nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
320 Commits 11 Branches 403 Tags 290 MiB
Commit Graph

85 Commits

Author SHA1 Message Date
Nick Daly
7f3b1a62c8 Added fixme. 2013-11-12 22:05:03 -06:00
Nick Daly
22cce897bc Made security.mdwn a little more explicit wrt bcrypt. 2013-11-12 21:13:02 -06:00
James Valleroy
2f7b56e6a9 No need to have avoid timing side-channel attack in user_add. We're just going to tell you if the user already exists anyway. 2013-11-11 07:34:27 -06:00
James Valleroy
96edae33ed Remove time.clock line in auth module. It wasn't being used. 2013-11-11 07:34:27 -06:00
James Valleroy
292bedebe6 Use POST instead of GET for forms. It seems like it's working now. 2013-11-11 07:34:27 -06:00
James Valleroy
25974bad85 Modify firstboot and user_add forms to use add_user function. 2013-11-11 07:34:27 -06:00
James Valleroy
3a696e0bb9 Fix check for already existing username in add_user. Add documentation of process for storing and validating hashed passwords. 2013-11-11 07:31:53 -06:00
James Valleroy
f7ad1089a5 Update tests for auth module, and fix some bugs discovered in auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
2abe8559e5 Add add_user function to auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
c4b2fb1a60 Use bcrypt to hash passwords for new users in firstboot and user_add forms. Removed references to md5 hashing which was already non-functional. 2013-11-11 07:31:53 -06:00
James Valleroy
4a9177a257 Use bcrypt for login form. Add tests to check that salts and hashes are random, and check handling of invalid passwords or salts. 2013-11-11 07:28:26 -06:00
Nick Daly
8ba1d318ec Hash the password on the server. 
This saves us the need of distributing additional client libraries,
and requires us to actually enable proper security instead of
badly-built shims.
 2013-11-10 21:54:39 -06:00
Nick Daly
95fbf9527f Merge pull request #50 from jvalleroy/fix-redirects 
Fix redirects
 2013-11-10 19:34:34 -08:00
Nick Daly
13d8514634 Merge pull request #49 from jvalleroy/fix-hostname-change 
Fix parameter for hostname-change
 2013-11-10 13:12:46 -08:00
James Valleroy
7536b7387b Remove references to deleted md5.js file. 2013-11-02 17:34:17 +00:00
James Valleroy
7b3a2fbe2c Remove completed TODO. 2013-11-02 17:34:17 +00:00
James Valleroy
504a195708 Remove commit line from UserStore. This function was not defined in withsqlite, and also unnecessary since autocommit is on. 2013-11-02 17:34:17 +00:00
James Valleroy
60ea9f43cd Prepend server_dir to form actions that use absolute paths. 2013-11-02 11:40:18 +00:00
James Valleroy
77948f0e96 prepend server_dir to remaining redirects 2013-11-02 11:34:23 +00:00
James Valleroy
38d3e84961 first_boot needs to move up a folder to reach router. Prepend server_dir to redirects in router, auth, and auth_page. 2013-11-02 11:25:37 +00:00
James Valleroy
4d97c29980 Change firstboot redirects so they don't go to firstboot/firstboot. 2013-11-02 11:03:26 +00:00
James Valleroy
a5adb1c292 Convert unicode (but otherwise valid) hostname to ASCII. Pass hostname option to hostname-change as a string rather than a list. 2013-11-02 02:20:02 +00:00
Nick Daly
3a30660c25 Revert 4d529b75857597dedd181045ba1bf97b99c66b3e. 
Turns out, that was a terrible idea.

