1. 04 Feb, 2019 1 commit
    • James Edwards-Jones's avatar
      Avoid CSRF check on SAML failure endpoint · 6548e01f
      James Edwards-Jones authored
      SAML and OAuth failures should cause a message to be presented, as well
      as logging that an attempt was made. These were incorrectly prevented by
      the CSRF check on POST endpoints such as SAML.
      
      In addition we were using a NullSession forgery protection, which made
      testing more difficult and could have allowed account linking to take
      place if a CSRF was ever needed but not present.
      6548e01f
  2. 19 Jan, 2019 1 commit
  3. 18 Jan, 2019 38 commits