Unrud
09bde14e50
Allow auth backends to provide login and password
...
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
Guillaume Ayoub
3e0c8cf285
Update copyright years
2017-05-27 17:28:07 +02:00
Guillaume Ayoub
22d364729b
Use "&" instead of "+" to test booleans
2017-05-23 17:11:28 +02:00
Guillaume Ayoub
5066e97c66
Always compare both login and password to avoid timing attacks
...
Related to #591 .
2017-05-23 16:55:43 +02:00
Unrud
f2fb07fa84
Move authentication delay into __init__.py and add config
...
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c
Compare passwords and hashes in constant time ( Fixes #591 )
2017-05-23 04:07:32 +02:00
Unrud
fc309562da
Repair SSHA method
2017-05-23 04:07:31 +02:00
Guillaume Ayoub
059ba8dec1
Random timer to avoid timing oracles and simple bruteforce attacks
...
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Unrud
689e5c9dd5
Map logins to internal users in Auth module
...
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e2b87d145f
Cosmetics: Don't use % for logging
2016-08-10 23:43:32 +02:00
Guillaume Ayoub
3e52f34309
Remove pylint
2016-08-02 14:39:20 +02:00
Guillaume Ayoub
6bfdcbafec
Cosmetics
2016-08-01 12:50:51 +02:00
Florian Mounier
221379ef85
Sort imports
2016-07-04 14:32:33 +02:00
Guillaume Ayoub
a8fda1aedf
Cut long lines
2016-05-18 22:41:05 +02:00
Markus Unterwaditzer
2dee66133d
Flake8 fixes
2016-05-04 19:25:58 +02:00
Guillaume Ayoub
2f97d7d1e1
Remove global state about configuration and logs
...
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 .
2016-04-22 11:37:02 +09:00
Guillaume Ayoub
1001bcb676
Remove extra auth, rights and storage modules
2016-04-07 19:02:52 +02:00