coquelicot contributions
by Konrad Mohrfeldt
hi,
i’m konrad and i just reworked a lot of haml/sass/js code from the
coquelicot codebase :).
we currently use coquelicot from the debian repositories on
teilen.systemausfall.org and i wanted to support mobile devices for our
users.
you can find the code here:
https://git.hack-hro.de/kmohrf/coquelicot/tree/redesign
i would like to see these changes in the upstream repository and also
have plans to work on the js codebase some more. but before i do that i
would like to hear if anyone of the current maintainers and/or
contributors has some comments on my progress and the changes i’ve made.
if you’re fine with what you’re seeing now i would start to implement a
modern js-build-stack. this would include:
* javascript build dependencies managed by npm
* a es6/es-2015 codebase based on modules
* a minified javascript distribution build via webpack
what i’ve liked about the current codebase is that i could just start
changing things after i installed the ruby deps. i’m not sure i can
achieve the same thing with the javascript-build like you did with the
sass integration (auto-rebuilds on change). but what is surely missing
from the current javascript codebase are modularity and tests and this
would be a start.
comments appreciated :)
bye konrad
7 years, 11 months
Browser prompt to save simplepass password
by Wolfgang Wiedmeyer
Hi,
many thanks for your work on this great project and for maintaining it
in Debian!
The simplepass authentication method is all I need to restrict access to
the upload interface. The only issue is that browsers like Firefox or
Chromium don't offer to save the upload password. So users have to find
other ways to save the password.
I did a little bit of digging and it seems that Firefox and Chromium
only offer to save the password if a username input element is supplied
in the same form alongside the password input element. As a workaround,
I added a dummy username input field that is used for nothing and it
worked. I attached the diff.
Unfortunately, I didn't check the mailing list. Otherwise, I would have
seen the patch from Rowan Thorpe that adds a userpass authentication. I
didn't test the patch but it looks like adding only one account with the
userpass auth method would solve the issue, too.
Best regards,
Wolfgang
---
public/javascripts/coquelicot.auth.simplepass.js | 11 +++++++++++
views/auth/simplepass.haml | 3 +++
2 files changed, 14 insertions(+)
diff --git a/public/javascripts/coquelicot.auth.simplepass.js b/public/javascripts/coquelicot.auth.simplepass.js
index 3fd3626..db4c5f7 100644
--- a/public/javascripts/coquelicot.auth.simplepass.js
+++ b/public/javascripts/coquelicot.auth.simplepass.js
@@ -30,3 +30,14 @@ var authentication = {
$('#upload_password').val('');
},
};
+
+$(document).ready(function() {
+ $('#simplepass-auth-submit').remove();
+ var submit = $('<input type="submit" />');
+ submit.attr('value', 'Login');
+ submit.attr('id', 'simplepass-auth-submit');
+ $('#upload-authentication').append(
+ $('<div class="field" />').append(
+ $('<div class="submit" />').append(
+ submit)));
+});
diff --git a/views/auth/simplepass.haml b/views/auth/simplepass.haml
index 04809e2..8374a83 100644
--- a/views/auth/simplepass.haml
+++ b/views/auth/simplepass.haml
@@ -16,5 +16,8 @@
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
.field
+ %label Upload User:
+ %input.input{ :type => 'text', :name => 'upload_user' }
+.field
%label{ :for => 'upload_password' } Upload password:
%input.input{ :type => 'password', :id => 'upload_password', :name => 'upload_password' }
--
Website: https://fossencdi.org
OpenPGP: 0F30 D1A0 2F73 F70A 6FEE 048E 5816 A24C 1075 7FC4
Key download: https://wiedmeyer.de/keys/ww.asc
8 years
[PATCH] Fix bcrypt invocation in comments, name-typo in NEWS
by Rowan Thorpe
Two tiny patches are attached:
1) The bcrypt invocation for password-generation in the comments uses
"echo" which appends a newline to the password before hashing,
creating a different hash than intended. This patch fixes that.
2) I also fixed a typo with my name while I was at it ;-)
--
Rowan Thorpe
PGP fingerprint:
BB0A 0787 C0EE BDD8 7F97 3D30 49F2 13A5 265D CCBD
----
"A riot is the language of the unheard." - Dr. Martin Luther King
8 years
[ANNOUNCE] Coquelicot 0.9.6
by Lunar
Hi!
Coquelicot 0.9.6 is out!
What's new?
-----------
This new release includes the new `userpass` authentication method
submitted by Rowan Thorpe. It stores multiple login/password credentials
in a configuration file. Password are stored encrypted using bcrypt.
Other changes:
* Properly translate storage durations in upload form.
Fix by Rowan Thrope.
* Update and clean up dependencies.
* Minor improvements:
- Use proper unit when reporting byte count during upload.
- Fix views that made the latest Haml parser unhappy.
* Translation improvements:
- Refresh translation template and catalogs
- Add bug report address to translation template
- Fix a syntax error in Spanish PO file.
- Add comments for translators regarding unit of storage
abbreviations.
- Add Greek translations. Thanks to Rowan Thrope.
* Update authors in README.
* Mention users and developers mailing list in documentation.
Upgrade procedure
-----------------
If you have installed Coquelicot from a source tarball, unpacking
the new tarball on top of the previous one should do the trick.
If you have installed Coquelicot using a clone of the Git repository,
the update should be as simple as:
git fetch origin
git tag -v coquelicot-0.9.6
git merge --ff-only coquelicot-0.9.6
Download
--------
The source tarball can be downloaded at:
<https://coquelicot.potager.org/dist/coquelicot-0.9.6.tar.gz>
OpenPGP signature:
<https://coquelicot.potager.org/dist/coquelicot-0.9.6.tar.gz.asc>
SHA1 checksum: 74fef54053c30b1872f2fca472b3f85db7781a8a
SHA256 checksum: 665e5fa2315e4647647af0689d2a26d7813dbf399dc4df737c18dd3bd98bf3d7
--
Lunar
8 years
Re: [Coquelicot] Patchset: add multiuser/pass auth module, add missing i18n tags, add Greek .po
by Lunar
Hi Rowan,
Months have passed since your patch. Seems life keep getting in the way.
Please accept my apologies, and thanks again for your contributions.
Anyway, I like your new authentication method but I felt a bit uneasy
when I read:
> +++ b/conf/settings-userpass.yml
> + abdul: "0873d391e987982fbbd3a94a8fe5ccb19ba61c4c"
> +
> + # SHA1 of the pre-shared password
I think the SHA1 pre-shared password was good enough for “simplepass”
because an attacker would not learn much. But once access starts to be
tied to specific users, I'd rather have something that would resist a
bit more if credentials were stolen.
Would you be ok if I'd rework the patch to use String#crypt?
The code could eventually fall back on the unix-crypt gem to support
more platforms if required.
--
Lunar
8 years
