Commit Graph

12 Commits

Author SHA1 Message Date
Andre Medeiros 53bc4d945a
Change back how auth works for websockets.
As it turns out, a websocket request doesn't contain some of the
hashable properties in order to be validated. Because of that, we'll
still use tokens here until we find a better way to do it.
2018-10-23 11:08:22 +02:00
Andre Medeiros 428f591330
Don't send token in request body.
Instead, we want to hash a header to sign a request with a client nonce,
http method and URL. This is a first step towards protecting the backend
against eavesdropping.

Please note that this will still be susceptible to replay attacks.
2018-10-23 11:01:11 +02:00
Iuri Matias 1c59701045
fix wording 2018-10-23 10:59:17 +02:00
Iuri Matias 085a282c96
add copytoken command 2018-10-23 10:59:17 +02:00
Anthony Laibe 2fb5d907ec
Add ability to logout 2018-10-23 10:42:00 +02:00
Jonathan Rainville ae3185d96f
rename event 2018-10-23 10:42:00 +02:00
Jonathan Rainville 749853be32
use port and host from config 2018-10-23 10:42:00 +02:00
Jonathan Rainville 3495f9fbb8
authorize each request through header 2018-10-23 10:41:59 +02:00
Jonathan Rainville 6125329cae
show authorize form when auth error 2018-10-23 10:41:23 +02:00
Jonathan Rainville e68feb81af
add console command to get token 2018-10-23 10:41:23 +02:00
Jonathan Rainville faf09b7d39
use local cache to store the token 2018-10-23 10:41:23 +02:00
Jonathan Rainville 422a98e172
add basic authentication 2018-10-23 10:41:22 +02:00