projects / pgweb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7a42e2a) | patch
Implement authenticated encryption in community auth
authorMagnus Hagander <magnus@hagander.net>
Tue, 1 Apr 2025 11:41:08 +0000 (13:41 +0200)
committerMagnus Hagander <magnus@hagander.net>
Wed, 11 Jun 2025 18:26:21 +0000 (20:26 +0200)
commitde76f82f62c0818f041c28a7a5f4ccdcb2e3a1ab
tree1ad83270e4be3e1285833f9d4d494ffcc089211atree
parent7a42e2a5f595466d0632cd2f8cd1893b88866619commit | diff
Implement authenticated encryption in community auth

This creates a community auth version 3 (previous one being 2, and 1 is
long gone) trhat uses AES_SIV as the encryption method instead of
regular AES_CBC, and validates the digests on all accounts.

As this gets deployed on servers incrementall, the version has to be
specified in the database record for the site. We could have the site
indicate this itself, but doing it this way seems safer as it will then
just break for any app that accidentally reverts the plugin.

Reviewed by Jacob Champion
docs/authentication.rst diff | blob | blame | history
pgweb/account/admin.py diff | blob | blame | history
pgweb/account/migrations/0010_communityauthsite_version.py [new file with mode: 0644] blob
pgweb/account/models.py diff | blob | blame | history
pgweb/account/views.py diff | blob | blame | history
tools/communityauth/generate_cryptkey.py diff | blob | blame | history
tools/communityauth/sample/django/auth.py diff | blob | blame | history
tools/communityauth/test_auth.py diff | blob | blame | history
This is the code for the postgresql.org website