1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-12-12 10:45:11 +02:00
Commit Graph

81 Commits

Author SHA1 Message Date
Aaron L
dcc23a3dc3 Fix security issue with 2fa in recover module 2022-10-10 09:58:11 -07:00
Aaron L
e62387f74f Fix eventing mess in recover/remember 2021-02-14 22:39:57 -08:00
Aaron L
3a5c333b5b Move to go modules 2020-07-03 11:24:07 -07:00
Aaron L
020487826a Add MailNoGoroutine option
This change allows users to write Mailer implementations that either
spawn their own goroutines or honor proper context usage. The current
behavior of the modules with this setting turned to 'false' creates a race
condition between the original http request's context authboss was handed being
cancelled by the http server, and the use of that context by the mailer
implementation which is being run in a goroutine.
2020-02-07 14:24:40 -08:00
frederikhors
6f6f2e6fd7 Imported pkg name as name identifier 2020-01-29 14:52:00 +01:00
Aaron L
4b00b4dd33 Add validation to recover start 2019-03-06 08:25:30 -08:00
Aaron L
a7b9d57691 Move mocks so external packages can use them 2019-01-20 09:45:26 -08:00
Aaron L
8213e87e83 Rewrite docs to 80 cols
- Fix #183
2018-09-15 15:39:26 -07:00
Aaron L
79d1893bdc Add ability to override mail root
- Add config option for MailRoot
- Make confirm and recover use MailRoot if present, otherwise assemble
  URL like normal.
2018-09-12 19:49:48 -07:00
Aaron L
98147bc020 Fix several lint errors 2018-09-03 16:34:10 -07:00
Aaron L
462a784cd2 Merge branch 'v2' 2018-09-03 16:05:02 -07:00
Aaron L
b7cec028b9 Use io.ReadFull to read from crypto/rand
There have been bugs filed in other libraries where rand.Read()
simply returns all 0s, instead use io.ReadFull to ensure that we get
the amount of bytes we want.

- Use io.ReadFull(rand.Reader, ...) instead of rand.Read() for getting
  randomness from crypto/rand.
2018-07-17 10:10:07 -07:00
Aaron L
ae5a471cf2 Don't use magic numbers 2018-05-18 06:49:21 -07:00
Aaron L
852508259c Add split tokens for confirm and recover 2018-05-16 11:51:55 -07:00
Aaron L
bf1eb39403 Port FromName fix from master
Originally contributed by Max Howald <maxhowald@gmail.com>
2018-05-14 11:47:34 -07:00
Aaron L
06630eda7b Make sure recover allows form validation
This allows validation of password complexity or confirm_password form
fields.
2018-05-07 12:34:22 -07:00
Aaron L
d9b0dfd51c Change register and recover to use error maps 2018-04-30 18:25:30 -07:00
Aaron L
634892e29c Fix breakages from last commit 2018-03-07 16:41:58 -08:00
Aaron L
0eff53792f Fully re-implement recover
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
  to register)
2018-03-05 17:47:11 -08:00
Aaron L
ad5230a303 Bring back events
- Rename callbacks -> events
- Regenerate stringers.go with later version of stringer
2018-02-01 16:31:08 -08:00
Aaron L
de1c2ed081 Get tests working after latest refactors
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
  pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
  way we don't ever have to refer to one or the other, we just always
  assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
  or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
2018-02-01 15:42:48 -08:00
Max Howald
e1778e8fee Allow user to configure FromName in ab emails 2017-10-16 15:10:09 -04:00
Aaron L
2b5c85ee16 Import path fixes 2017-07-30 19:42:05 -07:00
Aaron L
5adee6da83 Shuffle around 2017-07-30 19:11:13 -07:00
Kaio Magalhães
760c14b32c allow to customize if the user is going to be signed in after recover 2017-03-31 23:09:03 -03:00
Aaron L
f65d9f6bb6 Fix errors package
- Fix many compilation errors
2017-02-21 15:04:30 -08:00
Aaron L
0c3d6d26ca Remove gopkg.in 2016-12-19 22:47:12 -08:00
Aaron L
f3eba05359 Fix imports 2016-12-19 22:45:52 -08:00
Ryan Lester
96c55ccaaa no DisableGoroutines (just check for -Maker); no ModuleNames; test fix 2016-05-09 13:20:10 -04:00
Ryan Lester
3fc0ed564b no DisableGoroutines (just check for -Maker); no ModuleNames; test fix 2016-05-09 13:20:10 -04:00
Ryan Lester
48f0e8a75a Merge remote-tracking branch 'upstream/master' 2016-05-09 12:14:18 -04:00
Ryan Lester
ec9c25e64f Merge remote-tracking branch 'upstream/master' 2016-05-09 12:14:18 -04:00
Aaron L
e76838cc1e Fix go vet errors 2016-05-08 12:37:02 -07:00
Aaron L
4ee00c6dc6 Fix go vet errors 2016-05-08 12:37:02 -07:00
Ryan Lester
588c21260c final App-Engine-related fixes 2016-05-07 02:12:20 -04:00
Ryan Lester
8ed6deac08 final App-Engine-related fixes 2016-05-07 02:12:20 -04:00
Aaron L
be041cbae6 remember: Context+Request separation ripple
- Re-add the age-old "Values" from the Context. This was originally
  there for exactly the documented purpose. However the Context holding
  the request form values negated it's use. It's back because of this
  new separation.
- Make the auth success path set the authboss.CookieRemember value in
  the context before calling it's callback.
2015-08-02 14:02:14 -07:00
Aaron L
b8a8d772f7 recover: Context+Request separation ripple
- Modify the request mock to create query strings in the event that
  we're not using a POST request.
2015-08-02 12:54:53 -07:00
Kris Runzer
a297274469 I need to learn how to git add... add missing tests. 2015-06-04 13:46:42 -07:00
Kris Runzer
61a344b75a Added missing line. Sublime text save ftw. 2015-04-21 08:14:53 -07:00
Kris Runzer
f928282dec Remove password repopulation on recover complete. 2015-04-21 08:12:41 -07:00
Aaron
c98ef93e06 Fix modules after refactor. 2015-04-01 13:08:08 -07:00
Aaron
f12f10fa43 Stop reliance on global scope.
- This change was necessary because multi-tenancy sites could not use
  authboss properly.
2015-03-31 12:34:03 -07:00
Kris Runzer
5bdcddd9da Rename internal/render to internal/response 2015-03-28 09:08:05 -07:00
Kris Runzer
db1eb3a9a8 Add redir override. All redirects now occur through render.Redirect 2015-03-28 08:53:32 -07:00
Aaron L
99d0af8b72 Destroy a list of go lint errors. 2015-03-16 14:42:45 -07:00
Aaron
87e0ab9835 Delete useless readme files. 2015-03-15 11:24:38 -07:00
Aaron
f93fb38181 Change documentation a little bit, and fix one bug. 2015-03-15 08:06:08 -07:00
Aaron L
06edd2e615 Make OAuth2 implementation less shoddy.
- Add a new storer specifically for OAuth2 to enable clients to choose
  regular database storing OR Oauth2 but not have to have both.
- Stop storing OAuth2 credentials in a combined form inside username.
- Add new events to capture OAuth events just like auth.
- Have pass-through parameters for OAuth init urls, this allows us to
  pass additional behavior options (redirects and remember me) as well
  as other things that should be present on the page that is redirected
  to.
- Context.LoadUser is now OAuth aware.
- Remember's callbacks now include an OAuth check to see if a horribly
  packed state variable contains a flag to say that we want to be
  remembered.
- Change the OAuth2 Callback to use Attributes instead of that custom
  struct to allow people to append whatever attributes they want into
  the user that will be saved.
2015-03-13 16:29:58 -07:00
Aaron
dccabb0754 Rename HostName to RootURL 2015-03-12 19:20:28 -07:00