projects / pgweb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd539a3) | patch
Update community authentication to pass an arbitrary datablock instead of url
authorMagnus Hagander <magnus@hagander.net>
Thu, 20 Jun 2013 13:16:47 +0000 (15:16 +0200)
committerMagnus Hagander <magnus@hagander.net>
Thu, 20 Jun 2013 13:16:47 +0000 (15:16 +0200)
commit78de94d17cc4820a41f0e579c05a93526bbbba4d
treed2409b650aa329f1ba3bfe270d4c5c8302daca68tree
parentbd539a392e201faab9ed17a679b39fa459a7ae83commit | diff
Update community authentication to pass an arbitrary datablock instead of url

This makes it possible to pass URLs that will fail when they end up being double
escaped in some cases, since they contain non-url-safe characters. Instead, they'd
be base64-encoded, and thus safe.

Also update the django community auth provider to do just this, including encrypting
the data with the site secret key to make sure it can't be changed/injected by
tricking the user to go directly to the wrong URL.
docs/authentication.rst diff | blob | blame | history
pgweb/account/views.py diff | blob | blame | history
tools/communityauth/sample/django/auth.py diff | blob | blame | history
This is the code for the postgresql.org website