| Age | Commit message (Collapse) | Author |
|---|
|
this is to ease the packaging flow used in some environments like
Pixelated, that use a debian branch against different branches.
- Resolves: #8762
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- add a new ServerInfo resource for /
- move entrypoint to its own module
|
|
|
|
|
|
|
|
|
|
|
|
Conflicts:
server/src/leap/soledad/server/_resource.py
testing/tests/server/test__resource.py
|
|
Conflicts:
server/src/leap/soledad/server/_wsgi.py
server/src/leap/soledad/server/entrypoint.py
server/src/leap/soledad/server/resource.py
testing/tests/server/test__resource.py
|
|
|
|
|
|
|
|
The need for token caching in server is a matter of debate, as is the
ideal way to do it. Twisted sessions store the session id in a cookie
and use that session id to persist. It is not clear if that
implementation is needed, works with future features (as multiple
soledad servers) or represents a security problem in some way. Because
of these, this commit removes it for now. The feature is left in git
history so we can bring it back later if needed.
|
|
|
|
|
|
|
|
Because the wsgi resource has its own threadpool, tests might get
confused when shutting down and the reactor may get clogged waiting for
the threadpool to be stopped. By refactoring the URLMapper to its own
module, server tests can avoid loading the resource module, where the
wsgi threadpool resides, so the threapool will not be started.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- store ENC_METHOD value instead of string in secrets file
- allow for migration of not-activated secrets
- allow migration of 'aes256' and ENC_METHOD secrets cipher
|
|
Related with https://leap.se/code/issues/8742
|
|
|
|
|
|
|
|
Tag version 0.9.2
# gpg: Signature made Thu 22 Dec 2016 05:33:30 PM BRST
# gpg: using RSA key 0x6071E70DCACC60B2
# gpg: Good signature from "drebs (work key) <db@leap.se>" [ultimate]
# gpg: aka "drebs (work key) <drebs@leap.se>" [ultimate]
# Impressão da chave primária: 9F73 295B 6306 E06F 3151 99AE 6071 E70D CACC 60B2
|
|
|
|
|
|
|
|
|
|
|
|
Current implementation can allow tampering and the CTR->GCM exchange can
help to avoid it.
This commits also alters a behaviour where we moved ahead after failing
to decrypt a recovery document. IMHO we can't move ahead as this is a
fatal error.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Integrated the secrets's JSON key that specifies ciphers into _crypto
and added optional GCM. Also added a test to check if both cipher types
can be imported.
Resolves: #8680
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Resolves: #8668 - client: substitute usage of CTR mode + HMAC by GCM
cipher mode
Signed-off-by: Victor Shyba <victor1984@riseup.net>
|
|
Our magic value wasn't being used and were represented as a string.
Refactored it to a constant, increased it's size to 2 bytes and optimzed
is_symmetrically_encrypted to look for the magic and symmetrically
encrypted flag under base64 encoding. Most file types will use this
feature to help identifying themselves, so it got refactored to serve
the purpose it was created.
|
|
Something happened during rebase. This configuration is supposed to be
True by default now.
|
|
Naming, interfaces and other details.
|
|
We aren't testing huge payloads on CI, so it doesn't make sense to
insert docs one by one. 'gatherResults' can speed up bench setup.
|
|
AESWriter and HMACWriter are just applying hmac or aes into a flow of
data. Abstracted the application of those operations into a super class
and highlighted just the difference on each implementation.
|
