10 months agoMerge "fix: remove SPKAC from certificate request routine"
Felix Dörre [Thu, 19 Dec 2019 07:18:24 +0000 (07:18 +0000)]
Merge "fix: remove SPKAC from certificate request routine"

10 months agoadd: enable Support to see the new RA Agent status
INOPIAE [Tue, 24 Jul 2018 13:46:42 +0000 (15:46 +0200)]
add: enable Support to see the new RA Agent status

Change-Id: I211817db4565f7a033cb8837e51a086303d7d5eb

10 months agoadd: functionality to promote a user via test manager to RA Agent
INOPIAE [Tue, 24 Jul 2018 11:44:53 +0000 (13:44 +0200)]
add: functionality to promote a user via test manager to RA Agent

Change-Id: Ic954b854bca4c32860db2a707f9cbbe6ecb4b179

10 months agoadd: handling of RA Agent Contract
INOPIAE [Fri, 6 Jul 2018 12:54:01 +0000 (14:54 +0200)]
add: handling of RA Agent Contract

Only covers the basic functionality.

The full text of the contract and the email will be covered in a later

The data and contract.token will be used for pdf-output in a
later patch.

The implementation of the restrictions connected to signed contract will
be covered in a later patch.

Change-Id: I5b47d31458779d227a4f9702a9e7563ab210e7e5

10 months agoMerge "fix: change typo for year"
Marcus Mängel [Sun, 24 Nov 2019 23:28:10 +0000 (23:28 +0000)]
Merge "fix: change typo for year"

10 months agofix: change typo for year
INOPIAE [Sun, 24 Nov 2019 04:41:31 +0000 (05:41 +0100)]
fix: change typo for year

Change-Id: Ie2e9c02adac96f2816c0c523c88d29565665cdc0

10 months agofix: change wording of error message
INOPIAE [Fri, 22 Nov 2019 15:06:20 +0000 (16:06 +0100)]
fix: change wording of error message

Text change according to

Change-Id: I7ac3946f70ec87799c793ea3729f1fec254c9fc7

11 months agoMerge "add: new function to set a challenge expired via test manager"
Marcus Mängel [Sun, 3 Nov 2019 06:25:47 +0000 (06:25 +0000)]
Merge "add: new function to set a challenge expired via test manager"

12 months agoMerge "add: password reset after certificate login"
Felix Dörre [Sat, 19 Oct 2019 14:22:43 +0000 (14:22 +0000)]
Merge "add: password reset after certificate login"

12 months agofix: use os-provided public suffix
Felix Dörre [Fri, 4 Oct 2019 15:02:38 +0000 (17:02 +0200)]
fix: use os-provided public suffix

Change-Id: I9b4fc3d9d0a6cbb54c3d8165bf225241041b9cf7

12 months agoadd: password reset after certificate login
INOPIAE [Sun, 15 Sep 2019 09:40:01 +0000 (11:40 +0200)]
add: password reset after certificate login

fixes issue #173

Change-Id: If92565d0747ea2b10fa64066ca8ce7be79e46f27

12 months agofix: adjust output to show delete button correct
INOPIAE [Mon, 23 Sep 2019 04:21:17 +0000 (06:21 +0200)]
fix: adjust output to show delete button correct

Change-Id: I708e9cda67d33a7a35b414b8d74a3d7ab204608d

13 months agoadd: new function to set a challenge expired via test manager
INOPIAE [Sat, 21 Sep 2019 04:11:19 +0000 (06:11 +0200)]
add: new function to set a challenge expired via test manager

The function is added to enable testing with expired challenges.

