| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | simple-authentication.lua: tie secure cookies to field names | Jason A. Donenfeld | 2015-03-05 | 1 | -13/+21 |
| * | simple-authentication: style•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-23 | 1 | -1/+1 |
| * | auth: document tweakables in lua script•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-17 | 1 | -0/+10 |
| * | auth: have cgit calculate login address•••This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -6/+1 |
| * | auth: lua string comparisons are time invariant•••By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -2/+2 |
| * | authentication: use hidden form instead of referer•••This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -79/+121 |
| * | auth: add basic authentication filter framework•••This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2014-01-16 | 1 | -0/+225 |
