1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 07:42:40 +01:00
phorge-phorge/src/applications/auth
epriestley 29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
..
action Rate limit multi-factor actions 2014-04-30 14:30:31 -07:00
application Allow applications to have multiple "help" menu items 2015-04-01 11:51:48 -07:00
capability Auth - add "manage providers" capability 2015-01-12 14:37:58 -08:00
conduit phtize all the things 2015-05-22 21:16:39 +10:00
constants Support invites in the registration and login flow 2015-02-11 06:06:28 -08:00
controller Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
data Extend from Phobject 2015-06-15 18:02:27 +10:00
editor Auth - allow for "auto login" providers 2015-02-06 10:50:36 -08:00
engine Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
exception Add email invites to Phabricator (logic only) 2015-02-09 16:12:36 -08:00
factor Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
garbagecollector Add "temporary tokens" to auth, for SMS codes, TOTP codes, reset codes, etc 2014-05-20 11:43:45 -07:00
management phtize all the things 2015-05-22 21:16:39 +10:00
phid Add administrative invite interfaces 2015-02-11 06:05:53 -08:00
provider Use phutil_hashes_are_identical() when comparing hashes in Phabricator 2015-09-01 15:52:44 -07:00
query [Redesign] PhabricatorApplicationSearchResultView 2015-06-19 11:46:20 +01:00
sshkey phtize all the things 2015-05-22 21:16:39 +10:00
storage Fixes spelling error in settings log on auth provider pages 2015-03-26 03:49:58 -07:00
view Make CSS agnostic to underlying profile image size 2015-05-13 11:38:46 -07:00
worker Send emails for email invites 2015-02-11 06:06:09 -08:00