Change-Id: I36f71a23e12aecc0870f95c15b20818b444322f9

13 months agoMerge "add: implement password change log"
Lucas Werkmeister [Sat, 14 Sep 2019 12:34:17 +0000 (14:34 +0200)]
Merge "add: implement password change log"

13 months agoMerge "add: check that new email address is not linked to organisation domain"
Benny Baumann [Thu, 12 Sep 2019 17:30:13 +0000 (19:30 +0200)]
Merge "add: check that new email address is not linked to organisation domain"

13 months agoadd: implement password change log
INOPIAE [Sat, 23 Feb 2019 05:40:54 +0000 (06:40 +0100)]
add: implement password change log

fixes issue #42

Change-Id: I64a8ab5ff675852029b19e2e325f8fcd738544d5

13 months agoMerge "add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:50 +0000 (05:12 +0200)]
Merge "add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge"

13 months agoMerge "add: ensure that for TTPAgent action there is a valid TTPAgent Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:44 +0000 (05:12 +0200)]
Merge "add: ensure that for TTPAgent action there is a valid TTPAgent Challenge"

13 months agoMerge "add: ensure that for OrgAgent action there is a valid OrgAgent Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:39 +0000 (05:12 +0200)]
Merge "add: ensure that for OrgAgent action there is a valid OrgAgent Challenge"

13 months agoMerge "add: ensure that for Support actions there is a valid Support Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:31 +0000 (05:12 +0200)]
Merge "add: ensure that for Support actions there is a valid Support Challenge"

13 months agoMerge "add: ensure that for RA Agent actions there is a valid RA Challenge"
Marcus Mängel [Wed, 11 Sep 2019 03:12:17 +0000 (05:12 +0200)]
Merge "add: ensure that for RA Agent actions there is a valid RA Challenge"

13 months agoMerge "add: implement to check if user has valid challenges for roles"
Marcus Mängel [Wed, 11 Sep 2019 03:11:54 +0000 (05:11 +0200)]
Merge "add: implement to check if user has valid challenges for roles"

13 months agoMerge "add: ensure that for Org Administrator actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:35 +0000 (05:11 +0200)]
Merge "add: ensure that for Org Administrator actions certificate login is used"

13 months agoMerge "add: ensure that for Org Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:24 +0000 (05:11 +0200)]
Merge "add: ensure that for Org Agent actions certificate login is used"

13 months agoMerge "add: ensure that for TTP Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:13 +0000 (05:11 +0200)]
Merge "add: ensure that for TTP Agent actions certificate login is used"

13 months agoMerge "add: ensure that for RA Agent actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:11:01 +0000 (05:11 +0200)]
Merge "add: ensure that for RA Agent actions certificate login is used"

13 months agoMerge "add: ensure that for support actions certificate login is used"
Marcus Mängel [Wed, 11 Sep 2019 03:10:49 +0000 (05:10 +0200)]
Merge "add: ensure that for support actions certificate login is used"

13 months agoMerge "add: implement to define a strong authenticated login"
Felix Dörre [Tue, 10 Sep 2019 21:45:40 +0000 (23:45 +0200)]
Merge "add: implement to define a strong authenticated login"

13 months agoadd: display fingerprint on RootCertPage, TestCACertificate class
CyB3RC0nN0R [Sat, 31 Aug 2019 19:35:26 +0000 (21:35 +0200)]
add: display fingerprint on RootCertPage, TestCACertificate class

Change-Id: Icdca73da47e87366b686f0fc83558736728357ef

13 months agoadd: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge
INOPIAE [Thu, 18 Jul 2019 05:43:48 +0000 (07:43 +0200)]
add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge

last patch of series. Fixes issue #150

Change-Id: I17bf8fd5ea9af89792d6ac4fe8f39261e8aa0192

13 months agoadd: ensure that for TTPAgent action there is a valid TTPAgent Challenge
INOPIAE [Wed, 17 Jul 2019 08:50:09 +0000 (10:50 +0200)]
add: ensure that for TTPAgent action there is a valid TTPAgent Challenge

related to issue #150

Change-Id: Ia3658d5ccb5b41ec8954259160f2db2005109691

13 months agoadd: ensure that for OrgAgent action there is a valid OrgAgent Challenge
INOPIAE [Wed, 17 Jul 2019 04:06:36 +0000 (06:06 +0200)]
add: ensure that for OrgAgent action there is a valid OrgAgent Challenge

related to issue #150

Change-Id: I9e57e82da383c26ccbcb659a0f93d5de59816b15

13 months agoadd: ensure that for Support actions there is a valid Support Challenge
INOPIAE [Tue, 16 Jul 2019 20:04:28 +0000 (22:04 +0200)]
add: ensure that for Support actions there is a valid Support Challenge

