summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Robert Kaiser [Wed, 26 Oct 2016 23:49:06 +0000 (01:49 +0200)]
actually use the on-disk site-specific nonce to 'pepper' passwords before hashing so that stealing the database won't even reveal weak passwords
Robert Kaiser [Wed, 26 Oct 2016 23:18:24 +0000 (01:18 +0200)]
convert AuthUtils to a non-static class and instantiate it as an object, support site-wide nonces in settings
Robert Kaiser [Wed, 26 Oct 2016 22:32:28 +0000 (00:32 +0200)]
move password functions into utils class
Robert Kaiser [Wed, 26 Oct 2016 21:28:16 +0000 (23:28 +0200)]
move helper functions to an abstract class
Robert Kaiser [Wed, 26 Oct 2016 20:17:37 +0000 (22:17 +0200)]
make password reset work and verify timecodes
Robert Kaiser [Mon, 24 Oct 2016 20:58:24 +0000 (22:58 +0200)]
make password change work and add a time-based code to our forms (still needs to be verified)
Robert Kaiser [Mon, 24 Oct 2016 16:29:31 +0000 (18:29 +0200)]
make creating users and verifying emails actually work
Robert Kaiser [Mon, 24 Oct 2016 01:58:00 +0000 (03:58 +0200)]
require JS, set cookies, make parts of login flow work
Robert Kaiser [Sun, 23 Oct 2016 19:04:55 +0000 (21:04 +0200)]
some steps to get an actual authentication going, consolidate includes, put DB configuration into /etc to not expose password
Robert Kaiser [Fri, 30 Sep 2016 14:46:09 +0000 (16:46 +0200)]
add example files to auth server