Commit Graph

15 Commits

Author SHA1 Message Date
Iuri Matias 99d618c2e3 lint fixes 2018-10-29 14:15:48 +01:00
Pascal Precht b654fdecd8
fix(modules/authenticator): ensure request hash doesn't include query params
The authenticators request hash algorithm produced different hashes than
on the client, because client-side hash-request don't include the query
parameters of a URL.

This causes authentication issues when sending any requests with query
parameters. This commit ensures we ignore them on the server as well.
2018-10-23 11:12:49 +02:00
Andre Medeiros e229688508
Don't send empty body on authentication 2018-10-23 11:08:23 +02:00
Andre Medeiros 53bc4d945a
Change back how auth works for websockets.
As it turns out, a websocket request doesn't contain some of the
hashable properties in order to be validated. Because of that, we'll
still use tokens here until we find a better way to do it.
2018-10-23 11:08:22 +02:00
Andre Medeiros 428f591330
Don't send token in request body.
Instead, we want to hash a header to sign a request with a client nonce,
http method and URL. This is a first step towards protecting the backend
against eavesdropping.

Please note that this will still be susceptible to replay attacks.
2018-10-23 11:01:11 +02:00
Iuri Matias 1c59701045
fix wording 2018-10-23 10:59:17 +02:00
Iuri Matias 085a282c96
add copytoken command 2018-10-23 10:59:17 +02:00
Anthony Laibe 2fb5d907ec
Add ability to logout 2018-10-23 10:42:00 +02:00
Jonathan Rainville ae3185d96f
rename event 2018-10-23 10:42:00 +02:00
Jonathan Rainville 749853be32
use port and host from config 2018-10-23 10:42:00 +02:00
Jonathan Rainville 3495f9fbb8
authorize each request through header 2018-10-23 10:41:59 +02:00
Jonathan Rainville 6125329cae
show authorize form when auth error 2018-10-23 10:41:23 +02:00
Jonathan Rainville e68feb81af
add console command to get token 2018-10-23 10:41:23 +02:00
Jonathan Rainville faf09b7d39
use local cache to store the token 2018-10-23 10:41:23 +02:00
Jonathan Rainville 422a98e172
add basic authentication 2018-10-23 10:41:22 +02:00