cgit/filters/simple-authentication.lua, branch v1.2.2

filters: migrate from luacrypto to luaossl

2019-01-03T01:12:16Z

luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld

auth-filters: use crypt() in simple-authentication

2018-07-15T02:18:03Z

There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld

auth-filters: generate secret securely

2018-07-15T01:30:57Z

This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld

auth-filters: do not use HMAC-SHA1

2018-07-14T01:33:56Z

Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld

simple-authentication.lua: tie secure cookies to field names

2015-03-05T14:51:22Z

simple-authentication: style

2014-01-22T23:58:07Z

Signed-off-by: Jason A. Donenfeld

auth: document tweakables in lua script

2014-01-17T14:34:44Z

Signed-off-by: Jason A. Donenfeld

auth: have cgit calculate login address

2014-01-16T22:21:54Z

This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld

auth: lua string comparisons are time invariant

2014-01-16T18:47:35Z

By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld

authentication: use hidden form instead of referer

2014-01-16T11:13:39Z

This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld