Testing: Break out srcdump-save-check Originally I thought I would keep only one of the srcdump tests, but I have changed my mind. So we need to get rid of this clone-and-hack. srcdump-save-check was identical in the two scripts. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Testing: Rename srcdump-loginback.at (from srcdump.at) This actually tests a rather artificial use case, where the user bookmarks the url, then logs in normally, and then uses the saved url (or achieves the equivalent by using the back button). It should have a name that better reflects this. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Pass srcdump request parameter when redirecting etc. For most of CAF's purposes, the srcdump request parameter is not really for srcdump, since it is not related to authentication. Rather, it exists simply because we do not own the application path namespace. So when generating (or requesting) redirects etc. we should treat it as a form parameter relating to the application. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
srcdump: Introduce srcdump_needlogin option This makes it technically fairly straightforward to take advantage of the CAF Login Exception. In the resulting website the source download link is only present on the login page unless the application also provides such a link, but that link is functional after logging in and can easily be used by bookmarking the url or using multiple browser tabs. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Licence: Add copyright and licence statement to many files The licence (including exception) applies to the whole project, as would be expected. Document this. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> Signed-off-by: Ian Jackson <ijackson@eu.citrix.com>
Licence: Provide CAF Login Exception With the current AGPLv3 licence, someone who deploys a modified CAF must make available their whole web application to all callers. This means that it is not possible to deploy a completely private web application using CAF. I don't think this is desirable. My intention in using the AGPLv3 is not to force everyone to publish their source code outside their user community. To put it another way: I want to flatten the power relationship between a website's users and its operators. But it is not my aim to undo the power imbalance between a website's authorised users and other people on the internet. Indeed such an objective would be bizarre for a module whose function is to enforce access control. I do want to try to make it possible for authorised users of a website, who don't like the decisions made by its operator, to set up an instance of their own, with modifications to their own taste. I'm therefore providing what I'm calling the "CAF Login Exception, v1" as an Additional Permission (as contemplated by AGPLv3 s7). I have also discussed this with my management at Citrix (since Citrix is also a copyrightholder). Permission was granted orally by my line manager in an in-person coversation on Tuesday the 27th of October. Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Testing: Move expect_before timeout to right place Otherwise it relates to the default spawn id which is stdin. The effect is that (a) the timeout is for the whole script, not each expect, and (b) when stdin is /dev/null Tcl gets EOF, closes it, and then complains error writing "stdout": bad file number (which is rather daft). Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>