related to issue #150

Change-Id: Ibdec5fc46cde59a0f19cefa50f5d3c3508849717

13 months agoadd: ensure that for RA Agent actions there is a valid RA Challenge
INOPIAE [Tue, 16 Jul 2019 12:42:33 +0000 (14:42 +0200)]
add: ensure that for RA Agent actions there is a valid RA Challenge

related to issue #150

Change-Id: I2438e8941864103fe1b2d7c542736c19acb01419

13 months agoadd: implement to check if user has valid challenges for roles
INOPIAE [Tue, 16 Jul 2019 10:39:51 +0000 (12:39 +0200)]
add: implement to check if user has valid challenges for roles

This is just the basic work for upcoming patches to enforce the
requirement to have a challenge passed within in the given time for
valid tests for certain areas. see issue #150

Change-Id: Ie53634cd2c1d74829c811cd4d35f584ddb0eb307

13 months agoadd: ensure that for Org Administrator actions certificate login is used
INOPIAE [Sun, 14 Jul 2019 09:44:40 +0000 (11:44 +0200)]
add: ensure that for Org Administrator actions certificate login is used

related to issue #150

Change-Id: I64beb829327d13f245792843e7bdf02e34b533dd

13 months agoadd: ensure that for Org Agent actions certificate login is used
INOPIAE [Sun, 14 Jul 2019 05:33:56 +0000 (07:33 +0200)]
add: ensure that for Org Agent actions certificate login is used

related to issue #150

Change-Id: I9242be2df77ae9a7e9723bd0a5c5e577a22c3b54

13 months agoadd: ensure that for TTP Agent actions certificate login is used
INOPIAE [Sun, 14 Jul 2019 04:43:47 +0000 (06:43 +0200)]
add: ensure that for TTP Agent actions certificate login is used

related to issue #150

Change-Id: If6f636f09b9ea32a8558f1e44474a6585b09ef8d

13 months agoadd: ensure that for RA Agent actions certificate login is used
INOPIAE [Wed, 10 Jul 2019 07:35:09 +0000 (09:35 +0200)]
add: ensure that for RA Agent actions certificate login is used

related to issue #150

Change-Id: Ia6e474a9c3d7fb716c736aeb9b21dfe1f765de6c

13 months agoadd: ensure that for support actions certificate login is used
INOPIAE [Mon, 8 Jul 2019 12:53:28 +0000 (14:53 +0200)]
add: ensure that for support actions certificate login is used

related to issue #150

Change-Id: I2bc368a8b93d1ccbb3522e74213d2057bd9b2d67

13 months agoadd: implement to define a strong authenticated login
INOPIAE [Mon, 8 Jul 2019 11:19:03 +0000 (13:19 +0200)]
add: implement to define a strong authenticated login

This is just the basic work for upcoming patches to enforce certificate
login for certain areas. see issue #150

Change-Id: I714be6e48a6860e73983be0cbe9e833afb80e78a

13 months agoMerge "add: add sample data and instructions for locale testing"
Marcus Mängel [Sun, 8 Sep 2019 14:03:38 +0000 (16:03 +0200)]
Merge "add: add sample data and instructions for locale testing"

13 months agoMerge "upd: get enough space between radio/checkbox and following text"
Marcus Mängel [Sun, 8 Sep 2019 14:03:28 +0000 (16:03 +0200)]
Merge "upd: get enough space between radio/checkbox and following text"

13 months agoMerge "upd: rephrase wording"
Marcus Mängel [Sun, 8 Sep 2019 14:03:18 +0000 (16:03 +0200)]
Merge "upd: rephrase wording"

13 months agoMerge "upd: fix to ensure that only comments are replaced"
Lucas Werkmeister [Sat, 7 Sep 2019 12:23:27 +0000 (14:23 +0200)]
Merge "upd: fix to ensure that only comments are replaced"

13 months agoMerge "upd: small changes for consistent wording and better translation"
Marcus Mängel [Mon, 2 Sep 2019 04:07:05 +0000 (06:07 +0200)]
Merge "upd: small changes for consistent wording and better translation"

