nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
358 Commits 11 Branches 402 Tags 289 MiB
Commit Graph

358 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Daly
4d5d93678b Require python-bcrypt as a build-from-source dependency. 2013-12-08 11:39:37 -06:00
Nick Daly
51e3af611b Moved Apache configuration to Plinth setup script. 
James added the Apache Headers module to the makefile, but not the
FreedomBox-Setup configuration script.  However, it's ridiculous to
have multiple locations for that same logic, so now the makefile uses
the setup script for the Apache configuration instead.

Also, the modules are now fancy and alphabetized.
 2013-12-08 11:37:15 -06:00
James Valleroy
96f4430513 Remove includeSubDomains option from HSTS header. 2013-11-28 02:27:08 +00:00
James Valleroy
96310b4366 Use HSTS in apache conf. Fixes #47. 2013-11-28 00:52:18 +00:00
Nick Daly
0ec794aaa7 Merge pull request #56 from jvalleroy/remove_old_user_db 
Remove old user stuff
 2013-11-24 20:43:35 -08:00
Nick Daly
16c994b787 Cleaned up missed references to privilegedactions. 2013-11-24 22:07:13 -06:00
Nick Daly
e23650232b Merged async actions. 2013-11-24 18:46:16 -06:00
Nick Daly
0349113e97 Commands can be executed asynchronously and as non-root. 
If commands are executed synchronously, they'll return output and
error strings.  If commands are executed asynchronously, nothing is
returned.  We assume you can communicate with asynchronous processes
out-of-band.

Not every command needs to be executed as root, so there's a new
entry-point, *actions.run*, which executes actions as the current
user.
 2013-11-24 18:42:15 -06:00
Nick Daly
6567dc1758 Renamed privilegedactions to actions. 2013-11-24 18:29:27 -06:00
James Valleroy
2eb4f8bf1a Fix add/edit links in users module. 2013-11-20 21:37:03 -05:00
James Valleroy
030675b900 Remove old cfg.users_dir. Remove old UserStore class. 2013-11-20 21:29:28 -05:00
James Valleroy
31ffed9323 Remove users database and folder. The user db will be generated in firstboot. 2013-11-20 20:45:17 -05:00
Nick Daly
83b4425a5a Merge pull request #54 from jvalleroy/bugfixes 
Bugfixes
 2013-11-18 20:18:38 -08:00
Nick Daly
8343946de9 Merged jvalleroy's bcrypt. 2013-11-17 16:45:35 -06:00
Nick Daly
a0a9e96a29 Remove the /plinth/static location. 
Otherwise, Apache 500s on the static files.
 2013-11-17 16:22:21 -06:00
Nick Daly
33c2cec0ae Merged with upstream. 2013-11-17 16:06:41 -06:00
Nick Daly
0539dfb28a Privileged Actions can take option lists again. 2013-11-17 16:01:12 -06:00
Nick Daly
0426284ecf Merge pull request #55 from petterreinholdtsen/correct-issue-tracker 
Correct URL to current upstream github project.
 2013-11-17 09:41:03 -08:00
Petter Reinholdtsen
9274ccd814 Correct URL to current upstream github project. 2013-11-17 13:14:43 +01:00
James Valleroy
880e9bd76a Set default paths in auth_page module to begin with server_dir. 2013-11-16 13:21:27 -05:00
James Valleroy
42ab442930 Cosmetic changes to owncloud page. 2013-11-16 07:14:00 -05:00
James Valleroy
ea0f5b8102 Earlier I removed some flexibility from XMPP/Owncloud config forms to get things working. Restoring code that will make it easier to add new parameters in the future. 2013-11-16 07:05:27 -05:00
James Valleroy
6c15728426 Change Owncloud config form to use FormPlugin methods. 2013-11-16 00:10:06 -05:00
James Valleroy
ee8ee9f41f Merge branch 'improve-apps-page' into bugfixes 2013-11-15 23:37:36 -05:00
James Valleroy
579ae89477 Change XMPP server config form to use FormPlugin methods. This works with POST form method. 2013-11-15 23:36:45 -05:00
James Valleroy
4111fca8eb Move owncloud into its own module. 2013-11-14 22:21:17 -05:00
James Valleroy
63508b6bba Fix some bugs in xmpp module. 2013-11-14 19:15:45 -05:00
James Valleroy
a7decf383e Check user db permissions when we redirect to firstboot, instead of trying to check if the file exists. 2013-11-14 18:28:47 -05:00
James Valleroy
3f36781fdf If creating a new user db, make sure it's permission is 640. 2013-11-13 23:45:40 -05:00
James Valleroy
d48ecb6722 Use server_dir as replacement for base_href. 2013-11-13 20:47:33 -05:00
James Valleroy
1127ff4f99 Prepend server_dir to menu items. 2013-11-13 20:38:39 -05:00
James Valleroy
b5591cb008 Fix typo in base template. 2013-11-13 20:05:44 -05:00
Nick Daly
7f3b1a62c8 Added fixme. 2013-11-12 22:05:03 -06:00
Nick Daly
22cce897bc Made security.mdwn a little more explicit wrt bcrypt. 2013-11-12 21:13:02 -06:00
James Valleroy
2f7b56e6a9 No need to have avoid timing side-channel attack in user_add. We're just going to tell you if the user already exists anyway. 2013-11-11 07:34:27 -06:00
James Valleroy
96edae33ed Remove time.clock line in auth module. It wasn't being used. 2013-11-11 07:34:27 -06:00
James Valleroy
292bedebe6 Use POST instead of GET for forms. It seems like it's working now. 2013-11-11 07:34:27 -06:00
James Valleroy
25974bad85 Modify firstboot and user_add forms to use add_user function. 2013-11-11 07:34:27 -06:00
James Valleroy
3a696e0bb9 Fix check for already existing username in add_user. Add documentation of process for storing and validating hashed passwords. 2013-11-11 07:31:53 -06:00
James Valleroy
f7ad1089a5 Update tests for auth module, and fix some bugs discovered in auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
2abe8559e5 Add add_user function to auth module. 2013-11-11 07:31:53 -06:00
James Valleroy
c4b2fb1a60 Use bcrypt to hash passwords for new users in firstboot and user_add forms. Removed references to md5 hashing which was already non-functional. 2013-11-11 07:31:53 -06:00
James Valleroy
41e46d53b5 update model 2013-11-11 07:28:27 -06:00
James Valleroy
4a9177a257 Use bcrypt for login form. Add tests to check that salts and hashes are random, and check handling of invalid passwords or salts. 2013-11-11 07:28:26 -06:00
Nick Daly
8ba1d318ec Hash the password on the server. 
This saves us the need of distributing additional client libraries,
and requires us to actually enable proper security instead of
badly-built shims.
 2013-11-10 21:54:39 -06:00
Nick Daly
d8ead196eb Added Debug flag (currently unused). 2013-11-10 21:50:09 -06:00
Nick Daly
d08f139c22 Made errors more Python version-independent. 2013-11-10 21:49:55 -06:00
Nick Daly
95fbf9527f Merge pull request #50 from jvalleroy/fix-redirects 
Fix redirects
 2013-11-10 19:34:34 -08:00
Nick Daly
2958df9f39 Revert 8fd6c607298517e6318ab027da940e3fe5c7830f. 2013-11-10 16:39:43 -06:00
Nick Daly
a9c6b17624 Merge Hostname fix. 2013-11-10 16:34:31 -06:00