8be792280a
Add is_authenticated2 to BaseAuth
...
Adds the ``login`` argument.
2017-09-17 14:11:36 +02:00
106aeae781
Add documentation to BaseAuth
2017-09-17 14:09:30 +02:00
2c0669046c
Use and instead of &
...
Cosmetic change
2017-09-17 14:03:48 +02:00
1065c0b359
Move documentation to correct method
2017-09-17 14:03:46 +02:00
f912642c20
htpasswd: ignore comments
2017-08-17 06:46:40 +02:00
73038e518a
htpasswd: don't strip whitespaces and allow ':' in plain password
2017-08-17 06:46:38 +02:00
276de4fd3a
Allow additional config options for external plugins
2017-06-21 09:54:33 +02:00
75605b5f03
Catch all exceptions when loading plugins
2017-06-15 23:54:32 +02:00
eba6621f17
Rename backends from None to none
...
All other backend names are lower case.
2017-05-31 12:02:29 +02:00
c9664137a5
Improve error handling
...
* Check the configuration file for errors (check option names and basic type checking).
* Perform basic type checking on command line arguments.
* Only print stack traces in debug mode.
* Include much more information in error messages (e.g. include the path of invalid files).
* Send Bad Request to clients for invalid XML requests or iCalendar data.
* Change the log level of some messages.
2017-05-31 11:31:54 +02:00
09bde14e50
Allow auth backends to provide login and password
...
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
3e0c8cf285
Update copyright years
2017-05-27 17:28:07 +02:00
22d364729b
Use "&" instead of "+" to test booleans
2017-05-23 17:11:28 +02:00
5066e97c66
Always compare both login and password to avoid timing attacks
...
Related to #591 .
2017-05-23 16:55:43 +02:00
f2fb07fa84
Move authentication delay into __init__.py and add config
...
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
c4537b1f5c
Compare passwords and hashes in constant time ( Fixes #591 )
2017-05-23 04:07:32 +02:00
fc309562da
Repair SSHA method
2017-05-23 04:07:31 +02:00
059ba8dec1
Random timer to avoid timing oracles and simple bruteforce attacks
...
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
689e5c9dd5
Map logins to internal users in Auth module
...
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
e2b87d145f
Cosmetics: Don't use % for logging
2016-08-10 23:43:32 +02:00
3e52f34309
Remove pylint
2016-08-02 14:39:20 +02:00
6bfdcbafec
Cosmetics
2016-08-01 12:50:51 +02:00
221379ef85
Sort imports
2016-07-04 14:32:33 +02:00
a8fda1aedf
Cut long lines
2016-05-18 22:41:05 +02:00
2dee66133d
Flake8 fixes
2016-05-04 19:25:58 +02:00
2f97d7d1e1
Remove global state about configuration and logs
...
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 .
2016-04-22 11:37:02 +09:00
1001bcb676
Remove extra auth, rights and storage modules
2016-04-07 19:02:52 +02:00