Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity
31,095 Commits 93 Branches 867 Tags 349 MiB
Commit Graph

4064 Commits

Author SHA1 Message Date
David Anderson 678f151037 Factor passwd hash logic into a function 
... rather than having it duplicated in 3 places.
Please review https://boinc.berkeley.edu/trac/wiki/CodingStyle
 2018-05-02 20:09:37 -07:00
Kevin Reed 762c052315
Merge pull request #2487 from BOINC/dpa_util 
move random_string() and dtime() from util.inc to util_basic.inc
 2018-05-01 14:02:44 -05:00
Kevin Reed aaaae625a6
Merge pull request #2488 from BOINC/dpa_preview 
web: show title in thread preview
 2018-05-01 13:58:22 -05:00
David Anderson 5914060d4b web: change names of admin functions to e.g. admin_show_user() 
to avoid conflict with non-admin versions
 2018-05-01 10:47:38 -07:00
Kevin Reed 1d84e9fd0a
Merge pull request #2445 from BOINC/dpa_delete_user 
Add a mechanism allowing project admins to "delete" a user
 2018-04-30 15:08:48 -05:00
David Anderson 1788e03188 web: show title in thread preview 
Why did it take me 15 years to do this?
 2018-04-28 00:19:59 -07:00
David Anderson 65fc40fda2 move random_string() and dtime() from util.inc to util_basic.inc 
PHP utilities that aren't web-specific should go in util_basic.inc
 2018-04-27 14:17:56 -07:00
Kevin Reed d2d7e68ace web: modify token include file to provide generic functions for creating 
and validating tokens rather than a function per type of token
 2018-04-23 11:39:32 -05:00
Kevin Reed 51038b0f5b web: change from using MySQL function unix_timestamp() to use php time() 
in order to set value of current time
 2018-04-19 08:57:36 -05:00
Kevin Reed 81b1cf50f2 web: Add html include file that makes it easy to create and verify 
tokens for delete_account.
 2018-04-18 15:29:06 -05:00
Kevin Reed 638f8284a7 web: Fix issue caused by MariaDB 10.2 allowing column defaults to use 
functions but earlier versions and MySQL not allowing it
 2018-04-18 15:28:16 -05:00
David Anderson ad28e831b6
Merge pull request #2401 from BOINC/knr_passwd_hash 
Move to stronger password hash
 2018-04-17 11:20:04 -07:00
Kevin Reed 903674e10d
Merge pull request #2469 from BOINC/dpa_text 
web: add functions text_start() and text_end() to limit line length
 2018-04-17 09:45:44 -05:00
Kevin Reed fbd7447cc4 Merge branch 'master' into knr_passwd_hash 
Conflicts:
	py/Boinc/setup_project.py
 2018-04-17 08:35:14 -05:00
David Anderson a5ea95ab67
Merge pull request #2453 from BOINC/knr_tokens 
Token Mechanism
 2018-04-16 13:21:21 -07:00
David Anderson 700f86db1d web: add functions text_start() and text_end() to limit line length 
on pages with lots of text, to make it more readable.
Width is a parameter, default 640.
 2018-04-14 15:46:58 -07:00
Kevin Reed 70f8dd5202
Merge pull request #2461 from BOINC/dpa_make_user 
admin web: add missing include file for add-user function
 2018-04-10 09:29:28 -05:00
David Anderson c5f0b4a88d remote job submission: fix bug that caused spurious errors to be returned 
From Steve Clark
 2018-04-09 20:26:05 -07:00
David Anderson 938f10bdde admin web: add missing include file for add-user function 2018-04-09 18:31:52 -07:00
Kevin Reed 3e585ede29 web: add default values to not null team columns that are not assigned when team 
is created
 2018-04-06 15:48:52 -05:00
Kevin Reed 4a6246a8bb web: create token table and php object to interact with token table. 
Add script that will delete expired tokens once a day
 2018-04-06 13:30:01 -05:00
Kevin Reed 39cc8c0500 web: Replace html/inc/util.inc random_string() implementation with one 
that is considered cryptographically secure.  This required adding the
random_compat library (MIT License) to provide support for PHP versions
before 7.
 2018-04-06 09:15:51 -05:00
Kevin Reed 78f96d25f3 web: refactor password hashing changes to move compatibility library as a 
.inc file and to move common functions into user_util.inc
 2018-04-04 13:47:26 -05:00
Kevin Reed 333e5c49eb Add the password compatability library to the create project setup 
scripts
 2018-04-04 13:46:16 -05:00
Kevin Reed df64472c11 Merge branch 'master' into knr_passwd_hash 2018-04-04 10:49:14 -05:00
David Anderson 1562265a7d web: don't check for stop_web in page_head(). 
Allow projects to show (non-DB) content even if stop_web is present
(e.g. description of the project on front page).
stop_web really means "the DB is offline".
 2018-04-03 14:44:40 -07:00
David Anderson 6093ed3a3f Add a mechanism allowing project admins to "delete" a user 
This leaves the user record and host records in the DB
to avoid dangling references from the result table.
It:
- changes the user name, email addr, and auth to "deleted_xxx"
- removes the user from team
- removes posts by the user
- removes PMs by the user
- removes friend connection
- removes profile
- "anonymizes" the hosts (erase IP addr and domain name)

Note 1: this is accessed by admins using a script in ops/;
It's not available to users.

