Commit Graph

32 Commits

Author SHA1 Message Date
ReAnzu 2a69f0193f server/auth: add token authentication
* Users are only authenticated against their password on login,
  and to retrieve a token
* Passwords are wiped from the GUI frontend and cookies
  after login and token retrieval
* Tokens are revoked at the end of the session/logout
* If the user chooses the "remember me" option,
  the token is stored in the cookie
* Tokens correctly delete themselves on logout
* Tokens can expire at user-specified date
* Tokens have their last usage time
* Tokens can have user defined descriptions
* Users can manage login tokens in their account settings
2018-03-25 22:23:29 +02:00
ReAnzu 3f52aceca4 server/users: harden password hashes
- Changed password setup to use libsodium and argon2id (regular SHA256
  hashing for passwords is inadequate as modern GPU's can hash generate
  billions of hashes per second).
- Added code to auto migrate old passwords to the new password_hash if
  the existing password_hash matches either of the legacy password
  generation schemes (SHA1 or SHA256).
- Added migration to support new password_hash format length
- Added column password_revision. This field will default to 0, which
  all passwords will have till they're updated. After that each password
  hash method has a revision.
2018-03-08 23:40:47 +01:00
rr- 4bc58a3c95 server: lint 2017-04-24 23:30:53 +02:00
rr- ad842ee8a5 server: refactor + add type hinting
- Added type hinting (for now, 3.5-compatible)
- Split `db` namespace into `db` module and `model` namespace
- Changed elastic search to be created lazily for each operation
- Changed to class based approach in entity serialization to allow
  stronger typing
- Removed `required` argument from `context.get_*` family of functions;
  now it's implied if `default` argument is omitted
- Changed `unalias_dict` implementation to use less magic inputs
2017-02-05 16:34:45 +01:00
rr- abf1fc2b2d server: make linters happier 2017-02-03 22:42:14 +01:00
rr- 9aea55e3d1 server/general: embrace most of PEP8
Ignored only the rules about continuing / hanging indentation.

Also, added __init__.py to tests so that pylint discovers them. (I don't
buy pytest's BS about installing your package.)
2016-08-14 16:44:03 +02:00
rr- 81dfbaec98 server/tests: add func.users tests 2016-08-14 16:43:35 +02:00
rr- f6f07a35df server/general: authenticated_user->auth_user 2016-08-14 16:43:04 +02:00
rr- c2bbf7b62c server/general: add assertions 2016-08-14 16:43:04 +02:00
rr- 8d04df38fd server/general: add entity versions 2016-08-07 09:55:51 +02:00
rr- 5e47c5c0c6 server/users: use HTTPS for Gravatar 2016-07-30 13:43:15 +02:00
rr- ac23067fdf server/general: use UTC time stamps 2016-07-03 14:46:28 +02:00
rr- 2651cbb374 server/users: allow empty avatars if they existed 2016-06-19 19:43:53 +02:00
rr- 13ca94d4da server/users: fix avatar issues when renaming user 2016-06-17 21:25:28 +02:00
rr- caecaee785 server/users: offer more stats in user entity 2016-06-03 21:46:25 +02:00
rr- 805ca845e3 server/users: reduce user fields footprint 2016-06-03 20:14:01 +02:00
rr- 037fbc61ec server/api: add ability to select fields 2016-05-30 23:08:22 +02:00
rr- d0314813cb server/general: move extra details to resources 2016-05-30 22:54:33 +02:00
rr- 4ec842024c server/users: implement RANK_MAP 2016-05-10 12:15:33 +02:00
rr- 356d5050fd server/tools: add v1.x migration script 2016-05-08 23:26:46 +02:00
rr- 906eddc61f server/users: change avatars to PNG 2016-05-08 18:04:06 +02:00
rr- 2bd02f4921 server/users: fix detecting duplicate user names 2016-05-08 18:04:05 +02:00
rr- 0214341473 server/users: prohibit using special ranks
Anonymous is self explanatory.
Nobody is used solely to mark certain operation as unavailable even to
administrators (<- nobody is higher than administrator).
2016-05-08 18:04:05 +02:00
rr- 198cb0af3e server/users: hardcode available ranks 2016-05-08 16:59:25 +02:00
rr- ce095816d9 server/posts: add post creating 2016-05-02 00:07:33 +02:00
rr- a567974784 server/general: refactor method names 2016-04-30 23:54:05 +02:00
rr- da5b32feeb server/users: fix hiding email from admins etc 2016-04-29 13:16:16 +02:00
rr- 0b20132a2f server/api + docs/api: organize responses 2016-04-28 18:20:50 +02:00
rr- 8fb536c8f0 server/general: move not found errors to func 2016-04-24 14:34:01 +02:00
rr- 6e6c57d44a server/api: move serializers to func layer 2016-04-24 10:31:49 +02:00
rr- a926838b90 server/general: rename 'misc' to 'util' 2016-04-20 11:59:46 +02:00
rr- 57b18c6461 server/general: rename 'util' to 'func' 2016-04-20 11:58:17 +02:00