chiark / gitweb /
Ian Jackson [Tue, 27 Oct 2015 15:15:05 +0000 (15:15 +0000)]
blinding: Properly lift _blind and _unblind for "" and undef
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Sun, 25 Oct 2015 13:37:15 +0000 (13:37 +0000)]
blinding: Blind cookies and hidden form param
Each time we generate a cookie or a hidden form parameter, generate
some random hex digits and xor them with the hex digits in the cookie
or parameter value.
Our cookies contain decimal digits, and punctuation, too. The decimal
digits are simply blinded the same way (which is fine) and the
punctuation is left alone. It's the actual values we care about.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 25 Oct 2015 13:35:25 +0000 (13:35 +0000)]
blinding: Remove handling of REDIRECT-LOGOUT
Nothing sets $kind to REDIRECT-LOGOUT.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 25 Oct 2015 13:34:31 +0000 (13:34 +0000)]
blinding: Move another setting of Params into check_divert
Previously, divert_ok had the knowledge of the need to set
the first of loggedout_param_names. Put this into check_divert.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 25 Oct 2015 13:25:44 +0000 (13:25 +0000)]
blinding: Move setting of Params into check_divert
Previously, divert_ok had the knowledge of the need to set
assoc_param_name in some cases. Put this into check_divert.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sun, 25 Oct 2015 13:24:43 +0000 (13:24 +0000)]
blinding: Discuss CookieSecret a bit differently
Ian Jackson [Sun, 25 Oct 2015 13:23:56 +0000 (13:23 +0000)]
blinding: Introduce _CookieRaw (same as CookieSecret for now
Ian Jackson [Sun, 25 Oct 2015 13:20:49 +0000 (13:20 +0000)]
Fix broken db creation
Ian Jackson [Sun, 25 Oct 2015 13:20:14 +0000 (13:20 +0000)]
srcdump: Fix git vcsscript to work properly
Ian Jackson [Sun, 25 Oct 2015 13:19:26 +0000 (13:19 +0000)]
srcdump: Skip undef entries in srcdump_dirscan_prepare (relevant if SCRIPT_FILENAME is undef, for example
Ian Jackson [Sun, 25 Oct 2015 13:18:33 +0000 (13:18 +0000)]
Add caf-srcdump to .gitignore
Ian Jackson [Sun, 25 Oct 2015 12:05:05 +0000 (12:05 +0000)]
Reformat construct_cookie (no functional change)
Ian Jackson [Thu, 16 Jul 2015 12:10:40 +0000 (13:10 +0100)]
Fix ref to nonpagetype in check_nonpage
Ian Jackson [Thu, 16 Jul 2015 12:10:15 +0000 (13:10 +0100)]
Abolish default_db_setup_stmts and set it up in new_verifier
Ian Jackson [Sun, 7 Apr 2013 17:06:36 +0000 (18:06 +0100)]
db_... settings: rename file from assocdb_...
Ian Jackson [Sun, 7 Apr 2013 16:56:55 +0000 (17:56 +0100)]
caf.db: rename file from caf-assocs.db
Ian Jackson [Sun, 7 Apr 2013 16:51:29 +0000 (17:51 +0100)]
db_prefix setting: change from assocdb_table
Ian Jackson [Wed, 3 Apr 2013 20:52:22 +0000 (21:52 +0100)]
docs: more work
Ian Jackson [Wed, 3 Apr 2013 20:52:14 +0000 (21:52 +0100)]
db_setup_stmts: new setting
Ian Jackson [Thu, 28 Mar 2013 21:15:23 +0000 (21:15 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 21:10:44 +0000 (21:10 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 21:10:35 +0000 (21:10 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 21:01:44 +0000 (21:01 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 20:17:55 +0000 (20:17 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 19:53:32 +0000 (19:53 +0000)]
_chain_params: make an internal-only function as seems to have little plausible external use
Ian Jackson [Thu, 28 Mar 2013 19:50:01 +0000 (19:50 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 19:44:12 +0000 (19:44 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 19:44:05 +0000 (19:44 +0000)]
srcdump_vcsscript: make into a single hash, not a bevy of separate settings
Ian Jackson [Thu, 28 Mar 2013 19:20:18 +0000 (19:20 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 19:06:25 +0000 (19:06 +0000)]
docs: more work
Ian Jackson [Thu, 28 Mar 2013 19:06:02 +0000 (19:06 +0000)]
srcdump_vcs_dirs, etc.: do not handle CVS as metadata dir in ever subdir means we need CVS-specific logic to find working tree root(s)
