1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-24 05:17:10 +02:00

76 Commits

Author SHA1 Message Date
Aaron L
a7b9d57691 Move mocks so external packages can use them 2019-01-20 09:45:26 -08:00
Aaron L
f70bdd5eeb Add EventAuthHijack to work around ordering issue
Lock/Confirm and possibly other authentication preemption mechanisms
hook into 'Before(EventAuth)', but the ordering of these rejection
mechanisms mixed with the 2fa acceptance response could result in a
dual response.
2018-12-16 22:50:26 -08:00
Rodrigo Argüello Flores
af3f34f140
Fix login get endpoint when no FormValueRedirect is given 2018-11-01 14:44:54 +09:00
Aaron L
8213e87e83 Rewrite docs to 80 cols
- Fix #183
2018-09-15 15:39:26 -07:00
Aaron L
98147bc020 Fix several lint errors 2018-09-03 16:34:10 -07:00
Aaron L
8249d714d0 Fix redirects using Middleware 2018-08-31 14:57:22 -07:00
Aaron L
48e83e1a2a WIP 2018-07-17 07:09:38 -07:00
Aaron L
634892e29c Fix breakages from last commit 2018-03-07 16:41:58 -08:00
Aaron L
ce2d3dac09 Make "remember" value passing unobtrusive
- Remove RM context key for Values.
- Add values types and code to be able to pull the remember me bool
  checkbox from the user.
2018-03-07 15:17:22 -08:00
Aaron L
ef172b3b37 Extract logout to it's own module
- This may seems silly but the functionality is shared
  between oauth2 and auth with no changes so it makes it nicer
  not to have an oauth2/logout route like before
2018-03-07 11:41:14 -08:00
Aaron L
1068509540 Make auth tests more solid 2018-02-21 12:10:18 -08:00
Aaron L
d4f8d2f292 Finish auth module 2018-02-20 08:58:59 -08:00
Aaron L
726204d809 Fix some inconsistencies in clientstate
- Add a ClientStateMiddleware that loads the client state into the
  request context and prepares a ClientStateResponseWriter for
  downstream handlers
- Clean up some of the handling around session and cookie state, for
  example don't write if there are no events to be processed
- Redo the Defaultts() method for config to be useful again.
- Prefix LogoutMethod with Auth to be consistent
2018-02-04 23:28:31 -08:00
Aaron L
d4f4f6c443 Rewrite auth module
Discovered many problems with the abstractions along the way
and did small fixes to get to the end of the auth module.

