Branch: refs/heads/dev Home: https://github.com/galaxyproject/galaxy Commit: b17091a3ec51a4836370f32b71ea72abfe4a966f https://github.com/galaxyproject/galaxy/commit/b17091a3ec51a4836370f32b71ea7... Author: John Chilton <jmchilton@gmail.com> Date: 2017-08-04 (Fri, 04 Aug 2017) Changed paths: M client/galaxy/scripts/galaxy.js M client/galaxy/scripts/layout/menu.js M client/galaxy/scripts/mvc/user/user-preferences.js M lib/galaxy/web/base/controller.py M lib/galaxy/web/framework/webapp.py M lib/galaxy/webapps/galaxy/controllers/user.py M static/maps/galaxy.js.map M static/maps/layout/menu.js.map M static/maps/mvc/user/user-preferences.js.map M static/scripts/bundled/analysis.bundled.js M static/scripts/bundled/analysis.bundled.js.map M static/scripts/bundled/libs.bundled.js M static/scripts/bundled/libs.bundled.js.map M static/scripts/galaxy.js M static/scripts/layout/menu.js M static/scripts/mvc/user/user-preferences.js M templates/galaxy_client_app.mako M templates/user/login.mako M templates/user/register.mako M test/shed_functional/base/twilltestcase.py Log Message: ----------- CSRF protection for login, logout, and user registeration. The approach is to use per-session CSRF tokens - this avoids many complications related to per-form tokens. We generate a sequence of hashes based on session IDs that doesn't follow the same pattern as normal database API IDs by supplying a "kind" parameter to encode_id (we use the same pattern for securing the job files API for Pulsar). Commit: 4effd7d77ae75d577c5d04b34174464a43d075b8 https://github.com/galaxyproject/galaxy/commit/4effd7d77ae75d577c5d04b341744... Author: Eric Rasche <hxr@hx42.org> Date: 2017-08-05 (Sat, 05 Aug 2017) Changed paths: M client/galaxy/scripts/galaxy.js M client/galaxy/scripts/layout/menu.js M client/galaxy/scripts/mvc/user/user-preferences.js M lib/galaxy/web/base/controller.py M lib/galaxy/web/framework/webapp.py M lib/galaxy/webapps/galaxy/controllers/user.py M static/maps/galaxy.js.map M static/maps/layout/menu.js.map M static/maps/mvc/user/user-preferences.js.map M static/scripts/bundled/analysis.bundled.js M static/scripts/bundled/analysis.bundled.js.map M static/scripts/bundled/libs.bundled.js M static/scripts/bundled/libs.bundled.js.map M static/scripts/galaxy.js M static/scripts/layout/menu.js M static/scripts/mvc/user/user-preferences.js M templates/galaxy_client_app.mako M templates/user/login.mako M templates/user/register.mako M test/shed_functional/base/twilltestcase.py Log Message: ----------- Merge pull request #4365 from jmchilton/csrf CSRF protection for login, logout, and user registration. Compare: https://github.com/galaxyproject/galaxy/compare/575696dcc2cc...4effd7d77ae7