Unrud
8be792280a
Add is_authenticated2 to BaseAuth
...
Adds the ``login`` argument.
2017-09-17 14:11:36 +02:00
Unrud
106aeae781
Add documentation to BaseAuth
2017-09-17 14:09:30 +02:00
Unrud
2c0669046c
Use and instead of &
...
Cosmetic change
2017-09-17 14:03:48 +02:00
Unrud
1065c0b359
Move documentation to correct method
2017-09-17 14:03:46 +02:00
Unrud
f912642c20
htpasswd: ignore comments
2017-08-17 06:46:40 +02:00
Unrud
73038e518a
htpasswd: don't strip whitespaces and allow ':' in plain password
2017-08-17 06:46:38 +02:00
Unrud
276de4fd3a
Allow additional config options for external plugins
2017-06-21 09:54:33 +02:00
Unrud
75605b5f03
Catch all exceptions when loading plugins
2017-06-15 23:54:32 +02:00
Unrud
eba6621f17
Rename backends from None to none
...
All other backend names are lower case.
2017-05-31 12:02:29 +02:00
Unrud
c9664137a5
Improve error handling
...
* Check the configuration file for errors (check option names and basic type checking).
* Perform basic type checking on command line arguments.
* Only print stack traces in debug mode.
* Include much more information in error messages (e.g. include the path of invalid files).
* Send Bad Request to clients for invalid XML requests or iCalendar data.
* Change the log level of some messages.
2017-05-31 11:31:54 +02:00
Unrud
09bde14e50
Allow auth backends to provide login and password
...
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
Guillaume Ayoub
3e0c8cf285
Update copyright years
2017-05-27 17:28:07 +02:00
Guillaume Ayoub
22d364729b
Use "&" instead of "+" to test booleans
2017-05-23 17:11:28 +02:00
Guillaume Ayoub
5066e97c66
Always compare both login and password to avoid timing attacks
...
Related to #591 .
2017-05-23 16:55:43 +02:00
Unrud
f2fb07fa84
Move authentication delay into __init__.py and add config
...
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
c4537b1f5c
Compare passwords and hashes in constant time ( Fixes #591 )
2017-05-23 04:07:32 +02:00
Unrud
fc309562da
Repair SSHA method
2017-05-23 04:07:31 +02:00
Guillaume Ayoub
059ba8dec1
Random timer to avoid timing oracles and simple bruteforce attacks
...
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
Unrud
689e5c9dd5
Map logins to internal users in Auth module
...
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e2b87d145f
Cosmetics: Don't use % for logging
2016-08-10 23:43:32 +02:00
Guillaume Ayoub
3e52f34309
Remove pylint
2016-08-02 14:39:20 +02:00
Guillaume Ayoub
6bfdcbafec
Cosmetics
2016-08-01 12:50:51 +02:00
Florian Mounier
221379ef85
Sort imports
2016-07-04 14:32:33 +02:00
Guillaume Ayoub
a8fda1aedf
Cut long lines
2016-05-18 22:41:05 +02:00
Markus Unterwaditzer
2dee66133d
Flake8 fixes
2016-05-04 19:25:58 +02:00
Guillaume Ayoub
2f97d7d1e1
Remove global state about configuration and logs
...
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 .
2016-04-22 11:37:02 +09:00
Guillaume Ayoub
1001bcb676
Remove extra auth, rights and storage modules
2016-04-07 19:02:52 +02:00