Wed, 09 Nov 2016 15:49:49 +0100 |
Søren Løvborg |
auth: remove KallitheaCrypto pseudo-class
|
Mon, 24 Oct 2016 15:18:51 +0200 |
Mads Kiilerich |
auth: when logging HasPermissionAny, make it clear that the scope is global, not unknown
|
Wed, 14 Sep 2016 16:24:05 +0200 |
Søren Løvborg |
db: PullRequest/Repository/RepoGroup/UserGroup: change 'user' to 'owner'
|
Sat, 17 Sep 2016 22:09:04 +0200 |
Thomas De Schampheleire |
Turbogears2 migration: replace pylons.url by kallithea.config.routing.url
|
Tue, 13 Sep 2016 18:01:19 +0200 |
Thomas De Schampheleire |
Turbogears2 migration: remove some references to Pylons in comments
|
Mon, 12 Sep 2016 17:41:20 +0200 |
Mads Kiilerich |
api: drop the old Api auth methods and use the normal methods for access control
|
Mon, 12 Sep 2016 17:41:19 +0200 |
Mads Kiilerich |
api: stop explicitly passing apiuser to auth methods - use the global user instead
|
Mon, 12 Sep 2016 17:41:19 +0200 |
Mads Kiilerich |
api: set authuser in the thread global request instace - and temporarily verify that it matches what is passed explicitly to auth methods
|
Thu, 04 Aug 2016 14:23:36 +0200 |
Mads Kiilerich |
auth: disallow PUT and _method method override
|
Thu, 07 Apr 2016 17:53:51 +0200 |
Søren Løvborg |
auth: clean up PermsFunction
|
Thu, 28 Jul 2016 13:57:16 +0200 |
Søren Løvborg |
auth: remove HasPermissionAll and variants
|
Sun, 03 Jul 2016 12:21:00 +0200 |
Andrew Shadura |
setup: use modern bcrypt implementation instead of unsupported old one
|
Tue, 19 Apr 2016 17:58:21 +0200 |
Søren Løvborg |
auth: prevent misuse of PermFunction in bool context
|
Tue, 03 May 2016 12:09:01 +0000 |
timeless |
spelling: overridden
|
Mon, 02 May 2016 23:40:56 +0200 |
Mads Kiilerich |
Merge stable
|
Tue, 19 Apr 2016 18:02:56 +0200 |
Søren Løvborg |
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)
stable
|
Fri, 27 Nov 2015 01:47:14 +0100 |
Mads Kiilerich |
cleanup: consistent space before line continuation backslash
|
Fri, 27 Nov 2015 01:47:06 +0100 |
Mads Kiilerich |
auth: let login helper function return exception to raise instead of raising it self
|
Tue, 08 Sep 2015 11:00:02 +0200 |
Søren Løvborg |
auth: note that we never emit authuser "cookies" for the default user
|
Tue, 08 Sep 2015 11:09:00 +0200 |
Søren Løvborg |
auth: avoid setting AuthUser.is_authenticated for unauthenticated users
|
Wed, 09 Sep 2015 12:21:25 +0200 |
Søren Løvborg |
auth: inline AuthUser.set_authenticated
|
Tue, 06 Oct 2015 19:22:22 +0200 |
Søren Løvborg |
auth: introduce AuthUser.is_default_user attribute
|
Wed, 09 Sep 2015 12:41:20 +0200 |
Søren Løvborg |
cleanup: replace redirect with WebOb exceptions
|
Mon, 07 Sep 2015 15:07:35 +0200 |
Søren Løvborg |
cleanup: replace abort with WebOb exceptions
|
Sat, 26 Sep 2015 02:34:37 +0200 |
Mads Kiilerich |
auth: validate that the token protecting from CSRF attacks never is leaked
stable
|
Fri, 18 Sep 2015 13:57:49 +0200 |
Søren Løvborg |
login: include query parameters in came_from
stable
|
Mon, 31 Aug 2015 17:42:57 +0200 |
Søren Løvborg |
remove vestiges of Python 2.5 support
|
Thu, 03 Sep 2015 23:49:27 +0200 |
Søren Løvborg |
security: HTTP method sanity checks
|
Thu, 03 Sep 2015 17:08:19 +0200 |
Søren Løvborg |
auth: remove redundant is_authenticated check
|
Fri, 04 Sep 2015 00:01:20 +0200 |