13 months agoupd: rephrase wording
INOPIAE [Mon, 2 Sep 2019 04:04:57 +0000 (06:04 +0200)]
upd: rephrase wording

Change-Id: I738e63fd051fea5df3506a4197c33431b69ed35d

13 months agoupd: get enough space between radio/checkbox and following text
INOPIAE [Tue, 13 Aug 2019 19:06:42 +0000 (21:06 +0200)]
upd: get enough space between radio/checkbox and following text

Change-Id: Iebdfa64a8444900d7406249abf875f577cee19e9

13 months agoadd: add sample data and instructions for locale testing
INOPIAE [Sat, 17 Aug 2019 12:12:20 +0000 (14:12 +0200)]
add: add sample data and instructions for locale testing

Change-Id: I85dcd7e3d3c6e326c4a174b811c5f03f97986093

13 months agoupd: correct url in email when ping fails
INOPIAE [Fri, 30 Aug 2019 05:18:04 +0000 (07:18 +0200)]
upd: correct url in email when ping fails

Change-Id: I4c5c3006b48f0dfd645437284f2c1724a2d27f03

13 months agoupd: fix to ensure that only comments are replaced
INOPIAE [Sat, 24 Aug 2019 12:16:34 +0000 (14:16 +0200)]
upd: fix to ensure that only comments are replaced

The current code replaces the "-" in "-----BEGIN CERTIFICATE-----" which
may be needed to have sample data for a certificate.

Change-Id: I5d364eba3003ea8e576dfcc9939cbaba2a1cca6a

14 months agoupd: small changes for consistent wording and better translation
INOPIAE [Sat, 17 Aug 2019 05:21:57 +0000 (07:21 +0200)]
upd: small changes for consistent wording and better translation

These changes arose while try to translate the GUI.

Change-Id: I6dc7842f7b34703fbbcd8a18e115540f30f299f7

14 months agofix: corrected layout of table after bootstrap update
INOPIAE [Thu, 8 Aug 2019 08:11:46 +0000 (10:11 +0200)]
fix: corrected layout of table after bootstrap update

Change-Id: I415387db0756eb9c817290cef4ca2f6f16270ba0

14 months agoMerge "upd: added new test to ensure that no underscores are in domain part"
Felix Dörre [Wed, 7 Aug 2019 07:20:56 +0000 (09:20 +0200)]
Merge "upd: added new test to ensure that no underscores are in domain part"

14 months agoMerge "upd: move bootstrap from 3.5.1 to 4.3.1"
Felix Dörre [Wed, 7 Aug 2019 07:20:50 +0000 (09:20 +0200)]
Merge "upd: move bootstrap from 3.5.1 to 4.3.1"

14 months agoadd: check that new email address is not linked to organisation domain
INOPIAE [Fri, 10 May 2019 11:08:28 +0000 (13:08 +0200)]
add: check that new email address is not linked to organisation domain

Change-Id: If5b0c52ae7111539bf4e792e23158a0686afcea4

15 months agoupd: restructure order of data checks
INOPIAE [Thu, 18 Jul 2019 12:38:45 +0000 (14:38 +0200)]
upd: restructure order of data checks

Get the order of possible error messages in order with the form fields

Change-Id: Iaf8b5027000ac860d45b0cdc11db1802781fc3c6

15 months agoadd: accept data protection policy during registration
INOPIAE [Thu, 18 Jul 2019 12:10:00 +0000 (14:10 +0200)]
add: accept data protection policy during registration

fixes issue #174

Change-Id: I079febbb7dbdfd89257c30a9c499f54d89db3170

16 months agoupd: added new test to ensure that no underscores are in domain part
INOPIAE [Wed, 19 Jun 2019 20:23:45 +0000 (22:23 +0200)]
upd: added new test to ensure that no underscores are in domain part

According to BR no underscores are allowed in dNSName entries.

fixes issue #172

Change-Id: I245b35198b20030292b6bf21ae91e23b53efa516

16 months agoupd: move bootstrap from 3.5.1 to 4.3.1
INOPIAE [Wed, 1 May 2019 12:02:24 +0000 (14:02 +0200)]
upd: move bootstrap from 3.5.1 to 4.3.1

