Commit Graph

27 Commits

Author SHA1 Message Date
8be792280a Add is_authenticated2 to BaseAuth
Adds the ``login`` argument.
2017-09-17 14:11:36 +02:00
106aeae781 Add documentation to BaseAuth 2017-09-17 14:09:30 +02:00
2c0669046c Use and instead of &
Cosmetic change
2017-09-17 14:03:48 +02:00
1065c0b359 Move documentation to correct method 2017-09-17 14:03:46 +02:00
f912642c20 htpasswd: ignore comments 2017-08-17 06:46:40 +02:00
73038e518a htpasswd: don't strip whitespaces and allow ':' in plain password 2017-08-17 06:46:38 +02:00
276de4fd3a Allow additional config options for external plugins 2017-06-21 09:54:33 +02:00
75605b5f03 Catch all exceptions when loading plugins 2017-06-15 23:54:32 +02:00
eba6621f17 Rename backends from None to none
All other backend names are lower case.
2017-05-31 12:02:29 +02:00
c9664137a5 Improve error handling
* Check the configuration file for errors (check option names and basic type checking).
  * Perform basic type checking on command line arguments.
  * Only print stack traces in debug mode.
  * Include much more information in error messages (e.g. include the path of invalid files).
  * Send Bad Request to clients for invalid XML requests or iCalendar data.
  * Change the log level of some messages.
2017-05-31 11:31:54 +02:00
09bde14e50 Allow auth backends to provide login and password
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
22d364729b Use "&" instead of "+" to test booleans 2017-05-23 17:11:28 +02:00
5066e97c66 Always compare both login and password to avoid timing attacks
Related to #591.
2017-05-23 16:55:43 +02:00
f2fb07fa84 Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
c4537b1f5c Compare passwords and hashes in constant time (Fixes #591) 2017-05-23 04:07:32 +02:00
fc309562da Repair SSHA method 2017-05-23 04:07:31 +02:00
059ba8dec1 Random timer to avoid timing oracles and simple bruteforce attacks
Important note: this is a security fix.
2017-04-19 13:48:30 +02:00
689e5c9dd5 Map logins to internal users in Auth module
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
e2b87d145f Cosmetics: Don't use % for logging 2016-08-10 23:43:32 +02:00
3e52f34309 Remove pylint 2016-08-02 14:39:20 +02:00
6bfdcbafec Cosmetics 2016-08-01 12:50:51 +02:00
221379ef85 Sort imports 2016-07-04 14:32:33 +02:00
a8fda1aedf Cut long lines 2016-05-18 22:41:05 +02:00
2dee66133d Flake8 fixes 2016-05-04 19:25:58 +02:00
2f97d7d1e1 Remove global state about configuration and logs
Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.

Related to #122.
2016-04-22 11:37:02 +09:00
1001bcb676 Remove extra auth, rights and storage modules 2016-04-07 19:02:52 +02:00