* If token is present do token based auth and do not do anything with session
* update HostController. Use config constants, don't use sessions
* Remove Session from the components list
* spacing
* Remove Session from App Components list.
* Move APIEnabled check to the api from auth.php
* Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken.
* remove debugging
* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH
* fix mUser to username, etc.
* shuffle lines
* use instead of session when generating auth hash.
* Add docs regarding the use of cookies and stateful query param
* Only open/close session if we are clearing a session var
* Use zm_session_start instead of session_start
* Should use zm_session_start instead of session_start
* document that zm_session_start should be called previously to session_regenerate_id
* Don't actually write out the session when generating auth hashes. Means they should never actually persist.
* More backticking of SQL
* add .. to fix#2686
* Use material icons for sort because they look nicer
* fix typo
* have to add authhash to session on login
* restore username&password login for all urls
* fix
* fixes
* experiment with namespaces on the Server class
* experiment with namespaces on the Server class
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
Isaac Connor
Isaac Connor
Matt N
Isaac Connor
Isaac Connor