Commits · 4e34034bda1eca98ddf85b52b64c942d3a789d37 · ai3 / accountserver

09 Nov, 2018 1 commit

First stage of refactor targeting simplicity · 4e34034b

ale authored Nov 09, 2018

Structure flow around requests themselves and composition rather than
handlers and wrappers, the results are likely more readable (and
shorter).

Move all the user auth management business logic to a smart RawUser
object, to separate it from details of API handling. The result should
be more understandable: all critical changes are contained within a
single type.

Also, with all the workflow driven by Requests, we can get rid of the
boilerplate in the HTTP API server and replace it with a tiny tiny
layer of reflection.

4e34034b

01 Nov, 2018 1 commit
- Use a shorter import name for the top-level accountserver package · 813221d2
  ale authored Nov 01, 2018
  
  813221d2
17 Aug, 2018 1 commit
- Add the "has_otp" attribute to the user type · 9b8e1392
  ale authored Aug 17, 2018
  
  9b8e1392
01 Jul, 2018 3 commits
- Move resource grouping out of the backend · 11821eaf
  ale authored Jul 01, 2018
```
It makes more sense to have this directly on the User object.
```
  11821eaf
- Add unix user IDs to object types · e15acb1e
  ale authored Jul 01, 2018
```
Adds UIDs to users, websites, DAV accounts.

Assign a random UID to newly created users, and ensure that all
associated resources have the same UID as well.
```
  e15acb1e
- Properly set the Has2FA bit when U2F is enabled · 050a535b
  ale authored Jul 01, 2018
  
  050a535b
30 Jun, 2018 2 commits

Enable authentication of privileged requests · 621da480
ale authored Jun 30, 2018
```
Check passwords and recovery responses directly against backend data.
```
621da480

Add U2F registrations to the user type and an API method to update them · 09f924a6

ale authored Jun 26, 2018

Still doesn't entirely solve the problem of encoding the U2F
registration requests on the client side (we should probably just
accept a bytestring), but all the important functionality is there.

09f924a6

26 Jun, 2018 1 commit

Minor refactoring of LDAP query templates · 11cab73f

ale authored Jun 26, 2018

Rename queryConfig to queryTemplate to better reflect its purpose, and
drop all cruft that had to do with config deserialization.

11cab73f

24 Jun, 2018 1 commit
- Add APIs to create users and resources · ce95ac1c
  ale authored Jun 24, 2018
  
  ce95ac1c
23 Jun, 2018 1 commit

Add password recovery logic · 3a30acc6

ale authored Jun 23, 2018

Implement a password recovery endpoint, and a way to set the recovery
hints (in the current model, it's a hint/response system).

3a30acc6

22 Jun, 2018 3 commits
- Move some functions out of model.go to make it more readable · 496a4c6f
  ale authored Jun 22, 2018
  
  496a4c6f
- Improve separation of roles between backend and API on secrets management · 66204a81
  ale authored Jun 22, 2018
  
  66204a81
- Add integration tests · aef048c2
  ale authored Jun 22, 2018
```
Start a full HTTP server, backed by an in-memory LDAP server, and test
the API directly.
```
  aef048c2
21 Jun, 2018 2 commits
- Move user key encryption/decryption to the backend package · 547904d1
  ale authored Jun 21, 2018
  
  547904d1
- Remove username from API where we have a Resource · e5211476
  ale authored Jun 21, 2018
  
  e5211476
20 Jun, 2018 1 commit

Refactor the LDAP backend · 02d7c9c6

ale authored Jun 20, 2018

Use a lower level type to abstract LDAP "transactions" (really just
batches of changes) and generate a set of ModifyRequest objects at
commit time. Change the API to let the caller manage the
transaction (TX object) lifetime.

02d7c9c6

19 Jun, 2018 1 commit

Implement a transaction-like interface for the backend · ac2aa256

ale authored Jun 19, 2018

This should make it easier to implement a SQL backend in the future if
necessary, even though LDAP knows no such thing as transactions.

As a result of a better low-level interface, reducing the boilerplate
LDAP code, the business logic in model.go should be quite more
readable.

ac2aa256

10 Jun, 2018 1 commit

Add validators for request fields · 5ffe2e08

ale authored Jun 10, 2018

This includes a number of validators meant to support the creation of
new users and resources (for instance by checking for resource ID
uniqueness etc).

5ffe2e08

02 Apr, 2018 2 commits
- Add methods to enable/disable OTP · d8fb3945
  ale authored Apr 02, 2018
  
  d8fb3945
- Initialize storage encryption on password change · ea481352
  ale authored Apr 02, 2018
  
  ea481352
01 Apr, 2018 1 commit
- Add the actual account management logic · bcdecbe5
  ale authored Apr 01, 2018
```
The result is a functional server, altough there aren't nearly enough comments.
```
  bcdecbe5
20 Mar, 2018 1 commit
- Add code for writing changed resources to LDAP · 6e9218bf
  ale authored Mar 20, 2018
  
  6e9218bf
18 Mar, 2018 1 commit
- Initial commit · da4990e9
  ale authored Mar 18, 2018
  
  da4990e9