aboutsummaryrefslogtreecommitdiffstats
path: root/filters/simple-authentication.lua
AgeCommit message (Collapse)AuthorFilesLines
2015-03-05simple-authentication.lua: tie secure cookies to field namesJason A. Donenfeld1-13/+21
2014-01-23simple-authentication: styleJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld1-0/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: have cgit calculate login addressJason A. Donenfeld1-6/+1
This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld1-2/+2
By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld1-79/+121
This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld1-0/+225
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-05-14 02:07:36 +0200