Søren Løvborg |
security: apply CSRF check to all non-GET requests
|
Thu, 03 Sep 2015 17:41:05 +0200 |
Mads Kiilerich |
setup: drop pycrypto dependency - it has been unused since 31e119cb02ef
|
Sun, 09 Aug 2015 02:29:46 +0200 |
Mads Kiilerich |
cleanup: pass log strings unformatted - avoid unnecessary % formatting when not logging
|
Sun, 26 Jul 2015 14:10:44 +0200 |
Søren Løvborg |
auth: turn dead AuthUser code into assertion
|
Sun, 26 Jul 2015 14:10:42 +0200 |
Søren Løvborg |
auth: move UserModel.fill_data to AuthUser
|
Sun, 26 Jul 2015 14:10:16 +0200 |
Søren Løvborg |
auth: construct AuthUser from either user_id or db.User object
|
Sun, 26 Jul 2015 14:07:33 +0200 |
Søren Løvborg |
auth: fold AuthUser._propagate_data into constructor
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: refactor user lookup in AuthUser constructor for clarity
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: remove username from AuthUser session cookie
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: remove username lookup support from AuthUser constructor
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: remove redundant AuthUser constructor arguments
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: have fill_data take User object, not lookup key
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: remove redundant hashlib imports
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: make internal AuthUser methods private
|
Sun, 26 Jul 2015 13:58:50 +0200 |
Søren Løvborg |
auth: miscellaneous improvements and typo fixes
|
Mon, 20 Jul 2015 15:11:41 +0200 |
Mads Kiilerich |
lib: cleanup around use of the random and hash libraries
|
Mon, 20 Jul 2015 15:08:08 +0200 |
Mads Kiilerich |
auth: various minor cleanup
|
Tue, 14 Jul 2015 14:00:17 +0200 |
Søren Løvborg |
BaseController: hide "Log out" link for external login sessions
|
Tue, 14 Jul 2015 14:00:15 +0200 |
Søren Løvborg |
AuthUser: refactor AuthUser cookie/session serialization
|
Tue, 14 Jul 2015 13:59:59 +0200 |
Søren Løvborg |
AuthUser: update docstring
|
Tue, 14 Jul 2015 13:59:59 +0200 |
Søren Løvborg |
AuthUser: simplify check_ip_allowed and drop is_ip_allowed
|
Tue, 14 Jul 2015 13:59:59 +0200 |
Søren Løvborg |
AuthUser: make get_perms method private
|
Mon, 13 Jul 2015 19:37:39 +0200 |
Mads Kiilerich |
Merge stable
|
Tue, 07 Jul 2015 02:19:55 +0200 |
Mads Kiilerich |
auth: ignore permissions from in-active user groups (Issue #138)
stable
|
Tue, 07 Jul 2015 02:09:35 +0200 |
Mads Kiilerich |
auth: make random password generator more random
stable
|
Fri, 15 May 2015 18:07:27 +0200 |
Andrew Shadura |
auth: reduce code duplication by removing generate_api_key implemented in utils2
stable
|
Fri, 26 Jun 2015 20:36:05 +0200 |
Søren Løvborg |
AuthUser: Drop ip_addr field
|
Tue, 19 May 2015 21:50:35 +0200 |
Thomas De Schampheleire |
login: preserve GET arguments throughout login redirection (issue #104)
|
Fri, 15 May 2015 18:07:27 +0200 |
Andrew Shadura |
auth: reduce code duplication by removing generate_api_key implemented in utils2
|
Wed, 25 Mar 2015 10:11:54 +0100 |
Thomas De Schampheleire |
auth: simplify logging of regular authentication in LoginRequired
|
Fri, 15 May 2015 23:40:44 +0200 |
Mads Kiilerich |
auth: avoid flash message with 'None' on login redirect
|