
* add mintokenexpiry to DB seek
* typo
* add ability to revoke tokens and enable/disable APIs per user
* moved API enable back to system
* comma
* enable API options only if API enabled
* move user creation to bcrypt
* added password_compat for PHP >=5.3 <5.5
* add Password back so User object indexes don't change
* move token index after adding password
* demote logs
* make old API auth optional, on by default
* make old API auth mechanism optional
* removed stale code
* forgot to checkin update file
* bulk overlay hash mysql encoded passwords
* add back ssl_dev, got deleted
* fix update script
* added token support to index.php
* reworked API document for new changes in 2.0
* Migrate from libdigest to crypt-eks-blowfish due to notice
* merge typo
* css classess for text that disappear
* fixed html typo
* added deps to ubuntu control files
* spaces
* removed extra line
* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist
* add libssl1.0.0 for ubuntu 16/12
* small API fixes
* clean up of API, remove redundant sections
* moved to ZM fork for bcrypt
* whitespace and google code style
* regenerate auth hash if doing password migration
* dont need AUTH HASH LOGIN to be on
* Add auth hash verification to the user logged in already case
* fix missing ]
* reject requests if per user API disabled
Isaac Connor
Andrew Bauer
Isaac Connor
Pliable Pixels
Pliable Pixels