1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-30 09:06:45 +02:00
Commit Graph

30 Commits

Author SHA1 Message Date
Evghenii Maslennikov
e0b07d319f CompareHashAndPassword 2023-10-28 20:57:02 +01:00
Evghenii Maslennikov
42f90e2471 password hashing via hasher (defaults: bcrypt) 2023-10-28 20:57:02 +01:00
Aaron L
02deb67e82 Merge branch 'frederikhors/Unused-type' 2020-01-30 09:50:54 -08:00
frederikhors
6aae44ae44 Unused type 2020-01-29 14:47:32 +01:00
frederikhors
d2e9e10908 Unused function 2020-01-29 14:46:29 +01:00
Aaron L
db3a3a10e3 Add context.Context to RememberingServerStorer 2018-06-27 10:58:53 -07:00
Aaron L
852508259c Add split tokens for confirm and recover 2018-05-16 11:51:55 -07:00
Aaron L
c38f79490b Increase testing coverage.
- Missed some actual tests, added them.
- Added a bunch of useless tests to increase coverage. Guilty as
  charged.
2018-05-14 14:27:33 -07:00
Aaron L
563fd622be Add mock logger 2018-04-30 18:21:28 -07:00
Aaron L
ee4b2658d5 Finish TODOs 2018-03-09 13:11:08 -08:00
Aaron L
37ace55579 Clean up context and client state
- Remove extraneous http.ResponseWriter from all read-only queries
  against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
  just store variables for the things we'd like to store, it should be
  less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
  the Request context, the ResponseWriter will store them simply to send
  them into the WriteState() method later on, the Request will store
  them to be able to query data.
2018-03-07 16:21:37 -08:00
Aaron L
c89ca29827 Remove context and errors from get/set
I have a feeling that I wrote all this fanciness in when the
user was still able to fetch himself from the database. But since
that's been dropped I don't think any of this stuff is necessary.

In terms of setting without an error, we should do validation before
an attempt to save, not every time we set a field. This will just end
up being much nicer error handling, and the database is going to do
it's own validation and we can handle that error in the same way.
2018-02-16 11:27:22 -08:00
Aaron L
2137c827d3 Fix tests back up again.
- Remove a test that was obsoleted by optimizations. Not 100% sure this
  is correct, but it seems like if nothing has changed since the
  previous session/cookie read then we shouldn't need to write any new
  headers for them. This is especially true in the typical "I use
  cookies for everything" use case, but may not be true of other use
  cases... Remains to be seen. Since they're optimizations they should
  be able to removed "safely" later.
2018-02-14 15:16:44 -08:00
Aaron L
de1c2ed081 Get tests working after latest refactors
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
  pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
  way we don't ever have to refer to one or the other, we just always
  assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
  or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
2018-02-01 15:42:48 -08:00
Aaron L
cbfc1d8388 Fix authboss core tests
- Delete callbacks tests
- Remove some useless code (SendMail), as well as some extra arguments
  in certain functions that didn't require them.
- Remove tests for more code that has been moved to default
  implementations
2018-02-01 11:51:43 -08:00
Aaron L
59b2874bcd Move validation implementations to defaults
- Add more interfaces for validation
2018-01-29 16:24:42 -08:00
Aaron L
a92fb4d069 Re-enable tests, add more tests 2017-03-05 10:03:22 -08:00
Aaron L
24fc6196c7 Introduce new type of client storage
- This addresses the problem of having to update multiple times during
  one request. It's hard to have a nice interface especially with JWT
  because you always end up having to decode the request, encode new
  response, write header, then a second write to it comes, and where do
  you grab the value from? Often you don't have access to the response
  as a "read" structure. So we store it as events instead, and play
  those events against the original data right before the response is
  written to set the headers.
2017-02-24 16:45:47 -08:00
Aaron L
fa6ba517db More gigantic edits.
- Change response to be more central to Authboss. Make sure it has
  useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
  be able to set context keys on the current request to avoid setting
  contexts everywhere in the code base.
2017-02-23 16:13:25 -08:00
Aaron L
f65d9f6bb6 Fix errors package
- Fix many compilation errors
2017-02-21 15:04:30 -08:00
Aaron L
b9e2a62802 More changes 2017-02-20 16:08:19 -08:00
Aaron L
02e91bc0ad More changes 2017-02-20 15:56:26 -08:00
Aaron L
15bbe59c7a Remove validation from context.
- This is unnecessary now that request and context are more split up.
2015-08-02 13:00:16 -07:00
Aaron L
8a87d0de63 Separate the request from context. 2015-08-02 11:51:35 -07:00
Aaron
f12f10fa43 Stop reliance on global scope.
- This change was necessary because multi-tenancy sites could not use
  authboss properly.
2015-03-31 12:34:03 -07:00
Aaron
0754b965b1 Update config documentation.
- Fix #47: Remove ModuleAttrMeta from Storers. Rename to ModuleAttributes.
- Add some additional deafult values to config.
2015-03-15 08:31:48 -07:00
Aaron L
06edd2e615 Make OAuth2 implementation less shoddy.
- Add a new storer specifically for OAuth2 to enable clients to choose
  regular database storing OR Oauth2 but not have to have both.
- Stop storing OAuth2 credentials in a combined form inside username.
- Add new events to capture OAuth events just like auth.
- Have pass-through parameters for OAuth init urls, this allows us to
  pass additional behavior options (redirects and remember me) as well
  as other things that should be present on the page that is redirected
  to.
- Context.LoadUser is now OAuth aware.
- Remember's callbacks now include an OAuth check to see if a horribly
  packed state variable contains a flag to say that we want to be
  remembered.
- Change the OAuth2 Callback to use Attributes instead of that custom
  struct to allow people to append whatever attributes they want into
  the user that will be saved.
2015-03-13 16:29:58 -07:00
Aaron
5f96e8dec8 Make an GetErr version of the ClientStorer. 2015-02-20 22:02:55 -08:00
Aaron
65f7fad5fc Second shot at proper validation. 2015-01-24 16:07:41 -08:00
Aaron
89875f7b68 Clean up mocks.
- Add CurrentUser method.
2015-01-17 02:42:42 -08:00