summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* update dependenciespennae2022-08-101-142/+209
|
* don't allow users to edit devices of other userspennae2022-08-104-0/+77
| | | | | | while device ids should be impossible to guess (being as long as oauth tokens), we should still guard against malicious activity if they should ever leak.
* properly ignore fenix webchannel errors & add notepennae2022-08-081-1/+7
| | | | | | | at least up to 103 there are two webchannel implementations in mobile firefox, one of which should not be there and only responds with error. https://bugzilla.mozilla.org/show_bug.cgi?id=1616635
* fenix login is actually a lot simplerpennae2022-08-073-94/+21
| | | | but it *must* be done over https with trusted certificates
* add some extra warning to readmepennae2022-07-261-5/+13
|
* improve the readme slightly, add licensepennae2022-07-252-2/+38
|
* add support for smtp authenticationpennae2022-07-253-11/+38
|
* add cargo-audit to the flakepennae2022-07-251-0/+1
|
* remove dependency on chronopennae2022-07-2511-62/+46
| | | | | | prompted by a cargo audit run. time works just as well and is better maintained. web-push still uses chrono, but from the looks of things it won't be affected.
* make the main settings ui a bit nicerpennae2022-07-232-15/+45
|
* auto-focus input fieldspennae2022-07-231-0/+21
|
* rewrite the ui using web componentspennae2022-07-232-680/+782
| | | | | this doesn't do much for functionality, but it makes extending things easier. hopefully.
* don't use lettre connection poolspennae2022-07-191-1/+5
| | | | | we'll send mail so rarely, keeping a connection open at all times just spams syslog
* add mail_starttls parameter, default offpennae2022-07-193-1/+15
| | | | | local mail connections are much preferred for this service, and those needn't be encrypted.
* add modulepennae2022-07-192-1/+151
|
* speed up test suitepennae2022-07-1811-1110/+1140
| | | | | mostly by grouping tests that can reuse the same account (which is expensive to create) into classes and scoping accounts to classes.
* cancel periodic task runners on shutdownpennae2022-07-181-19/+40
| | | | | not necessary for the standalone server, but if we want to launch many server for testing it'll be relevant.
* make the Clone bytes types Copy as wellpennae2022-07-178-28/+18
| | | | u8 arrays are copy, no need to not have our wrappers be copy.
* remove Seal from cryptopennae2022-07-171-10/+1
| | | | the trait doesn't leave the module, so sealing doesn't do anything useful.
* remove SecretBytespennae2022-07-174-85/+30
| | | | | there's no benefit to keeping it around, the zeroing behavior it had was never any good and without it it's just a fancy [u8; N]
* use SecretKey for key material in cryptopennae2022-07-174-53/+58
|
* use HawkKey everywhere hawk keys are handledpennae2022-07-176-85/+44
| | | | the db already does this, crypto did not.
* add dedicated types for all the tokenspennae2022-07-176-84/+175
| | | | using SecretBytes for all of them isn't that great.
* make crypto fields private if they're not used outside cryptopennae2022-07-171-7/+7
|
* don't use SecretBytes in HawkKey/SecretKeypennae2022-07-175-33/+37
|
* remove zeroize dependencypennae2022-07-173-10/+1
| | | | | | | | this is not so much a problem as a possible source of false security for the readers. all secret keys we handle are serialized in some form, and those serialization buffers are *not* zeroed out after use. zeroing our raw buffers doesn't help much in that case, using a zero-on-free allocator would be much more helpful.
* remove remnants of trying to quickcheck thingspennae2022-07-171-4/+0
| | | | it never worked out, but a bit of support stuff remained.
* apply rustfmtpennae2022-07-174-4/+8
|
* fix clippy warningspennae2022-07-174-4/+6
|
* add test vector for password changes and account resetpennae2022-07-161-1/+48
| | | | | | | these are not "official" test vectors, just an example of what the implementation does currently. since it works with other parts of the ecosystem (most importantly firefox itself) they seem good enough to include.
* allow integration tests to run in parallelpennae2022-07-148-56/+77
| | | | | this doesn't do much for performance, but it does allow running the tests with a simple `cargo t`.
* simplify spawn_loggedpennae2022-07-141-23/+7
|
* xfail a test the last commit brokepennae2022-07-141-0/+1
|
* keep oauth tokens around a bit after expirypennae2022-07-134-16/+27
| | | | | | | firefox wants to delete profile access tokens after they're expired and logs errors if it can't do that. since this happens every hour we can end up with a bunch of error logs very quickly, so we better let it do what it wants.
* add downgrade migration for first schema versionpennae2022-07-131-1/+44
|
* fix avatar change showing an error and not reloading the pagepennae2022-07-131-0/+1
|
* initial importpennae2022-07-1362-0/+16966