Change-Id: I7763f17efc74bc406aed2464255bce3a92752821

19 months agofix: remove SPKAC from certificate request routine
INOPIAE [Sat, 23 Feb 2019 04:04:57 +0000 (05:04 +0100)]
fix: remove SPKAC from certificate request routine

fixes issue #137

Change-Id: I67f71265c8b675c8a746539db66f534660d8cd55

20 months agoupd: fix to upper case to be consistent with labeling of buttons
INOPIAE [Fri, 1 Feb 2019 05:03:28 +0000 (06:03 +0100)]
upd: fix to upper case to be consistent with labeling of buttons

Change-Id: I3cdc00967f8979023b0fbd4fde576ba082ee9380

21 months agoupd: change sorting of trainings to descending
INOPIAE [Tue, 8 Jan 2019 05:03:59 +0000 (06:03 +0100)]
upd: change sorting of trainings to descending

Enable user to find the last records easier, especially for support.

Change-Id: I3a1aacbf8d4c128b99640e443df1a97606786005

21 months agoMerge "add: show sha-1 and sha-256 fingerprint on certificate page "
Lucas Werkmeister [Sun, 23 Dec 2018 10:34:50 +0000 (11:34 +0100)]
Merge "add: show sha-1 and sha-256 fingerprint on certificate page "

21 months agoadd: show sha-1 and sha-256 fingerprint on certificate page
INOPIAE [Sat, 15 Dec 2018 11:05:06 +0000 (12:05 +0100)]
add: show sha-1 and sha-256 fingerprint on certificate page

Change-Id: I9feb13ab227ed85dd640f3757996556a0f01e69b

22 months agoMerge "chg: rephrase wording to make clear that OrgAdmin works on behalf of org"
Felix Dörre [Mon, 17 Dec 2018 20:00:32 +0000 (21:00 +0100)]
Merge "chg: rephrase wording to make clear that OrgAdmin works on behalf of org"

22 months agoMerge "chg: use imported name"
Felix Dörre [Mon, 17 Dec 2018 19:40:02 +0000 (20:40 +0100)]
Merge "chg: use imported name"

22 months agoMerge "fix: ensure no blanks are entered between name parts and hyphens"
Felix Dörre [Mon, 17 Dec 2018 19:39:48 +0000 (20:39 +0100)]
Merge "fix: ensure no blanks are entered between name parts and hyphens"

22 months agoMerge "fix: make MyDetails/SwitchToOrg work again"
Felix Dörre [Sun, 16 Dec 2018 01:25:31 +0000 (02:25 +0100)]
Merge "fix: make MyDetails/SwitchToOrg work again"

22 months agochg: rephrase wording to make clear that OrgAdmin works on behalf of org
INOPIAE [Wed, 12 Dec 2018 20:29:49 +0000 (21:29 +0100)]
chg: rephrase wording to make clear that OrgAdmin works on behalf of org

Change-Id: I88fd5eee6250f68c32e7de7945b14c0f66dd29ea

22 months agochg: use imported name
Lucas Werkmeister [Wed, 12 Dec 2018 23:18:25 +0000 (00:18 +0100)]
chg: use imported name

Since change I6ac4ac919b (commit 443b1f0954), this file imports
java.util.Date, so we no longer need the fully qualified name.

Change-Id: I458c3240d87855047c7f84f52a7af1e38a2c8ac5

22 months agofix: make MyDetails/SwitchToOrg work again
Felix Dörre [Sun, 9 Dec 2018 12:01:13 +0000 (13:01 +0100)]
fix: make MyDetails/SwitchToOrg work again needs this parameter to know to which form to dispatch
the request as there are two forms that post
to the same url. See src/club/wpia/gigi/pages/account/

Change-Id: I8aade6f43193b3df5676e86857d2db9f016cddc4

22 months agoMerge "add: display on cert status check if cert is valid and expired"
Lucas Werkmeister [Wed, 12 Dec 2018 23:17:46 +0000 (00:17 +0100)]
Merge "add: display on cert status check if cert is valid and expired"

