Frédéric Péters
5fb399cf14
misc: allow is_url_signed() to be called without a request ( #90453 )
gitea/wcs/pipeline/head This commit looks good
Details
2024-05-10 11:12:51 +02:00
Frédéric Péters
3bc9e923ac
api: improve timestamp delta error message ( #25013 )
gitea/wcs/pipeline/head This commit looks good
Details
2023-12-03 21:18:28 +01:00
Frédéric Péters
0ee6d323f4
misc: apply django-upgrade 3.2 (mostly force_text -> force_str) ( #74840 )
2023-03-15 15:33:17 +01:00
Frédéric Péters
f7a70b4c1b
misc: save received nonces in token table ( #71441 )
2023-01-13 12:50:20 +01:00
Frédéric Péters
d27d92dc4e
api: accept HTTP Basic authentication scheme for API accesses ( #20624 )
2021-05-05 13:29:36 +02:00
Frédéric Péters
674ab42b3a
api: add roles-based access restrictions ( #48752 )
2021-05-05 13:29:36 +02:00
Frédéric Péters
08f1431a66
trivial: apply new isort configuration ( #52504 )
2021-03-30 13:42:22 +02:00
1910130955
misc: pylint fix import-error ( #52222 )
2021-03-29 10:28:31 +02:00
48470c50c0
misc: apply isort ( #52224 )
2021-03-19 18:00:18 +01:00
Frédéric Péters
e7292f6f3f
misc: remove usage of "six" module ( #51517 )
2021-03-01 15:43:54 +01:00
Frédéric Péters
4ebe82ef21
trivial: apply black
2021-02-04 10:37:40 +01:00
Nicolas Roche
7138d09c3b
api: search api keys from dedicated storage objects too ( #48751 )
2020-12-03 08:50:33 +01:00
Thomas NOËL
cc16562f90
api: use hashlib to validate algo parameter ( #47685 )
2020-10-19 17:10:43 +02:00
Frédéric Péters
659243f9c7
trivial: replace base64 deprecated methods ( #46990 )
2020-09-25 16:25:54 +02:00
Frédéric Péters
84fe1caa53
api: raise 401 on authenticated API access where basic auth is allowed ( #41766 )
2020-04-21 09:18:13 +02:00
Frédéric Péters
d81959f81f
trivial: insure two blank lines before top functions and classes
2020-01-18 20:33:44 +01:00
Emmanuel Cazenave
e80f55d694
ctl: preserve key length in py3 ( #38240 )
2019-12-09 09:48:01 +01:00
Frédéric Péters
8dcccc7e9c
misc: pass bytes to base64 when doing http basic authentication ( #36515 )
2019-11-20 09:17:19 +01:00
Frédéric Péters
65d7c92a62
api: compare signature as bytes ( #36515 )
2019-11-20 09:17:18 +01:00
Frédéric Péters
eeed7d6306
misc: pass bytes to hmac ( #36515 )
2019-11-20 09:17:18 +01:00
Frédéric Péters
c36f13852f
misc: replace basestring by six.string_types ( #36515 )
2019-11-20 09:17:18 +01:00
5911bf782d
misc: add an utility function to get flag from query ( #37176 )
2019-11-07 10:02:07 +01:00
Frédéric Péters
1b1e596d1f
misc: use relative imports ( #36517 )
2019-09-30 11:05:53 +02:00
Frédéric Péters
45a374ae50
api utils: add function to sign an URL if orig is known ( #31492 )
2019-04-04 19:24:58 +02:00
Frédéric Péters
db0e1d1260
python3: import modules from six compatibility locations ( #30996 )
2019-03-04 12:44:32 +01:00
Frédéric Péters
bc8f5f1c66
python3: use newer syntax for exceptions ( #30996 )
2019-03-04 12:44:32 +01:00
Frédéric Péters
c6e536e02e
api: ignore empty nonces ( #27945 )
2018-11-14 09:17:29 +01:00
Frédéric Péters
fcfda2d576
api: add possibility of http basic auth access to the ics endpoint ( #16792 )
2017-07-31 10:45:50 +02:00
Frédéric Péters
d41956278a
api: don't leave nonce files open ( #15755 )
2017-04-05 10:44:10 +02:00
Benjamin Dauvergne
c56fada49e
api: check signature's nonce ( #10923 )
...
It's mandatory to prevent replays. Request is marked as valid after the first
check so that multiple call to is_url_signed() on the same request do not
fail.
Tests had to be modified so they don't use the same signed URL for their web
service calls.
2017-03-27 12:57:33 +02:00
Benjamin Dauvergne
16ce4fc880
misc: use frontoffice_url to compute orig parameter ( #12381 )
2016-07-04 16:13:33 +02:00
Benjamin Dauvergne
13be7a0ec4
move API signing functions in their own module ( #10444 )
...
Having them in the api module leads to circular imports.
Also get_secret() has been rewritten as get_secret_and_orig().
2016-04-18 10:57:24 +02:00
Frédéric Péters
Lauréline Guérin
Nicolas Roche
Thomas NOËL
Emmanuel Cazenave
Benjamin Dauvergne