- Use more constants for random strings
- Create forcing functions to deal with the upgrades to different
  interfaces
2018-02-04 21:24:55 -08:00
Aaron L
22e99a9921 Work on the auth module
- Move more *User interfaces into storage.go, no need for them to be in
  each individual module.
2018-02-01 17:23:31 -08:00
Aaron L
ad5230a303 Bring back events
- Rename callbacks -> events
- Regenerate stringers.go with later version of stringer
2018-02-01 16:31:08 -08:00
Aaron L
de1c2ed081 Get tests working after latest refactors
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
  pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
  way we don't ever have to refer to one or the other, we just always
  assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
  or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
2018-02-01 15:42:48 -08:00
Aaron L
2b5c85ee16 Import path fixes 2017-07-30 19:42:05 -07:00
Aaron L
f65d9f6bb6 Fix errors package
- Fix many compilation errors
2017-02-21 15:04:30 -08:00
Aaron L
0c3d6d26ca Remove gopkg.in 2016-12-19 22:47:12 -08:00
Ryan Lester
96c55ccaaa no DisableGoroutines (just check for -Maker); no ModuleNames; test fix 2016-05-09 13:20:10 -04:00
Ryan Lester
588c21260c final App-Engine-related fixes 2016-05-07 02:12:20 -04:00
Aaron L
be041cbae6 remember: Context+Request separation ripple
- Re-add the age-old "Values" from the Context. This was originally
  there for exactly the documented purpose. However the Context holding
  the request form values negated it's use. It's back because of this
  new separation.
- Make the auth success path set the authboss.CookieRemember value in
  the context before calling it's callback.
2015-08-02 14:02:14 -07:00
Aaron L
c074b79798 auth: Context-Request separation ripple 2015-08-02 11:52:23 -07:00
Aaron
4d1236b849 Ensure we call EventAuthFail.
- Remove validation of fields that we never
  store in the database anyways.
2015-08-02 09:52:30 -07:00
Aaron L
7cbe4216a0 Fix internal server error when wrong usr/pwd
- Correct tests to stop actually checking for internal server errors on
  wrong username/password. Sometimes tests aren't everything.
- Fix #64
2015-07-01 18:07:26 -07:00
Aaron L
704697472f Add redirection on pages when logged in.
- Stop logged in users from accessing pages like auth/recover etc.
- Ensure that half-authed users are allowed access to auth-like pages.
- Make sure that if users have a remember token, it's processed before
  we decide if a user is logged in or not, preventing or granting access
  to these pages.
- Fix #58
2015-04-10 22:41:59 -07:00
Kris Runzer
24b9501709 Add 'showRegister' flag to auth module. 2015-04-10 12:04:26 -07:00
Kris Runzer
52c2f83e17 Add missing newline on auth log message. 2015-04-03 11:55:03 -07:00
Kris Runzer
d60dd6ddba Remove cloaking of errors on auth credentail validation. Errors properly log to LogWriter. 2015-04-03 11:50:07 -07:00
Aaron
c98ef93e06 Fix modules after refactor. 2015-04-01 13:08:08 -07:00
Aaron
f12f10fa43 Stop reliance on global scope.
- This change was necessary because multi-tenancy sites could not use
  authboss properly.
2015-03-31 12:34:03 -07:00
Aaron
bd0d3c5f68 Add a default logger.
- Having the default logger set to nil was troublesome because some errors
  are hard to detect without a logger. This falls under "sane default"
  changes and so should be made.
2015-03-30 09:55:37 -07:00
Kris Runzer
5bdcddd9da Rename internal/render to internal/response 2015-03-28 09:08:05 -07:00
Kris Runzer
db1eb3a9a8 Add redir override. All redirects now occur through render.Redirect 2015-03-28 08:53:32 -07:00
Aaron L
3d905f001f Go vet fixes. 2015-03-16 14:51:44 -07:00
Aaron L
99d0af8b72 Destroy a list of go lint errors. 2015-03-16 14:42:45 -07:00
Aaron
87e0ab9835 Delete useless readme files. 2015-03-15 11:24:38 -07:00
Aaron
f93fb38181 Change documentation a little bit, and fix one bug. 2015-03-15 08:06:08 -07:00
Kris Runzer
045b9331c7 Fix expire token shenanigans
- Add session and cookie cleanup on logout
2015-03-02 22:09:32 -08:00
Kris Runzer
a7a67981ce Move create from Storer to RegisterStorer
- Fixed the qq tests
- Removed all module singletons
2015-03-01 20:00:19 -08:00
Kris Runzer
57797a703b Proper naming of all templates. Rebuild bindata. 2015-02-26 12:52:45 -08:00
Aaron
fa3cd5ef4f Fix confirm fields. 2015-02-25 23:20:02 -08:00
Aaron
bf0a8b098c Add mountedpath so forms work on mounted paths.
- Refactor naming for config "redirect" variables.
- Removed flash messages from config, Fix #19
2015-02-25 23:05:14 -08:00
Kris Runzer
1ad9351b8c Recover now builds. Start adding tests. 2015-02-25 10:23:18 -08:00
Kris Runzer
0928720a3f Add new auth testing and tempaltes 2015-02-24 15:02:11 -08:00
Kris Runzer
468113a398 Working auth and recover 2015-02-24 10:12:23 -08:00
Kris Runzer
199d0ec0b3 Rework recover 2015-02-23 16:01:56 -08:00
Aaron
73dcb5beb1 Add a few updates to documentation. 2015-02-22 22:27:45 -08:00
Aaron
001810bf7c Add PrimaryID to the system.
- Fix #17
2015-02-22 13:24:53 -08:00