Ian Jackson [Thu, 21 Mar 2013 17:12:04 +0000 (17:12 +0000)]
docs: more work
Ian Jackson [Thu, 21 Mar 2013 17:10:14 +0000 (17:10 +0000)]
docs: more work
Ian Jackson [Thu, 21 Mar 2013 17:09:55 +0000 (17:09 +0000)]
TODO: some untranslated strings
Ian Jackson [Thu, 21 Mar 2013 17:09:12 +0000 (17:09 +0000)]
is_page: remove obsolete hook
Ian Jackson [Thu, 21 Mar 2013 17:08:57 +0000 (17:08 +0000)]
get_params hook: actually DTRT for multiple-valued parameters
Ian Jackson [Thu, 21 Mar 2013 17:07:32 +0000 (17:07 +0000)]
is_https hook: rename from check_https
Ian Jackson [Thu, 21 Mar 2013 14:57:29 +0000 (14:57 +0000)]
docs: more work
Ian Jackson [Wed, 20 Mar 2013 18:29:33 +0000 (18:29 +0000)]
docs: more work
Ian Jackson [Wed, 20 Mar 2013 18:29:21 +0000 (18:29 +0000)]
need_add_hidden: support use with the class rather than an object
Ian Jackson [Wed, 20 Mar 2013 18:29:02 +0000 (18:29 +0000)]
update_get_need_add_hidden: new $force parameter
Ian Jackson [Wed, 20 Mar 2013 18:27:57 +0000 (18:27 +0000)]
mutate_ok: abolish, and provide only check_mutate
Ian Jackson [Tue, 19 Mar 2013 19:04:27 +0000 (19:04 +0000)]
docs: more work
Ian Jackson [Tue, 19 Mar 2013 17:47:56 +0000 (17:47 +0000)]
docs: more work
Ian Jackson [Tue, 19 Mar 2013 01:09:59 +0000 (01:09 +0000)]
docs: more work
Ian Jackson [Tue, 19 Mar 2013 01:09:55 +0000 (01:09 +0000)]
fixes
Ian Jackson [Sun, 17 Mar 2013 14:12:18 +0000 (14:12 +0000)]
update_get_need_add_hidden: new function
Ian Jackson [Sun, 17 Mar 2013 14:07:08 +0000 (14:07 +0000)]
docs: more work
Ian Jackson [Sun, 17 Mar 2013 14:06:54 +0000 (14:06 +0000)]
.gitignore: add lots of docs files
Ian Jackson [Sun, 17 Mar 2013 13:59:59 +0000 (13:59 +0000)]
docs: more work
Ian Jackson [Sun, 17 Mar 2013 13:59:31 +0000 (13:59 +0000)]
minor improvements and a todo, prompted by docs work
Ian Jackson [Sun, 17 Mar 2013 13:20:40 +0000 (13:20 +0000)]
rename nonpage_ok to check_nonpage
Ian Jackson [Thu, 7 Mar 2013 18:09:41 +0000 (18:09 +0000)]
javascript hijacking fix, docs are still wip
Ian Jackson [Wed, 6 Mar 2013 21:19:57 +0000 (21:19 +0000)]
config: permit unknown promise_... settings
Ian Jackson [Sat, 23 Feb 2013 21:32:44 +0000 (21:32 +0000)]
TODO: need to fix js hijacking
Ian Jackson [Sat, 23 Feb 2013 21:16:35 +0000 (21:16 +0000)]
docs: move into separate file
Ian Jackson [Sat, 23 Feb 2013 21:15:34 +0000 (21:15 +0000)]
docs: wip
Ian Jackson [Sat, 23 Feb 2013 20:38:27 +0000 (20:38 +0000)]
docs: wip
Ian Jackson [Sat, 23 Feb 2013 20:07:40 +0000 (20:07 +0000)]
docs: wip
Ian Jackson [Sat, 23 Feb 2013 20:07:24 +0000 (20:07 +0000)]
automatic agpl compliance: fix licence installation to come soon enough
Ian Jackson [Sat, 23 Feb 2013 20:07:09 +0000 (20:07 +0000)]
automatic agpl compliance: abstract away shell scripts rather than whole code for vcs dumps
Ian Jackson [Sat, 23 Feb 2013 17:42:25 +0000 (17:42 +0000)]
docs: wip
Ian Jackson [Sat, 23 Feb 2013 17:21:01 +0000 (17:21 +0000)]
automatic agpl compliance: fixes
Ian Jackson [Sat, 23 Feb 2013 17:13:25 +0000 (17:13 +0000)]
automatic agpl compliance: fixes, now does files too
Ian Jackson [Sat, 23 Feb 2013 15:50:46 +0000 (15:50 +0000)]
automatic agpl compliance: fixes
Ian Jackson [Mon, 18 Feb 2013 17:04:18 +0000 (17:04 +0000)]
automatic agpl compliance: wip fixes, need to check output tarballs are what we expect
Ian Jackson [Mon, 18 Feb 2013 16:57:21 +0000 (16:57 +0000)]
automatic agpl compliance: wip fixes
Ian Jackson [Mon, 18 Feb 2013 16:46:05 +0000 (16:46 +0000)]
automatic agpl compliance: generation stuff, compiles but untested and not hooked in
Ian Jackson [Mon, 18 Feb 2013 15:50:10 +0000 (15:50 +0000)]
automatic agpl compliance: dumps data, does not yet generate
Ian Jackson [Mon, 18 Feb 2013 15:27:25 +0000 (15:27 +0000)]
automatic agpl compliance: wip, before rationalise locations and dirs
Ian Jackson [Sat, 16 Feb 2013 12:03:56 +0000 (12:03 +0000)]
automatic agpl compliance: rename things "licence" rather than "agpl", handle in _check_divert_core
Ian Jackson [Sat, 16 Feb 2013 11:59:58 +0000 (11:59 +0000)]
automatic agpl compliance: generate links on login forms etc.
