Age | Commit message (Collapse) | Author |
|
|
|
|
|
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
|
|
|
|
SRP happens in two steps:
* handshake
* validation
During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client.
So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one.
|
|
|
|
|
|
|
|
|
|
incorrect username or password on login attempt.
|
|
|
|
There was a weird case with reloading the user in the test if the public key had been unset.
|
|
|
|
|
|
|
|
|
|
|
|
Just a very simple start for now.
Do we want to use the api for the secure remote password auth from js?
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|