mirror
/
galene
mirror of https://github.com/jech/galene.git
1
Fork 0
Code
1,150 Commits 18 Branches 31 Tags 12 MiB
Commit Graph

18 Commits

Author SHA1 Message Date
Juliusz Chroboczek 27e502e63c Upgrade to go-jwt v5. 
A token with no "sub" field is now treated just like one with an
empty "sub".  In addition, all times are treated with a slack of 5s.
 2023-12-10 00:47:17 +01:00
Juliusz Chroboczek 5aff224e62 Complete token.stateful.Clone. 2023-07-09 11:52:13 +02:00
Juliusz Chroboczek e73aaa31d7 Remove tokens.Del. 
It was unused.
 2023-07-09 11:51:18 +02:00
Juliusz Chroboczek 0de0199742 Resynchronise with disk when editing tokens. 
We used to assume that the in-memory representation is in sync
when editing a stateful token.  That is usually the case, since
editing requires knowing the token to edit, but resynchronising
here is the right thing to do.
 2023-05-19 15:08:05 +02:00
Juliusz Chroboczek 3c0dbf5e9b Reliably return an error from token.Parse. 
We would sometimes return nil cast to an interface with no error,
which would cause the server to crash with a null dereference.
 2023-05-14 21:14:59 +02:00
Juliusz Chroboczek 8775ce6406 Keep track of issuer and creation date in tokens. 2023-04-08 21:13:35 +02:00
Juliusz Chroboczek adf273f9ea Expire expired tokens. 
We now remove a token a week after it has expired.
 2023-04-04 01:22:05 +02:00
Juliusz Chroboczek a6314a7384 Implement stateful tokens. 
Stateful tokens look just like cryptographic tokens to the client.
Unlike cryptographic tokens, they are stored in a file and are
revokable and editable.
 2023-04-04 00:59:54 +02:00
Juliusz Chroboczek c58064d923 Move token handling into the separate module. 
Tokens are now an interface, and all the token logic is encapsulated
in the token module.
 2023-04-03 22:58:38 +02:00
Juliusz Chroboczek f75b964a6b Distinguish tokens with empty sub from no sub 
We now distinguish between tokens that specify an empty username
(sub="") and tokens that don't specify sub.  The latter are
considered invalid for now.
 2023-01-14 23:19:51 +01:00
Juliusz Chroboczek de3a016f4d Set the username in the server when using tokens. 
This avoids the need to pass the username in the URL without
requiring the client to parse tokens.
 2022-02-20 15:33:11 +01:00
Juliusz Chroboczek c4d46d20aa Add the galene-link utility. 2022-02-20 01:16:26 +01:00
Juliusz Chroboczek 37ef768ac0 Fix token parsing when aud is an array. 2022-02-20 01:05:21 +01:00
Juliusz Chroboczek a86fb08f6c Replace ClientPermissions with a list of strings. 
Now that we support external auth, the permissions list is
open-ended.  Make it a list for simplicity.
 2022-02-19 23:44:57 +01:00
Juliusz Chroboczek 1d583e5367 Don't verify token issuer. 
This makes it possible to use token authentication without
an authentication server.
 2022-02-18 19:21:02 +01:00
Juliusz Chroboczek 7784a2ac96 Add more tests for token auth. 2022-02-18 16:08:44 +01:00
Juliusz Chroboczek 947eb71328 Used named errors in token code. 2022-02-18 15:59:59 +01:00
Juliusz Chroboczek 03811db37d Implement token authentication. 2022-02-18 13:35:17 +01:00