Ian Jackson [Mon, 21 Jan 2013 16:47:52 +0000 (16:47 +0000)]
fix is_loggedout
Ian Jackson [Fri, 18 Jan 2013 19:20:40 +0000 (19:20 +0000)]
redirect to https version only if $encrypted_only
Ian Jackson [Fri, 18 Jan 2013 19:16:47 +0000 (19:16 +0000)]
support check_https and also redirect to https version
Ian Jackson [Fri, 18 Jan 2013 19:09:17 +0000 (19:09 +0000)]
spot cookie is missing even though we can't tell what parm value is
Ian Jackson [Fri, 18 Jan 2013 19:08:53 +0000 (19:08 +0000)]
provide new debug hook
Ian Jackson [Fri, 18 Jan 2013 18:48:05 +0000 (18:48 +0000)]
restore umask
Ian Jackson [Fri, 18 Jan 2013 18:45:27 +0000 (18:45 +0000)]
return 1 from module load
Ian Jackson [Fri, 18 Jan 2013 18:45:16 +0000 (18:45 +0000)]
support assocdb_dbh
Ian Jackson [Thu, 17 Jan 2013 13:51:46 +0000 (13:51 +0000)]
actually sort out debugging
Ian Jackson [Wed, 16 Jan 2013 17:57:55 +0000 (17:57 +0000)]
sort out debugging, fix a todo
Ian Jackson [Tue, 15 Jan 2013 17:18:32 +0000 (17:18 +0000)]
change login/password protocol to support custom error messages
Ian Jackson [Tue, 15 Jan 2013 17:16:07 +0000 (17:16 +0000)]
$divert->Message is already translated
Ian Jackson [Fri, 11 Jan 2013 18:15:29 +0000 (18:15 +0000)]
fix exports
Ian Jackson [Fri, 11 Jan 2013 16:47:39 +0000 (16:47 +0000)]
wip, finish path handling, seems to work well now
Ian Jackson [Fri, 11 Jan 2013 16:33:53 +0000 (16:33 +0000)]
wip
Ian Jackson [Fri, 11 Jan 2013 16:20:33 +0000 (16:20 +0000)]
wip
Ian Jackson [Fri, 11 Jan 2013 16:14:04 +0000 (16:14 +0000)]
wip
Ian Jackson [Fri, 11 Jan 2013 16:10:09 +0000 (16:10 +0000)]
wip
Ian Jackson [Fri, 11 Jan 2013 15:54:43 +0000 (15:54 +0000)]
wip
Ian Jackson [Fri, 11 Jan 2013 15:19:29 +0000 (15:19 +0000)]
wip
Ian Jackson [Thu, 10 Jan 2013 19:23:56 +0000 (19:23 +0000)]
fix
Ian Jackson [Thu, 10 Jan 2013 19:15:31 +0000 (19:15 +0000)]
fix
Ian Jackson [Thu, 10 Jan 2013 19:12:31 +0000 (19:12 +0000)]
rename the module
Ian Jackson [Thu, 10 Jan 2013 19:07:39 +0000 (19:07 +0000)]
fixes
Ian Jackson [Thu, 10 Jan 2013 17:35:50 +0000 (17:35 +0000)]
wip, change temp cookies not to be stored
Ian Jackson [Thu, 10 Jan 2013 13:03:40 +0000 (13:03 +0000)]
wip, change hidden params to be hash
Ian Jackson [Thu, 10 Jan 2013 12:32:42 +0000 (12:32 +0000)]
wip
Ian Jackson [Thu, 10 Jan 2013 12:28:21 +0000 (12:28 +0000)]
wip
~ian / cgi-auth-flexible.git / log