1. 05 Mar, 2014 2 commits
    • Stephane Glondu's avatar
      Generic authentication · b0e97728
      Stephane Glondu authored
      This revision should be bisimilar to the previous one.
       - each auth system registers $name and $service
       - $service stores a logout handler in Auth_common.user
       - the generic login service redirects to $service if its parameter
         matches $name
       - the generic logout service clears out Auth_common.user and invokes
         the stored logout handler
       - the default auth system is the one registered last
       - Templates directly query Auth_common for available auth systems
       - enforce user_type = $name (currently not the case for CAS)
       - export Auth_common.register_auth_system
       - move existing auth systems out of Auth_common
       - integrate with config parsing
       - rework CAS
       - generic login should do security_log
       - do admin login
    • Stephane Glondu's avatar
      Add login dispatch service · ac1999b9
      Stephane Glondu authored
      Currently, it takes the auth_system name as an optional parameter, and
      redirects to the existing services. This revision should have the same
      behaviour as the previous one, except for login links and the
      associated additional redirections.
       - Auth_common.Make is now split in two functors: one for declaring
         services (Make) and one for registering them (Register)
       - auth_systems moved to its own signature
       - login and logout are in their own signature
       - new signature ALL_SERVICES
  2. 04 Mar, 2014 1 commit
    • Stephane Glondu's avatar
      Move authentication-related stuff to its own module · 07dbc36d
      Stephane Glondu authored
      This is preliminary work to make the authentication system more
      flexible. This big refactoring should be semantically equivalent to
      the previous commit.
       - create Auth_common and Web_signatures
       - split Web_election out of Web_common (to cut dep cycle)
       - move service definitions out of Services
       - functorize Templates
  3. 26 Feb, 2014 3 commits
    • Stephane Glondu's avatar
      Rename BALLOT_BOX into MONADIC_MAP_RO · d8467999
      Stephane Glondu authored
      It is used for ballots as well as records...
    • Stephane Glondu's avatar
      BALLOT_BOX: remove records, add receipts · 02259d1f
      Stephane Glondu authored
      A record (i.e. who voted, when and with which credential in the
      context of the web server) is a notion that does not exist in the
      cryptographic protocol and does not really make sense in the context
      of the command-line tool.
      By the way, we add the notion of receipt which, in the context of the
      web server, is the ballot hash computed by the server.
      Bonus: when a ballot is accepted, we compute its hash only once.
    • Stephane Glondu's avatar
      Remove dead code · 3ac7a8c9
      Stephane Glondu authored
  4. 12 Feb, 2014 8 commits
  5. 06 Feb, 2014 2 commits
  6. 05 Feb, 2014 6 commits
  7. 30 Jan, 2014 3 commits
  8. 16 Jan, 2014 2 commits
  9. 10 Jan, 2014 3 commits
  10. 09 Jan, 2014 7 commits
  11. 08 Jan, 2014 3 commits