Commit Graph

27 Commits

Author SHA1 Message Date
Unrud
8be792280a Add is_authenticated2 to BaseAuth
Adds the ``login`` argument.
2017-09-17 14:11:36 +02:00
Unrud
106aeae781 Add documentation to BaseAuth 2017-09-17 14:09:30 +02:00
Unrud
2c0669046c Use and instead of &
Cosmetic change
2017-09-17 14:03:48 +02:00
Unrud
1065c0b359 Move documentation to correct method 2017-09-17 14:03:46 +02:00
Unrud
f912642c20 htpasswd: ignore comments 2017-08-17 06:46:40 +02:00
Unrud
73038e518a htpasswd: don't strip whitespaces and allow ':' in plain password 2017-08-17 06:46:38 +02:00
Unrud
276de4fd3a Allow additional config options for external plugins 2017-06-21 09:54:33 +02:00
Unrud
75605b5f03 Catch all exceptions when loading plugins 2017-06-15 23:54:32 +02:00
Unrud
eba6621f17 Rename backends from None to none
All other backend names are lower case.
2017-05-31 12:02:29 +02:00
Unrud
c9664137a5 Improve error handling
* Check the configuration file for errors (check option names and basic type checking).
  * Perform basic type checking on command line arguments.
  * Only print stack traces in debug mode.
  * Include much more information in error messages (e.g. include the path of invalid files).
  * Send Bad Request to clients for invalid XML requests or iCalendar data.
  * Change the log level of some messages.
2017-05-31 11:31:54 +02:00
Unrud
09bde14e50 Allow auth backends to provide login and password
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
Guillaume Ayoub
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
Guillaume Ayoub
22d364729b Use "&" instead of "+" to test booleans 2017-05-23 17:11:28 +02:00
Guillaume Ayoub
5066e97c66 Always compare both login and password to avoid timing attacks
Related to #591.
2017-05-23 16:55:43 +02:00
Unrud
f2fb07fa84 Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c Compare passwords and hashes in constant time (Fixes #591) 2017-05-23 04:07:32 +02:00
Unrud
fc309562da Repair SSHA method 2017-05-23 04:07:31 +02:00
Guillaume Ayoub
059ba8dec1 Random timer to avoid timing oracles and simple bruteforce attacks
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Unrud
689e5c9dd5 Map logins to internal users in Auth module
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e2b87d145f Cosmetics: Don't use % for logging 2016-08-10 23:43:32 +02:00
Guillaume Ayoub
3e52f34309 Remove pylint 2016-08-02 14:39:20 +02:00
Guillaume Ayoub
6bfdcbafec Cosmetics 2016-08-01 12:50:51 +02:00
Florian Mounier
221379ef85 Sort imports 2016-07-04 14:32:33 +02:00
Guillaume Ayoub
a8fda1aedf Cut long lines 2016-05-18 22:41:05 +02:00
Markus Unterwaditzer
2dee66133d Flake8 fixes 2016-05-04 19:25:58 +02:00
Guillaume Ayoub
2f97d7d1e1 Remove global state about configuration and logs
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.

Related to #122.
2016-04-22 11:37:02 +09:00
Guillaume Ayoub
1001bcb676 Remove extra auth, rights and storage modules 2016-04-07 19:02:52 +02:00