nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-02-04 08:13:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
194 Commits 11 Branches 404 Tags 292 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
James Valleroy
5be8a552ab Enable multithread for UserStore DB. 2013-09-12 23:14:07 -04:00
Nick Daly
dc5139bd2d Simplify authentication code. 2013-09-08 16:53:40 -05:00
Nick Daly
ad7f932fe8 Merged: Add time to auth.py 
Author: Tzafrir Cohen <tzafrir@debian.org>
Desription: Missing import from auth.py
http://git.tzafrir.org.il/?p=plinth/plinth.git
 2013-09-08 16:52:57 -05:00
Tom Galloway
2bd413e657 If needed instead of an elif. 2013-04-24 09:29:58 +01:00
Nick Daly
f55c7a48ea Merged with James's upstream. 
Hope I did it right.  If I screwed up, withsqlite is borked.
 2013-04-23 17:49:22 -05:00
Nick Daly
1492fe9728 Unify authentication errors. 
Give the same error if the username doesn't exist or if the password
is wrong.  If we deliver separate errors, we tell the attacker whether
they've picked a valid password or not.

Also, if username doesn't exist, hash the password anyway to avoid
this timing side-channel attack:

1. Invalid Username:

   A. User tries to log in with invalid username.
   B. User name is not found in database.
   C. Password is never hashed.

2. Invalid Password:

   A. User tries to log in with valid username.
   B. User name is found in database.
   C. Password is hashed.

Given that proper password hashing will take a minute, *not* hashing
the password takes so much less time that we've effectively indicated
to the attacker that the username didn't exist, regardless of the
error message.  This way, no such error occurs.
 2013-03-23 19:59:20 -05:00
Tom Galloway
c4cddbfc0e Changes to get user management screens started. Updated UserStore to add all expected functions. Added tests for these functions. 2013-01-21 10:30:52 +00:00
Sean O'Brien
638b287d1b new template based upon bootstrap 2012-03-12 14:39:31 -04:00
James Vasile
79de884549 complete the transition to sqlite 2012-02-19 15:07:14 -05:00
James Vasile
4409f1598d autocommit 2012-02-19 15:07:14 -05:00
James Vasile
e8464fa113 add TODO: at exit, commit db 2012-02-19 15:07:14 -05:00
James Vasile
d082538aee move to sqlite3 + json dict storage for users 2012-02-19 15:07:13 -05:00
James Vasile
35071d7212 ... 2011-02-22 13:32:45 -05:00