1. 24 Mar, 2014 5 commits
  2. 23 Mar, 2014 8 commits
  3. 21 Mar, 2014 3 commits
    • Stephane Glondu's avatar
      Big overhaul of election management · 66e7b8ca
      Stephane Glondu authored
       - WEB_ELECTION gets a new submodule of type ELECTION_SERVICES
       - per-election services do no longer take UUID as a param, but are
         registered at a path containing it
       - no more ESIndex, election home service is back
       - inline some submodules of SITE_SERVICES, drop ALL_SERVICES
       - rename old SITE_SERVICES into CORE_SERVICES
       - move election-specific templates to a new ELECTION_TEMPLATES; the
         templates in the new signature do not longer take an "election"
         argument but TEMPLATES.Election is a functor that takes a
       - adapt the booth to the new path layout
      Additional changes:
       - inline {SITE,AUTH}_TEMPLATES into TEMPLATES
       - all templates take a final () argument to emphasize their impurity
    • Stephane Glondu's avatar
      Refactor Templates · dab2e349
      Stephane Glondu authored
    • Stephane Glondu's avatar
      Remove user_admin field · 81f62d9a
      Stephane Glondu authored
      Each election may have an owner who can perform administrative tasks.
  4. 20 Mar, 2014 2 commits
  5. 18 Mar, 2014 2 commits
  6. 11 Mar, 2014 2 commits
  7. 10 Mar, 2014 3 commits
  8. 07 Mar, 2014 2 commits
    • Stephane Glondu's avatar
      Handle configuration locally in each auth system · 05bc228a
      Stephane Glondu authored
       - move rewrite_prefix to Web_common
       - each auth system now has an $init function that registers its
         configuration spec and an $exec function to Auth_common
       - an auth system may support multiple instances via configuration;
         user_type is specific to each instance
       - when parsing is done, each $exec is called with an $instantiate
         callback; $exec is supposed to call $instantiate for each instance
       - default fallback when there are several instances
       - generic login should do security_log
       - auth system instances should not set user_type themselves
       - it should not be possible to login twice
       - admin login
       - update doc
    • Stephane Glondu's avatar
      Change of topology in Auth_common · d4b71428
      Stephane Glondu authored
      We want to be able to share private variables between service
      definition time and registration time, so we put both as submodules of
      the Make functor.
  9. 06 Mar, 2014 4 commits
  10. 05 Mar, 2014 3 commits
    • Stephane Glondu's avatar
      CAS: remove /cas/ from external service paths · c94fbdee
      Stephane Glondu authored
      This prefix is not in the CAS spec and seems specific to some
      instances. People can add "/cas" to the server path in their config if
    • Stephane Glondu's avatar
      Generic authentication · b0e97728
      Stephane Glondu authored
      This revision should be bisimilar to the previous one.
       - each auth system registers $name and $service
       - $service stores a logout handler in Auth_common.user
       - the generic login service redirects to $service if its parameter
         matches $name
       - the generic logout service clears out Auth_common.user and invokes
         the stored logout handler
       - the default auth system is the one registered last
       - Templates directly query Auth_common for available auth systems
       - enforce user_type = $name (currently not the case for CAS)
       - export Auth_common.register_auth_system
       - move existing auth systems out of Auth_common
       - integrate with config parsing
       - rework CAS
       - generic login should do security_log
       - do admin login
    • Stephane Glondu's avatar
      Add login dispatch service · ac1999b9
      Stephane Glondu authored
      Currently, it takes the auth_system name as an optional parameter, and
      redirects to the existing services. This revision should have the same
      behaviour as the previous one, except for login links and the
      associated additional redirections.
       - Auth_common.Make is now split in two functors: one for declaring
         services (Make) and one for registering them (Register)
       - auth_systems moved to its own signature
       - login and logout are in their own signature
       - new signature ALL_SERVICES
  11. 04 Mar, 2014 1 commit
    • Stephane Glondu's avatar
      Move authentication-related stuff to its own module · 07dbc36d
      Stephane Glondu authored
      This is preliminary work to make the authentication system more
      flexible. This big refactoring should be semantically equivalent to
      the previous commit.
       - create Auth_common and Web_signatures
       - split Web_election out of Web_common (to cut dep cycle)
       - move service definitions out of Services
       - functorize Templates