Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								3e0c8cf285 
								
							 
						 
						
							
							
								
								Update copyright years  
							
							
							
						 
						
							2017-05-27 17:28:07 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								22d364729b 
								
							 
						 
						
							
							
								
								Use "&" instead of "+" to test booleans  
							
							
							
						 
						
							2017-05-23 17:11:28 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								5066e97c66 
								
							 
						 
						
							
							
								
								Always compare both login and password to avoid timing attacks  
							
							... 
							
							
							
							Related to #591 . 
							
						 
						
							2017-05-23 16:55:43 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Unrud 
								
							 
						 
						
							
							
							
							
								
							
							
								f2fb07fa84 
								
							 
						 
						
							
							
								
								Move authentication delay into __init__.py and add config  
							
							... 
							
							
							
							Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay. 
							
						 
						
							2017-05-23 04:07:32 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Unrud 
								
							 
						 
						
							
							
							
							
								
							
							
								c4537b1f5c 
								
							 
						 
						
							
							
								
								Compare passwords and hashes in constant time ( Fixes   #591 )  
							
							
							
						 
						
							2017-05-23 04:07:32 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Unrud 
								
							 
						 
						
							
							
							
							
								
							
							
								fc309562da 
								
							 
						 
						
							
							
								
								Repair SSHA method  
							
							
							
						 
						
							2017-05-23 04:07:31 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								059ba8dec1 
								
							 
						 
						
							
							
								
								Random timer to avoid timing oracles and simple bruteforce attacks  
							
							... 
							
							
							
							Important note: this is a security fix. 
							
						 
						
							2017-04-19 13:48:30 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Unrud 
								
							 
						 
						
							
							
							
							
								
							
							
								689e5c9dd5 
								
							 
						 
						
							
							
								
								Map logins to internal users in Auth module  
							
							... 
							
							
							
							This makes it possible to implement #349  as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system. 
							
						 
						
							2016-08-30 23:13:33 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Unrud 
								
							 
						 
						
							
							
							
							
								
							
							
								e2b87d145f 
								
							 
						 
						
							
							
								
								Cosmetics: Don't use % for logging  
							
							
							
						 
						
							2016-08-10 23:43:32 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								3e52f34309 
								
							 
						 
						
							
							
								
								Remove pylint  
							
							
							
						 
						
							2016-08-02 14:39:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								6bfdcbafec 
								
							 
						 
						
							
							
								
								Cosmetics  
							
							
							
						 
						
							2016-08-01 12:50:51 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Florian Mounier 
								
							 
						 
						
							
							
							
							
								
							
							
								221379ef85 
								
							 
						 
						
							
							
								
								Sort imports  
							
							
							
						 
						
							2016-07-04 14:32:33 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								a8fda1aedf 
								
							 
						 
						
							
							
								
								Cut long lines  
							
							
							
						 
						
							2016-05-18 22:41:05 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Markus Unterwaditzer 
								
							 
						 
						
							
							
							
							
								
							
							
								2dee66133d 
								
							 
						 
						
							
							
								
								Flake8 fixes  
							
							
							
						 
						
							2016-05-04 19:25:58 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								2f97d7d1e1 
								
							 
						 
						
							
							
								
								Remove global state about configuration and logs  
							
							... 
							
							
							
							Many things have been changed to make this possible, probably leading to
many hidden bugs waiting to be found.
Related to #122 . 
							
						 
						
							2016-04-22 11:37:02 +09:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Guillaume Ayoub 
								
							 
						 
						
							
							
							
							
								
							
							
								1001bcb676 
								
							 
						 
						
							
							
								
								Remove extra auth, rights and storage modules  
							
							
							
						 
						
							2016-04-07 19:02:52 +02:00