nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,872 Commits 11 Branches 403 Tags 290 MiB
Commit Graph

7872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
James Valleroy
292bedebe6 Use POST instead of GET for forms. It seems like it's working now. 2013-11-11 07:34:27 -06:00
James Valleroy
25974bad85 Modify firstboot and user_add forms to use add_user function. 2013-11-11 07:34:27 -06:00
James Valleroy
3a696e0bb9 Fix check for already existing username in add_user. Add documentation of process for storing and validating hashed passwords. 2013-11-11 07:31:53 -06:00
James Valleroy
f7ad1089a5 Update tests for auth module, and fix some bugs discovered in auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
2abe8559e5 Add add_user function to auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
c4b2fb1a60 Use bcrypt to hash passwords for new users in firstboot and user_add forms. Removed references to md5 hashing which was already non-functional. 2013-11-11 07:31:53 -06:00
James Valleroy
41e46d53b5 update model 2013-11-11 07:28:27 -06:00
James Valleroy
4a9177a257 Use bcrypt for login form. Add tests to check that salts and hashes are random, and check handling of invalid passwords or salts. 2013-11-11 07:28:26 -06:00
Nick Daly
8ba1d318ec Hash the password on the server. 
This saves us the need of distributing additional client libraries,
and requires us to actually enable proper security instead of
badly-built shims.
 2013-11-10 21:54:39 -06:00
Nick Daly
d8ead196eb Added Debug flag (currently unused). 2013-11-10 21:50:09 -06:00
Nick Daly
d08f139c22 Made errors more Python version-independent. 2013-11-10 21:49:55 -06:00
Nick Daly
95fbf9527f Merge pull request #50 from jvalleroy/fix-redirects 
Fix redirects
 2013-11-10 19:34:34 -08:00
Nick Daly
2958df9f39 Revert 8fd6c607298517e6318ab027da940e3fe5c7830f. 2013-11-10 16:39:43 -06:00
Nick Daly
a9c6b17624 Merge Hostname fix. 2013-11-10 16:34:31 -06:00
Nick Daly
827defed77 Allow Apache to serve Plinth's static files correctly. 
When the */plinth/static* configuration is above */plinth*, it doesn't
work.  Move it below the */plinth* configuration so static files will
be served correctly.
 2013-11-10 16:31:23 -06:00
Nick Daly
13d8514634 Merge pull request #49 from jvalleroy/fix-hostname-change 
Fix parameter for hostname-change
 2013-11-10 13:12:46 -08:00
Nick Daly
574edb93cd Merged with upstream. 2013-11-05 22:46:52 -06:00
Nick Daly
1eb5dde1f7 Merge simple config changes. 2013-11-05 22:45:05 -06:00
Nick Daly
8fd6c60729 Remove static self-reference. 2013-11-05 22:44:06 -06:00
Nick Daly
ae3d61bec4 Simplify config loading. 
These changes should make it easier to customize standard Plinth file
locations for other distributions going forward.  Most of the defaults
have been removed from *cfg.py*: we now assume that your plinth.config
file contains all the data we need.  This may turn out to be a bad
decision (not everybody retains a copy of the original config file).

