![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
githubBranch: refs/heads/master
Home: https://github.com/dreamwidth/dw-free
Commit: df4f4e10ed473133c51deb6e75152627d48088c6
https://github.com/dreamwidth/dw-free/commit/df4f4e10ed473133c51deb6e75152627d48088c6
Author: Mark Smith <mark@dreamwidth.org>
Date: 2020-04-25 (Sat, 25 Apr 2020)
Changed paths:
A cgi-bin/DW/Auth/Challenge.pm
M cgi-bin/DW/Auth/Password.pm
M cgi-bin/DW/Captcha/textCAPTCHA.pm
M cgi-bin/DW/Controller/ChangeEmail.pm
M cgi-bin/DW/Controller/Journal/Protected.pm
M cgi-bin/DW/Template/Plugin/SiteScheme.pm
M cgi-bin/LJ/Auth.pm
M cgi-bin/LJ/CreatePage.pm
M cgi-bin/LJ/Protocol.pm
M cgi-bin/LJ/User/Login.pm
M cgi-bin/LJ/Web.pm
M cgi-bin/ljlib.pl
M htdocs/admin/impersonate.bml
M htdocs/login.bml
M htdocs/mobile/login.bml
A t/auth-challenge.t
M t/auth-password.t
M t/post.t
Log Message:
-----------
Move challenge to DW::Auth::Challenge
As part of cleaning up authentication flows to live in one place, I've
moved challenge generation/checking into a submodule of DW::Auth. Also
wrote some crappy unit tests.
Commit: 18d53d5fc1310ea8e6ca3cba1b36395414eb67aa
https://github.com/dreamwidth/dw-free/commit/18d53d5fc1310ea8e6ca3cba1b36395414eb67aa
Author: Mark Smith <mark@dreamwidth.org>
Date: 2020-04-25 (Sat, 25 Apr 2020)
Changed paths:
M bin/upgrading/d10-passwords.pl
M cgi-bin/DW/API/Key.pm
M cgi-bin/DW/Auth/Challenge.pm
M cgi-bin/DW/Auth/Password.pm
M cgi-bin/LJ/Auth.pm
M cgi-bin/LJ/Protocol.pm
M cgi-bin/LJ/User/Login.pm
M t/auth-password.t
Log Message:
-----------
Support API keys for protocol auth
This provides a path forward for clients like Semagic that haven't been
updated in years, but we should still support them.
Given that we're moving to using better practice password storage, we
can't continue to use passwords. Instead of building 'app password'
functionality like some services have, we're going to be using our API
keys for now.
To use Semagic after we switch to the new password system, you will need
to generate an API key and use that as your password.
Compare: https://github.com/dreamwidth/dw-free/compare/c61bd094f36f...18d53d5fc131
Home: https://github.com/dreamwidth/dw-free
Commit: df4f4e10ed473133c51deb6e75152627d48088c6
https://github.com/dreamwidth/dw-free/commit/df4f4e10ed473133c51deb6e75152627d48088c6
Author: Mark Smith <mark@dreamwidth.org>
Date: 2020-04-25 (Sat, 25 Apr 2020)
Changed paths:
A cgi-bin/DW/Auth/Challenge.pm
M cgi-bin/DW/Auth/Password.pm
M cgi-bin/DW/Captcha/textCAPTCHA.pm
M cgi-bin/DW/Controller/ChangeEmail.pm
M cgi-bin/DW/Controller/Journal/Protected.pm
M cgi-bin/DW/Template/Plugin/SiteScheme.pm
M cgi-bin/LJ/Auth.pm
M cgi-bin/LJ/CreatePage.pm
M cgi-bin/LJ/Protocol.pm
M cgi-bin/LJ/User/Login.pm
M cgi-bin/LJ/Web.pm
M cgi-bin/ljlib.pl
M htdocs/admin/impersonate.bml
M htdocs/login.bml
M htdocs/mobile/login.bml
A t/auth-challenge.t
M t/auth-password.t
M t/post.t
Log Message:
-----------
Move challenge to DW::Auth::Challenge
As part of cleaning up authentication flows to live in one place, I've
moved challenge generation/checking into a submodule of DW::Auth. Also
wrote some crappy unit tests.
Commit: 18d53d5fc1310ea8e6ca3cba1b36395414eb67aa
https://github.com/dreamwidth/dw-free/commit/18d53d5fc1310ea8e6ca3cba1b36395414eb67aa
Author: Mark Smith <mark@dreamwidth.org>
Date: 2020-04-25 (Sat, 25 Apr 2020)
Changed paths:
M bin/upgrading/d10-passwords.pl
M cgi-bin/DW/API/Key.pm
M cgi-bin/DW/Auth/Challenge.pm
M cgi-bin/DW/Auth/Password.pm
M cgi-bin/LJ/Auth.pm
M cgi-bin/LJ/Protocol.pm
M cgi-bin/LJ/User/Login.pm
M t/auth-password.t
Log Message:
-----------
Support API keys for protocol auth
This provides a path forward for clients like Semagic that haven't been
updated in years, but we should still support them.
Given that we're moving to using better practice password storage, we
can't continue to use passwords. Instead of building 'app password'
functionality like some services have, we're going to be using our API
keys for now.
To use Semagic after we switch to the new password system, you will need
to generate an API key and use that as your password.
Compare: https://github.com/dreamwidth/dw-free/compare/c61bd094f36f...18d53d5fc131