1. 23 Mar, 2014 7 commits
  2. 21 Mar, 2014 3 commits
    • Stephane Glondu's avatar
      Big overhaul of election management · 66e7b8ca
      Stephane Glondu authored
      Summary:
       - WEB_ELECTION gets a new submodule of type ELECTION_SERVICES
       - per-election services do no longer take UUID as a param, but are
         registered at a path containing it
       - no more ESIndex, election home service is back
       - inline some submodules of SITE_SERVICES, drop ALL_SERVICES
       - rename old SITE_SERVICES into CORE_SERVICES
       - move election-specific templates to a new ELECTION_TEMPLATES; the
         templates in the new signature do not longer take an "election"
         argument but TEMPLATES.Election is a functor that takes a
         WEB_ELECTION and returns an ELECTION_TEMPLATES
       - adapt the booth to the new path layout
      
      Additional changes:
       - merge VOTING_SERVICES into ELECTION_SERVICES
       - inline {SITE,AUTH}_TEMPLATES into TEMPLATES
       - all templates take a final () argument to emphasize their impurity
      66e7b8ca
    • Stephane Glondu's avatar
      Refactor Templates · dab2e349
      Stephane Glondu authored
      dab2e349
    • Stephane Glondu's avatar
      Remove user_admin field · 81f62d9a
      Stephane Glondu authored
      Each election may have an owner who can perform administrative tasks.
      81f62d9a
  3. 20 Mar, 2014 2 commits
  4. 18 Mar, 2014 2 commits
  5. 11 Mar, 2014 2 commits
  6. 10 Mar, 2014 3 commits
  7. 07 Mar, 2014 2 commits
    • Stephane Glondu's avatar
      Handle configuration locally in each auth system · 05bc228a
      Stephane Glondu authored
      Summary:
       - move rewrite_prefix to Web_common
       - each auth system now has an $init function that registers its
         configuration spec and an $exec function to Auth_common
       - an auth system may support multiple instances via configuration;
         user_type is specific to each instance
       - when parsing is done, each $exec is called with an $instantiate
         callback; $exec is supposed to call $instantiate for each instance
      
      TODO:
       - default fallback when there are several instances
       - generic login should do security_log
       - auth system instances should not set user_type themselves
       - it should not be possible to login twice
       - admin login
       - update doc
      05bc228a
    • Stephane Glondu's avatar
      Change of topology in Auth_common · d4b71428
      Stephane Glondu authored
      We want to be able to share private variables between service
      definition time and registration time, so we put both as submodules of
      the Make functor.
      d4b71428
  8. 06 Mar, 2014 4 commits
  9. 05 Mar, 2014 3 commits
    • Stephane Glondu's avatar
      CAS: remove /cas/ from external service paths · c94fbdee
      Stephane Glondu authored
      This prefix is not in the CAS spec and seems specific to some
      instances. People can add "/cas" to the server path in their config if
      needed.
      c94fbdee
    • Stephane Glondu's avatar
      Generic authentication · b0e97728
      Stephane Glondu authored
      This revision should be bisimilar to the previous one.
      
      Summary:
       - each auth system registers $name and $service
       - $service stores a logout handler in Auth_common.user
       - the generic login service redirects to $service if its parameter
         matches $name
       - the generic logout service clears out Auth_common.user and invokes
         the stored logout handler
       - the default auth system is the one registered last
       - Templates directly query Auth_common for available auth systems
      
      TODO:
       - enforce user_type = $name (currently not the case for CAS)
       - export Auth_common.register_auth_system
       - move existing auth systems out of Auth_common
       - integrate with config parsing
       - rework CAS
       - generic login should do security_log
       - do admin login
      b0e97728
    • Stephane Glondu's avatar
      Add login dispatch service · ac1999b9
      Stephane Glondu authored
      Currently, it takes the auth_system name as an optional parameter, and
      redirects to the existing services. This revision should have the same
      behaviour as the previous one, except for login links and the
      associated additional redirections.
      
      Summary:
       - Auth_common.Make is now split in two functors: one for declaring
         services (Make) and one for registering them (Register)
       - auth_systems moved to its own signature
       - login and logout are in their own signature
       - new signature ALL_SERVICES
      ac1999b9
  10. 04 Mar, 2014 1 commit
    • Stephane Glondu's avatar
      Move authentication-related stuff to its own module · 07dbc36d
      Stephane Glondu authored
      This is preliminary work to make the authentication system more
      flexible. This big refactoring should be semantically equivalent to
      the previous commit.
      
      Summary:
       - create Auth_common and Web_signatures
       - split Web_election out of Web_common (to cut dep cycle)
       - move service definitions out of Services
       - functorize Templates
      07dbc36d