Age | Commit message (Collapse) | Author | Files | Lines |
|
Stateless clients (cli client and clients using api keys) can't reclaim
IDs (no cookie) so they should be required to log in asap and they will
always get an error if they didn't log in.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This reduces the amount of db queries and cookies we create since each
update triggers an db update and (which is a bug) sets a new cookie.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This saves us 2 to 4 (useless) db queries per page.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
We don't need it and getting the user name from the user drivers is way
more complicated.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Only login when necessary.
This also makes test_login() work properly (before the automatic login
would have intercepted the failure and in case of a good login
test_login() would test the credentials a second time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
No necessary, but better safe than sorry.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
This allows to easily add LDAP and other support.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
username_exists(false) returned true because the condition matches any
existing user.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Most sessions are just people viewing a paste. Those don't need a
session until they want to log in so we don't have to pollute the
database and waste resources.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
We don't really have to hit the db here every time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
If a user keeps the browser open until his session expires and then
tries to upload something we now add it to the database, add the ID to
the new session and when someone logs in with that session the ID is
assigned. Until then even if you guess it correctly, you won't be able
to download it.
If the user still manages to let the 2nd session expire because he can't
find his password, the upload will be lost. Shit happens.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
The current implementation sometimes failed to generate valid hashes
(had something to do with the random salt).
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
09 should take long enough and not waste too much time.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
|