22 months agoupd: adjust time conditions according to BR requirements
INOPIAE [Tue, 27 Nov 2018 06:43:46 +0000 (07:43 +0100)]
upd: adjust time conditions according to BR requirements

fix issue #167
Change-Id: I47145e69e277c7d765aca8f4ff635b4627dc31aa

2 years agoadd: display on cert status check if cert is valid and expired
INOPIAE [Wed, 22 Aug 2018 05:48:19 +0000 (07:48 +0200)]
add: display on cert status check if cert is valid and expired

Change-Id: I6ac4ac919bf721419be296012ec1e091af2990f5

2 years agoMerge "add: make sure org admin cannot delete domain from org account"
Lucas Werkmeister [Tue, 21 Aug 2018 18:02:26 +0000 (20:02 +0200)]
Merge "add: make sure org admin cannot delete domain from org account"

2 years agoadd: make sure org admin cannot delete domain from org account
INOPIAE [Thu, 9 Aug 2018 14:34:48 +0000 (16:34 +0200)]
add: make sure org admin cannot delete domain from org account

Only an Org RA Agent should be able to delete a domain from an
organisation account

Change-Id: I2617f5e75afaea3a877036b4aa29d66abaefa3b6

2 years agofix: make sure a single name is not empty
INOPIAE [Tue, 24 Jul 2018 19:11:22 +0000 (21:11 +0200)]
fix: make sure a single name is not empty

Change-Id: Ic375db394c6fc7524e71dd026cd68e26999596a2

2 years agoMerge "add: ensure org ra agents cannot manage org where they are org admin"
Lucas Werkmeister [Mon, 23 Jul 2018 20:46:30 +0000 (22:46 +0200)]
Merge "add: ensure org ra agents cannot manage org where they are org admin"

2 years agoMerge "add: handling of who issued a certificate"
Benny Baumann [Mon, 23 Jul 2018 20:39:24 +0000 (22:39 +0200)]
Merge "add: handling of who issued a certificate"

2 years agoadd: ensure org ra agents cannot manage org where they are org admin
INOPIAE [Sat, 14 Jul 2018 08:09:53 +0000 (10:09 +0200)]
add: ensure org ra agents cannot manage org where they are org admin

As org admin of the organisation they should only be able to edit org
admins of that organisation but no organisation details.

Change-Id: Icbdd215f9f50ed106176c6af5e796cb62fcb5593

2 years agofmt: adjust correct wording
INOPIAE [Sun, 22 Jul 2018 08:31:08 +0000 (10:31 +0200)]
fmt: adjust correct wording

Change-Id: I33408bfa2367feb95b9f8f75d34fc74c94a9fc98

2 years agoadd: handling of who issued a certificate
INOPIAE [Wed, 27 Jun 2018 06:51:45 +0000 (08:51 +0200)]
add: handling of who issued a certificate

fixes issue #155

Change-Id: I868c9b9147e647d940508c8f131691e5062c1cf3

2 years agofix: ensure no blanks are entered between name parts and hyphens
INOPIAE [Fri, 13 Jul 2018 06:08:03 +0000 (08:08 +0200)]
fix: ensure no blanks are entered between name parts and hyphens

fixes issue #156

Change-Id: I3796dc8dfdf20cb64b325b56f3879030957e02d3

2 years agofmt: proper use of lower case to have consistent warning messages
INOPIAE [Sat, 7 Jul 2018 03:59:47 +0000 (05:59 +0200)]
fmt: proper use of lower case to have consistent warning messages

Change-Id: I14ee00620fb9393fb8e20b47fa3e0bbcec0e32dd

2 years agoadd: labels for checkboxes
Lucas Werkmeister [Mon, 9 Jul 2018 21:32:09 +0000 (23:32 +0200)]
add: labels for checkboxes

Associating a checkbox with its label improves accessibility and makes
it more convenient to toggle the checkbox.

For most checkboxes, this adds an `id` for the checkbox and associates
the label with it via the `for` attribute, but for checkboxes in a loop
we can’t use that (multiple checkboxes would have the same `id`), so
there the technique of wrapping the input inside the label is used

Change-Id: I01b3b8cc57bcdb667bae27f6d88e3c65533a21f5

2 years agochg: remove unused import
Lucas Werkmeister [Wed, 4 Jul 2018 22:35:35 +0000 (00:35 +0200)]
chg: remove unused import

Change-Id: I8184fde037157d220ded2ab2a8e1cb5b75c96844

2 years agoupd: added warning to error message
INOPIAE [Sun, 1 Jul 2018 09:06:52 +0000 (11:06 +0200)]
upd: added warning to error message

The error message is more a warning.

