| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Organizational pass on endpoints and routes. | Owen Jacobson | 2024-10-16 |
| | | |||
| * | Provide a view of logins to clients. | Owen Jacobson | 2024-10-09 |
| | | |||
| * | Split login and token handling. | Owen Jacobson | 2024-10-02 |
| | | |||
| * | Reimplement the logout machinery in terms of token IDs, not token secrets. | Owen Jacobson | 2024-09-29 |
| | | | | | | | This (a) reduces the amount of passing secrets around that's needed, and (b) allows tests to log out in a more straightforwards manner. Ish. The fixtures are a mess, but so is the nomenclature. Fix the latter and the former will probably follow. | ||
| * | Wrap credential and credential-holding types to prevent `Debug` leaks. | Owen Jacobson | 2024-09-28 |
| | | | | | | | | | | | | | The following values are considered confidential, and should never be logged, even by accident: * `Password`, which is a durable bearer token for a specific Login; * `IdentitySecret`, which is an ephemeral but potentially long-lived bearer token for a specific Login; or * `IdentityToken`, which may hold cookies containing an `IdentitySecret`. These values are now wrapped in types whose `Debug` impls output opaque values, so that they can be included in structs that `#[derive(Debug)]` without requiring any additional care. The wrappers also avoid implementing `Display`, to prevent inadvertent `to_string()`s. We don't bother obfuscating `IdentitySecret`s in memory or in the `.hi` database. There's no point: we'd also need to store the information needed to de-obfuscate them, and they can be freely invalidated and replaced by blanking that table and asking everyone to log in again. Passwords _are_ obfuscated for storage, as they're intended to be durable. | ||
| * | Retire `fixtures::error::expected!`. | Owen Jacobson | 2024-09-25 |
| | | | | | I had no idea `std` included a `matches!` macro, and I feel we're better off using it. | ||
| * | Crank up the Clippy warnings. | Owen Jacobson | 2024-09-25 |
| | | | | | This'll catch style issues, mostly. | ||
| * | Write tests. | Owen Jacobson | 2024-09-20 |
 |
index : pilcrow | |
| Run-It-Yourself web chat, maybe |
| summaryrefslogtreecommitdiff |