Putting privilegedactions in actions/ meant that we tried to interpret
it during startup (along with other similarly silly bugs).  The
fastest way to fix this issue is to merely revert it.
 2013-10-30 21:45:43 -05:00
Nick Daly
0296a1a99c Removed unused import. 2013-10-27 17:47:18 -05:00
Nick Daly
9e276c3ffb Undo this change, bad idea. 
English letters do not always sort as expected in non-en locales.
 2013-10-27 17:41:19 -05:00
Nick Daly
5e9f221ef5 Simplified hostname name matching test. 
The first character must be a letter, and [A-z] is easier to manage
than 52 individual letters.
 2013-10-27 10:49:53 -05:00
Nick Daly
4d529b7585 Moved privilegedactions to the actions directory. 2013-10-27 10:26:06 -05:00
Nick Daly
692ac6fead Merge pull request #35 from jvalleroy/xmpp-service-module 
XMPP Service Module
 2013-10-06 19:25:47 -07:00
Nick Daly
a9c853e5bd Merged with upstream. 2013-10-06 21:21:43 -05:00
Nick Daly
c61e73245a Made URLs less absolute. 2013-10-06 21:11:08 -05:00
James Valleroy
17f3965db8 Added XMPP settings form with control of in-band registration. 2013-10-03 19:48:57 -04:00
James Valleroy
349517339d Check output of XMPP account registration. 2013-10-03 06:16:37 -04:00
James Valleroy
2fd1d6e7b2 Added action to register xmpp account. 2013-09-29 23:00:54 -04:00
James Valleroy
d0157e09ab Non-functional XMPP account registration form. 2013-09-29 22:28:26 -04:00
James Valleroy
cda21f395f Fix to avoid python error about non-ASCII character. 2013-09-28 18:06:03 -04:00
Nick Daly
d722ca950f Merge pull request #31 from petterreinholdtsen/app-owncloud 
Add support for owncloud in the apps menu
 2013-09-28 10:48:39 -07:00
Nick Daly
f69549c480 Merge pull request #27 from petterreinholdtsen/forms-radio-buttons 
Add support for radio buttons.
 2013-09-28 10:46:32 -07:00
Petter Reinholdtsen
6630a8f3d5 Make sure login do not throw exception for unknown users. 2013-09-26 20:04:27 +02:00
Petter Reinholdtsen
829e40198d Get owncloud enabling limping along. 2013-09-26 11:34:04 +02:00
Petter Reinholdtsen
fe33c348b4 First draft to add owncloud support. 2013-09-23 15:18:53 +02:00
Petter Reinholdtsen
444365ec78 Rewrite plinth to use sudo and action scripts instead of exmachina for privileged accesss. 2013-09-23 09:37:24 +02:00
Petter Reinholdtsen
3c78b92d04 Add support for radio buttons. 2013-09-19 12:35:16 +02:00
Petter Reinholdtsen
f24d1fb94d Merge branch 'master' into first-boot-create-user 
Resolve conflicts in modules/installed/first_boot.py.
 2013-09-16 05:27:57 +02:00
Nick Daly
5002715cb6 Merge pull request #24 from petterreinholdtsen/first-boot-no-dead-end 
Provide a way to get out of the first-boot screen, even if it isn't read...
 2013-09-15 17:48:30 -07:00
Nick Daly
32a86a54b5 Merge pull request #19 from petterreinholdtsen/first-boot-set-hostname 
Change first_boot module to show and update current hostname,
 2013-09-15 17:43:31 -07:00
Nick Daly
4c42c1ad1f Merge pull request #20 from petterreinholdtsen/expert-user-access 
Fix expert user access checks.
 2013-09-15 16:11:18 -07:00
Nick Daly
702bc2292b Merge pull request #21 from petterreinholdtsen/nonexpert-config-feedback 
Give sensible feedback for non-expert users visiting system/configure.
 2013-09-15 16:10:27 -07:00
Nick Daly
04a266729e Merge pull request #22 from p1otr/master 
use stdlib's json module if simplejson is missing
 2013-09-15 16:09:58 -07:00
Petter Reinholdtsen
8cd1d23e1e Improve message shown to the users. 2013-09-13 10:04:50 +02:00
James Valleroy
5be8a552ab Enable multithread for UserStore DB. 2013-09-12 23:14:07 -04:00