Change-Id: I0b27886b54fce016249f26b68446d35c3dd0625b

2 years agoadd: test for PasswordHashChecker
Lucas Werkmeister [Thu, 14 Jun 2018 21:25:39 +0000 (23:25 +0200)]
add: test for PasswordHashChecker

The last of the four assertions is intended to record the fact that we
don’t currently check the hash of a “simplified” (here: lowercased)
version of the password. We might want to do this in the future, but in
my opinion that should then be a deliberate decision, which includes
updating the test accordingly.

Change-Id: I1c8f45a7382bea96bbab80c6730179d55072fc8f

2 years agofix: short files in PasswordHashChecker
Lucas Werkmeister [Tue, 19 Jun 2018 21:23:34 +0000 (23:23 +0200)]
fix: short files in PasswordHashChecker

For short files (or, presumably, for very rare hashes on all files),
PasswordHashChecker would occasionally attempt to read before the start
or past the end of a file; avoid this with clamping (in two cases where
there is no potentially infinite iteration) or aborting (in the one
other case, where clamping might yield an infinite loop).

Change-Id: Ia1d4f527a2b8589ec43732e0e1a1cf80cb3e2bac

2 years agochg: ignore NoSuchFileException for Pwned Passwords
Lucas Werkmeister [Tue, 19 Jun 2018 21:20:22 +0000 (23:20 +0200)]
chg: ignore NoSuchFileException for Pwned Passwords

If we can’t open the Pwned Passwords database because the file does not
exist, there’s no need to print a detailed stack trace: the warning
message should be enough to gently inform the system administrator that
they can improve their security by installing the database. Any other
errors (e. g. permission errors) are still reported.

This is mainly motivated by the dozens of NoSuchFileException stack
traces in CI builds, which this commit should silence.

Change-Id: Id08afc1600a70acfc49b2c4335b533949413b09a

2 years agoMerge changes from topic '143'
Felix Dörre [Tue, 19 Jun 2018 18:20:54 +0000 (20:20 +0200)]
Merge changes from topic '143'

* changes:
  add: optionally check pwned passwords
  add: PasswordHashChecker implementation
  add: DelegatingPasswordChecker implementation
  chg: move PasswordChecker object to Gigi class
  add: PasswordChecker interface

2 years agoadd: optionally check pwned passwords
Lucas Werkmeister [Sat, 2 Jun 2018 19:53:15 +0000 (21:53 +0200)]
add: optionally check pwned passwords

A new configuration option is added, specifying the path to a file of
known password hashes which Gigi will refuse to accept for user
accounts. If the option is not specified, Gigi attempts to use the Pwned
Passwords database (see the pwned-passwords-bin package) but continues
startup if the database cannot be opened. This is intended to be useful
for developers: production users should always configure the path to the
file explicitly, so that Gigi will refuse to start if the file cannot be
accessed for whatever reason.

The PasswordHashChecker, if used, is chained behind the usual
PasswordStrengthChecker using a DelegatingPasswordChecker.

Change-Id: I9e54bd45fa35d7ea81d44677f50635d6ab8514e0

2 years agoadd: PasswordHashChecker implementation
Felix Dörre [Sun, 14 Jan 2018 23:40:03 +0000 (00:40 +0100)]
add: PasswordHashChecker implementation

The implementation is mostly taken from code in the “lookhash”
repository and its first (only) issue. knownPasswordHash and
estimateHashOffset were written by Felix Dörre, while checkPassword,
compareHashes and the surrounding bits of the class were written by
Lucas Werkmeister.

Part of #143.

Change-Id: I6c4175c85ed40544b2ca6a86673814a0cfbb6dcd

2 years agoadd: DelegatingPasswordChecker implementation
Lucas Werkmeister [Sun, 14 Jan 2018 14:12:56 +0000 (15:12 +0100)]
add: DelegatingPasswordChecker implementation

This PasswordChecker implementation delegates to several other checkers,
which lets us use a series of checkers (e. g. one which rates the
password’s strength and one that checks against a list of known weak
passwords) in place of one.

