| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | filters: migrate from luacrypto to luaossl•••luaossl has no upstream anymore and doesn't support OpenSSL 1.1,
whereas luaossl is quite active.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2019-01-03 | 1 | -12/+19 |
| * | auth-filters: use crypt() in simple-authentication•••There's no use in giving a silly example to folks who will just copy it,
so instead try to do something slightly better.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2018-07-15 | 1 | -13/+6 |
| * | auth-filters: generate secret securely•••This is much better than having the user generate it themselves.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2018-07-15 | 1 | -8/+42 |
| * | auth-filters: do not use HMAC-SHA1•••Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our
luck; SHA256 is more sensible anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2018-07-14 | 1 | -2/+2 |
| * | simple-authentication.lua: tie secure cookies to field names | Jason A. Donenfeld | 2015-03-05 | 1 | -13/+21 |
| * | simple-authentication: style•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-23 | 1 | -1/+1 |
| * | auth: document tweakables in lua script•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-17 | 1 | -0/+10 |
| * | auth: have cgit calculate login address•••This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -6/+1 |
| * | auth: lua string comparisons are time invariant•••By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -2/+2 |
| * | authentication: use hidden form instead of referer•••This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -79/+121 |
| * | auth: add basic authentication filter framework•••This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -0/+225 |