Note 2: this may not satisfy the requirements of EU-GDPR
since it doesn't delete the user and host records.
 2018-04-03 14:27:10 -07:00
Kevin Reed 5c5267f28c
Merge pull request #2405 from BOINC/dpa_am_auth 
let AMs use authenticators instead of name/password
 2018-03-28 10:45:58 -05:00
Kevin Reed de11733ba2
Merge pull request #2426 from BOINC/dpa_web_rpc 
create_account web RPC: improve parsing and error handling
 2018-03-28 10:08:22 -05:00
Kevin Reed 7579067918
Merge pull request #2427 from BOINC/dpa_email_msg 
web: use "name@xxx.yyy" instead of "name@domain" to show form of emai…
 2018-03-28 08:19:17 -05:00
David Anderson 635cd537be web: use "name@xxx.yyy" instead of "name@domain" to show form of email addr. 
Users may not know what "domain" means.
Also don't use "name@gmail.com"; they'll think they need a gmail addr.
 2018-03-27 13:11:05 -07:00
David Anderson 9dccb7831d create_account web RPC: improve parsing and error handling 
Projects with old server code reply with PHP warnings
interspersed with the XML.
Parse these replies manually.
 2018-03-27 13:07:40 -07:00
Kevin Reed e48bb4a7cd Merge branch 'master' into knr_passwd_hash 2018-03-22 12:55:13 -05:00
Kevin Reed 5f7cbdb2a7
Merge branch 'master' into dpa_passwd5 2018-03-22 09:28:01 -05:00
David Anderson 1194bab1e3 Web: use https links to BOINC web site in default project config 2018-03-19 20:11:31 -07:00
Kevin Reed 1ceb1e3a24 web: Fix style incompatibilities 2018-03-13 16:49:14 -05:00
Kevin Reed ea6f2c35ac web: Once hashed a password does not need to be escaped when inserting 
it into the database
 2018-03-13 16:23:27 -05:00
David Anderson 13b9783c27 get_project_config.php: say whether account manager 2018-03-09 22:15:03 -08:00
David Anderson 99fbb26598 client: if account manager sends auth, use that instead of name/passwd 
Previously, the credentials in account manager requests
were login name and password hash.
We need to keep this for compatibility with BAM and GR,
but it has problems:
- users can't change AM password
- password hash is stored on client and sent with each AM request

Solution: AM reply can include authenticator instead of name/passwd.
If so, store and use that.

Also: login_token_lookup.php needs to return auth instead of weak auth,
for both projects and AMs.
Weak auths are invalidated when user changes password.
 2018-03-09 15:37:33 -08:00
Kevin Reed 2f299967aa web: changes for improving password hashing (admin, web_rpcs) 2018-03-09 15:05:16 -06:00
Kevin Reed cfa5cd6723 web: Fix autofocus and tab order for the login form 2018-03-09 13:51:41 -06:00
Kevin Reed 09a3666803 web: Only rehash password on login when needed 2018-03-09 09:18:01 -06:00
Kevin Reed 4b147e6cb2 web: initial changes for improving password hashing (join, change email, 
change password, login)
 2018-03-08 15:53:39 -06:00
Kevin Reed 5809474cf1 web: Add password compatability library (MIT License) from 
https://github.com/ircmaxell/password_compat
 2018-03-08 15:37:58 -06:00
Kevin Reed 2253277c38 web: Remove the confirmation password field in locations where the "show 
password" toggle has been added
 2018-03-08 12:34:30 -06:00
Kevin Reed 4c36d4c317 web: provide defaults for user.login_token and user.login_token_time 
as the lack of them was preventing registration from working on (at
least on MariaDB 10.2)
 2018-03-08 12:10:29 -06:00
Kevin Reed 0f9425c3ad Revert "web: provide defaults for user.login_token and user.login_token_time as" 
This commit wasn't atomic, so reverting and redoing it as two seperate
commits

This reverts commit 855ff67e47.
 2018-03-08 11:37:45 -06:00
Kevin Reed 855ff67e47 web: provide defaults for user.login_token and user.login_token_time as 
the lack of them was preventing registration from working on (at least
on MariaDB 10.2)
 2018-03-08 10:13:31 -06:00
Kevin Reed fd73f114d2 web: add 'show password' to login and change password pages. add label to text for show password to make it easier to select 2018-03-07 12:27:23 -06:00
Kevin Reed ce5d3ed79f
Merge pull request #2385 from BOINC/dpa_token 
web: in download.php, use current login token if recent
 2018-03-07 11:11:42 -06:00