In theory, this would also let us split up the existing
PasswordStrengthChecker into two checkers, one grading the password
strength in general and one checking whether the password contains parts
of the name or the email address. However, this would remove the current
behavior where a password that contains part of the name or email can be
“redeemed” by being otherwise strong enough: DelegatingPasswordChecker
does not support any such kind of interoperation of checkers.

Change-Id: I1066ab11cac8c756a2972128257a65d29cd2d365

2 years agochg: move PasswordChecker object to Gigi class
Lucas Werkmeister [Sat, 13 Jan 2018 20:23:00 +0000 (21:23 +0100)]
chg: move PasswordChecker object to Gigi class

This provides one centralized place where the PasswordChecker used can
be selected or changed. (setPasswordChecker() is intended for use in the
tests – in normal operation, the PasswordChecker should be set up once
during initialization and then not changed.)

I’d like to do this via dependency injection, but neither User nor
Signup seem like the right places to do this. Perhaps this kind of logic
should be moved to some kind of service where this is more feasible, but
that’s not a refactoring I want to do right now.

Change-Id: Id23d8a492a21a934085d9b91689acd723b065843

2 years agoadd: PasswordChecker interface
Lucas Werkmeister [Sat, 13 Jan 2018 18:56:44 +0000 (19:56 +0100)]
add: PasswordChecker interface

PasswordChecker is a generic version of the interface which
PasswordStrengthChecker currently offers. PasswordStrengthChecker is
changed to implement the new interface (currently the only
implementation, but others will be added in the future).

Using this interface instead of PasswordStrengthChecker directly in
other code will let us introduce other ways of checking password
strength as well, e. g. implementing #143.

The interface is placed in the new `passwords` subpackage, and the
PasswordStrengthChecker implementation is also moved there.

Change-Id: I2fb9dde216db7b14f3d4d45342bdc5c657c87233

2 years agoadd: mkosi files
Lucas Werkmeister [Mon, 26 Feb 2018 01:02:35 +0000 (02:02 +0100)]
add: mkosi files

mkosi is a tool to build operating system images, possibly with some
software pre-built inside it. This commit adds mkosi configuration files
for building the Debian packages for Gigi on any distribution supported
by mkosi. The *.deb files will be placed in the srv/ directory of the
resulting image (image/srv/*.deb).

Note that mkosi doesn’t include git information in the build tree, so
the changelog used for the packages is whatever is currently in the
source tree. Consider running doc/scripts/genchangelog before mkosi.

The packages are also, unfortunately, not yet deterministic. The
strip-nondeterminism debhelper step uses the date from the changelog (so
if doc/scripts/genchangelog was run before the build started, that part
is deterministic), but it only seems to adjust the timestamps of the
three files in the .deb archives, not of the files within those .tar.*

A post-install script is included that could potentially be used to
actually install the packages inside the built image. However, that part
doesn’t yet work, so it’s disabled for now: the post-install scripts of
the packages have some extra requirements (more packages, an internet
connection) which mkosi doesn’t satisfy by default, and I didn’t want to
spend more time to find out if it can be made to work. This might be
fixed in a future commit, but even then, it’s not clear if such an image
would be very useful.

Change-Id: Ib966760b31f75cf0e8892428b6a8c6dba5ec5f2e

2 years agoMerge "chg: apply css 'table' class to table"
Lucas Werkmeister [Tue, 22 May 2018 18:22:06 +0000 (20:22 +0200)]
Merge "chg: apply css 'table' class to table"

2 years agochg: apply css 'table' class to table
INOPIAE [Sat, 3 Mar 2018 06:04:32 +0000 (07:04 +0100)]
chg: apply css 'table' class to table

The 'table' class is built-in from bootstrap to format a table to
spread across the screen. Bootstrap styles tables with the 'table' class
only due to the widespread use of tables for formatting purposes other
than tabular data.

Change-Id: I39d89353c4cbbd0ce130dffc5fac3d5a47bc528c