This implements a comment from Luzifer/cloudkeys-go#17 in order not to
have to change the `config.go` when deploying
Signed-off-by: Knut Ahlers <knut@ahlers.me>
commit f0db1ff1f8
Author: Knut Ahlers <knut@ahlers.me>
Date: Sun Dec 24 12:19:56 2017 +0100
Mark option as deprecated
Signed-off-by: Knut Ahlers <knut@ahlers.me>
commit 9891df2a16
Author: Knut Ahlers <knut@ahlers.me>
Date: Sun Dec 24 12:11:56 2017 +0100
Fix: Typo
Signed-off-by: Knut Ahlers <knut@ahlers.me>
commit 836006de64
Author: Knut Ahlers <knut@ahlers.me>
Date: Sun Dec 24 12:04:20 2017 +0100
Add new dependencies
Signed-off-by: Knut Ahlers <knut@ahlers.me>
commit d64fee60c8
Author: Knut Ahlers <knut@ahlers.me>
Date: Sun Dec 24 11:55:52 2017 +0100
Replace insecure password hashing
Prior this commit passwords were hashed with a static salt and using the
SHA1 hashing function. This could lead to passwords being attackable in
case someone gets access to the raw data stored inside the database.
This commit introduces password hashing using bcrypt hashing function
which addresses this issue.
Old passwords are not automatically re-hashed as they are unknown.
Replacing the old password scheme is not that easy and needs #10 to be
solved. Therefore the old hashing scheme is kept for compatibility
reason.
Signed-off-by: Knut Ahlers <knut@ahlers.me>
Signed-off-by: Knut Ahlers <knut@ahlers.me>
closes#14closes#15
The menu link is in a new “Settings” dropdown. That is a good place to
add a link to update the account password in the future. The “Settings”
menu is placed next to the “Switch Account” dropdown.
Issue: https://github.com/Luzifer/cloudkeys-go/issues/10
showEditEncPWForm() is adapted from showForm(num) to edit and create
passwords. It binds a click event handler to the primary button, that
checks if the current password is correct and if the new password is
entered twice.
If all validations succeed, the entered password is used as the
encryption password and the users data is updated with this new
password.
Issue: https://github.com/Luzifer/cloudkeys-go/issues/10
The form uses layout of the form for editing passwords not the search
box. It’s required that the user enters it’s current encryption password
and the new password twice.
Issue: https://github.com/Luzifer/cloudkeys-go/issues/10
crypto-js.googlecode.com was shut down so load those libraries from cdnjs instead. To have only a single source mapped all the other libraries also to cdnjs.