Commit Graph

19260 Commits (7a96363c6df53474d24cd9bf885c5a13941cf72b)

Author SHA1 Message Date
Amitai Schlair da0baca91b Idea: embedded podcast A/V player. 2015-05-17 18:44:30 -04:00
Joey Hess ab1bba9dab cloak user PII when making commits etc, and let cloaked PII be used in banned_users
This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.

(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)

Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2015-05-14 11:58:21 -04:00
Joey Hess 2a64eea0f5 comments 2015-05-14 11:02:57 -04:00
Joey Hess 85a529db3d passwordauth: Don't allow registering accounts that look like openids.
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
2015-05-14 10:57:56 -04:00
Joey Hess 804144402b Merge branch 'master' of ssh://git.ikiwiki.info 2015-05-14 10:46:59 -04:00
Joey Hess dd762222fa crufty po updates 2015-05-14 10:44:09 -04:00
Joey Hess f1f3d4c6e7 update re passwordauth @ 2015-05-14 10:41:07 -04:00
Joey Hess 4fc4e78cd8 sanitize nickname derived from email address 2015-05-14 10:40:52 -04:00
https://id.koumbit.net/anarcat 7ef44d84d6 acls and expectations 2015-05-14 08:22:29 -04:00
kjs dd1dceef47 Critical of automatic merging of stylesheets 2015-05-14 08:14:37 -04:00
kjs 71ddaa5adb 2015-05-14 07:06:43 -04:00
smcv 20d8557c7b please do cloak email addresses, the principle of least astonishment applies 2015-05-14 06:05:58 -04:00
smcv 42b3b1f63a proposal for making emailauth not force username == email address 2015-05-14 05:49:45 -04:00
Joey Hess b831d4a6f1 note about email visibility in git commits 2015-05-13 23:44:23 -04:00
Joey Hess b89f4b7ec5 fix page extension 2015-05-13 23:43:16 -04:00
Joey Hess 369bfd45cc close 2015-05-13 23:42:34 -04:00
Joey Hess cfb2c22906 Merge branch 'emailauth' 2015-05-13 23:38:56 -04:00
Joey Hess bf8b7fe2d1 changelog 2015-05-13 23:38:46 -04:00
Joey Hess 70cf5bb765 don't let emailauth user's email address be changed on preferences page
There's no real problem if they do change it, except they may get confused
and expect to be able to log in with the changed email and get the same
user account.
2015-05-13 23:32:29 -04:00
Joey Hess 7a68c4a01c when an emailauth user posts a comment, use the username only, not the full email address
This makes the email not be displayed on the wiki, so spammers won't find
it there.

Note that the full email address is still put into the comment template.
The email is also used as the username of the git commit message
(when posting comments or page edits). May want to revisit this later.
2015-05-13 23:26:22 -04:00
Joey Hess 497513e737 avoid showing password prefs for emailauth user 2015-05-13 23:24:07 -04:00
Joey Hess 22339188e7 allow adminuser to be an email address 2015-05-13 23:07:29 -04:00
Joey Hess 239cd95db7 tweak wording 2015-05-13 23:07:07 -04:00
Joey Hess a7bd24b7b9 fix up session cookie 2015-05-13 23:06:52 -04:00
Joey Hess 95e1e51caa emailauth link sent and verified; user login works
Still some work to do since the user name is an email address and should
not be leaked.
2015-05-13 22:27:03 -04:00
Joey Hess f1d77f8193 add emailauth.tmpl 2015-05-13 21:15:08 -04:00
Joey Hess 035c1a2449 move stub auth hook to loginselector 2015-05-13 18:54:13 -04:00
Joey Hess e34533d1a0 email auth plugin now works through email address entry 2015-05-13 18:50:40 -04:00
Joey Hess 5b459737a5 Converted openid-selector into a more generic loginselector helper plugin. 2015-05-13 18:50:29 -04:00
Joey Hess f8add0adb3 rename openid selector files to login-selector 2015-05-13 17:58:59 -04:00
Joey Hess 7765941011 further generalization of openid selector
Now template variables can be set to control which login methods are shown
2015-05-13 17:51:29 -04:00
Joey Hess ab4d9a5467 generalized the openid selector to a login selector
This includes some CSS changes to names of elements.

Also, added Email login button (doesn't work yet of course),
and brought back the small openid login buttons. Demoted yahoo and verison
to small buttons. This makes the big buttons be the main login types, and
the small buttons be provider-specific helpers.
2015-05-13 16:50:44 -04:00
Joey Hess ee2905ae0a comments 2015-05-13 16:49:12 -04:00
https://id.koumbit.net/anarcat 5d49b5c115 link to indieauth and mention existing problems with this approach 2015-05-13 15:49:18 -04:00
Joey Hess 370261e715 thoughts 2015-05-13 14:31:08 -04:00
Joey Hess b9a2c3bfde tyo 2015-05-13 14:23:10 -04:00
Joey Hess 3575f939d8 update 2015-05-13 14:22:08 -04:00
Joey Hess ccd285b986 update 2015-05-13 14:19:38 -04:00
Joey Hess c455d51556 proposal 2015-05-13 14:16:16 -04:00
Joey Hess 6f627420b5 close 2015-05-13 13:41:16 -04:00
Joey Hess b8851008f1 remove the small buttons for livejournal/flickr/wordpress/aol
None of these are commonly used openid providers, and the openid button
can be used to log in with any such openid provider.
2015-05-13 12:40:36 -04:00
Joey Hess 1b79ccc71b promote the other/password item to a large button 2015-05-13 12:36:38 -04:00
Joey Hess ec72b4c95b When openid and passwordauth are the only enabled auth plugins, make the openid selector display "Password" instead of "Other", so users are more likely to click on it when they don't have an openid. 2015-05-13 12:18:22 -04:00
kjs 0434f86dd5 branch link fix 2015-05-11 07:55:41 -04:00
kjs 8118abb558 local.css also blocking 2015-05-11 07:51:54 -04:00
http://hendry.iki.fi/ 4c957c366f can't work this out 2015-05-11 01:18:34 -04:00
dmarti fe5dc38344 Add "Aloodo Blog" 2015-05-10 14:35:28 -04:00
http://hendry.iki.fi/ e6418a68df Added a comment: You are right 2015-05-09 22:22:28 -04:00
smcv d869e78023 Added a comment 2015-05-09 03:06:01 -04:00
santiago 6af966995f Fix Archlinux link 2015-05-08 03:15:31 -04:00