Commit Graph

11 Commits (b2ff303947a336d13939a128fee7ee5bea071428)

Author SHA1 Message Date
Joey Hess a79ab9ed18
add and use cgiurl_abs_samescheme
* emailauth: Fix cookie problem when user is on https and the cgiurl
   uses http, by making the emailed login link use https.
 * passwordauth: Use https for emailed password reset link when user
   is on https.

Not entirely happy with this approach, but I don't currently see a
better one.

I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.

This commit was sponsored by Michael Magin.
2018-01-05 11:59:35 -04:00
Joey Hess e3dfb26b90
emailauth, passwordauth: Avoid leaving cgisess_* files in the system temp directory.
Due to the use/abuse of CGI::Session to generate a token for the login
process, a new session database was created for each login, and left behind
afterwards. While each file is small, with many logings this could bloat
the size of /tmp significantly. Fixed by making CGI::Session write to
/dev/null, since there does not seem to be a way to entirely prevent the
writing.

This commit was sponsored by Henrik Riomar on Patreon.
2017-08-23 13:13:23 -04:00
Joey Hess 32923e732b emailauth: Added emailauth_sender config. 2015-10-02 11:49:47 -04:00
Joey Hess 3676ab329d sohrten url in subject 2015-05-19 17:44:20 -04:00
Joey Hess ba02e7f33d nicer layout of subject 2015-05-19 17:41:14 -04:00
Joey Hess 73e32f7fa6 add url to subject of email
The wikiname can be pretty un-helpful, the user will probably regognise the
url since they were just at it.
2015-05-19 17:38:15 -04:00
Joey Hess 70cf5bb765 don't let emailauth user's email address be changed on preferences page
There's no real problem if they do change it, except they may get confused
and expect to be able to log in with the changed email and get the same
user account.
2015-05-13 23:32:29 -04:00
Joey Hess a7bd24b7b9 fix up session cookie 2015-05-13 23:06:52 -04:00
Joey Hess 95e1e51caa emailauth link sent and verified; user login works
Still some work to do since the user name is an email address and should
not be leaked.
2015-05-13 22:27:03 -04:00
Joey Hess 035c1a2449 move stub auth hook to loginselector 2015-05-13 18:54:13 -04:00
Joey Hess e34533d1a0 email auth plugin now works through email address entry 2015-05-13 18:50:40 -04:00