I've also reorganized *plinth.sample.config* to separate the
directories from the files they're storing.  This should be the file
distributions patch in order to customize file locations per their
preferred file organization.
 2013-11-05 22:03:32 -06:00
James Valleroy
91cdbc4ef8 No need to have avoid timing side-channel attack in user_add. We're just going to tell you if the user already exists anyway. 2013-11-04 02:37:12 +00:00
James Valleroy
978db68137 Remove time.clock line in auth module. It wasn't being used. 2013-11-04 02:23:40 +00:00
James Valleroy
f55ba41551 Use POST instead of GET for forms. It seems like it's working now. 2013-11-04 02:13:27 +00:00
James Valleroy
dccd1deae1 Modify firstboot and user_add forms to use add_user function. 2013-11-04 02:00:40 +00:00
James Valleroy
9238aea8fe Fix check for already existing username in add_user. Add documentation of process for storing and validating hashed passwords. 2013-11-04 01:14:17 +00:00
James Valleroy
01ac7e164e Update tests for auth module, and fix some bugs discovered in auth module. 2013-11-04 00:30:21 +00:00
James Valleroy
dbeb31dfa1 Add add_user function to auth module. 2013-11-03 23:39:16 +00:00
James Valleroy
198cea5b58 Use bcrypt to hash passwords for new users in firstboot and user_add forms. Removed references to md5 hashing which was already non-functional. 2013-11-03 21:55:06 +00:00
James Valleroy
3425d265c3 update model 2013-11-03 21:32:47 +00:00
James Valleroy
2da78b515a Use bcrypt for login form. Add tests to check that salts and hashes are random, and check handling of invalid passwords or salts. 2013-11-03 21:32:47 +00:00
Nick Daly
14bbf48c76 Merge pull request #51 from jvalleroy/fix-user-store 
Fix user store, remove some obsolete code
 2013-11-03 13:17:20 -08:00
James Valleroy
7536b7387b Remove references to deleted md5.js file. 2013-11-02 17:34:17 +00:00
James Valleroy
7b3a2fbe2c Remove completed TODO. 2013-11-02 17:34:17 +00:00
James Valleroy
504a195708 Remove commit line from UserStore. This function was not defined in withsqlite, and also unnecessary since autocommit is on. 2013-11-02 17:34:17 +00:00
Nick Daly
49ce1b9389 Merge JValleroy's test fixes. 2013-11-02 11:37:45 -05:00
Nick Daly
c0049d1d8c Merged JValleroy's test updates. 
The *user_store* tests can find the user_store module, and now the
tests fail for completely different reasons!
 2013-11-02 11:26:35 -05:00
Nick Daly
daca06a9b3 Moved actions/privilegedactions_test.py to tests/. 
Added new "--pause" option in test.sh to pause after each test.
 2013-11-02 10:34:51 -05:00
Nick Daly
b14b0db4d2 Merge pull request #48 from jvalleroy/fix-tests 
Fix tests
 2013-11-02 08:17:11 -07:00
James Valleroy
60ea9f43cd Prepend server_dir to form actions that use absolute paths. 2013-11-02 11:40:18 +00:00
James Valleroy
77948f0e96 prepend server_dir to remaining redirects 2013-11-02 11:34:23 +00:00
James Valleroy
38d3e84961 first_boot needs to move up a folder to reach router. Prepend server_dir to redirects in router, auth, and auth_page. 2013-11-02 11:25:37 +00:00
James Valleroy
4d97c29980 Change firstboot redirects so they don't go to firstboot/firstboot. 2013-11-02 11:03:26 +00:00
James Valleroy
1acc17f403 Fix import of user_store in test. 2013-11-02 02:41:44 +00:00
James Valleroy
8786e6ecc2 Fix import of privilegedactions in tests. 2013-11-02 02:40:49 +00:00
James Valleroy
a5adb1c292 Convert unicode (but otherwise valid) hostname to ASCII. Pass hostname option to hostname-change as a string rather than a list. 2013-11-02 02:20:02 +00:00
Nick Daly
b9b4e0a2ec Update Apache config for new static directory location. 
It's now /plinth/static, not /static.
 2013-10-31 19:53:56 -05:00
Nick Daly
2af1617f51 Set the template's basehref from cfg.server_dir. 
Previously, the cfg.base_href variable was never set (it's not even in
the sample.config file!).  Now, Plinth uses the specified root
directory (from the *--server_dir* argument) in each URL reference.
 2013-10-31 19:36:35 -05:00
Nick Daly
e3f1297711 Unify git.sample.config and git.sample.fhs.config. 
There's no point to having two copies of what's essentially the same
file.  In the long term, this means the distributions will need to
patch out cfg.py directories instead of plinth.sample.fhs.config.  So,
if diff plinth.sample.config plinth.sample.fhs.config reveals
anything relevant, put that in your patch.
 2013-10-30 22:05:29 -05:00
Nick Daly
3a30660c25 Revert 4d529b75857597dedd181045ba1bf97b99c66b3e. 
Turns out, that was a terrible idea.

Putting privilegedactions in actions/ meant that we tried to interpret
it during startup (along with other similarly silly bugs).  The
fastest way to fix this issue is to merely revert it.
 2013-10-30 21:45:43 -05:00
Nick Daly
0296a1a99c Removed unused import. 2013-10-27 17:47:18 -05:00