| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The new names are a bit more descriptive in what each do, and I intend
to add an "admin" template in the future.
This has no user-facing effects.
|
|
|
|
|
|
| |
handleIndex and handleConn used to access the courses map without
RLock'ing coursesLock, which may cause issues if courses is being
written to, by a function such as setupCourses.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
One user shall only have one session at a time. This reduces the
possibility of strange race conditions and simplifies the code a lot.
References: https://todo.sr.ht/~runxiyu/cca/4
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I am using a hybrid flow with "id_token" for OpenID Connect and "code" for an
Authorization Code. I would use "token" too but that doesn't seem to be
supported for standard web-apps and could result in strange session-hijacking
issues.
We still need PKCE sometime in the future; however it's not a priority: the
worst attack someone could pull off is to use a different user's Authorization
Code and steal a Department, which probably isn't too big of a deal as the
Authorization Code should be secret anyways.
|
|
These are imported from FBFP and slightly modified to be specific to YKPS
(while not being hard to port to other environments that use APIs that use
OAUTH 2.0). Some code is also simplified.
Database code still needs an audit, and things are not tested yet.
|