Joey Hess [Tue, 19 May 2015 21:06:25 +0000 (17:06 -0400)]
allow emailuser to be called when there is no %config set
ikiwiki-hosting needs to do this
Joey Hess [Tue, 19 May 2015 19:35:25 +0000 (15:35 -0400)]
changelog
Daniel Kahn Gillmor [Tue, 19 May 2015 18:09:38 +0000 (14:09 -0400)]
make cgiurl output deterministic
IkiWiki::cgiurl() currently produces non-deterministic output, because
the params hash can be sorted different ways.
Sorting keys to params before crafting the string should make the
output deterministic.
Amitai Schlair [Sun, 17 May 2015 22:44:30 +0000 (18:44 -0400)]
Idea: embedded podcast A/V player.
Joey Hess [Thu, 14 May 2015 15:37:47 +0000 (11:37 -0400)]
cloak user PII when making commits etc, and let cloaked PII be used in banned_users
This was needed due to emailauth, but I've also wrapped all IP address
exposure in cloak(), although the function doesn't yet cloak IP addresses.
(One IP address I didn't cloak is the one that appears on the password
reset email template. That is expected to be the user's own IP address,
so ok to show it to them.)
Thanks to smcv for the pointer to
http://xmlns.com/foaf/spec/#term_mbox_sha1sum
Joey Hess [Thu, 14 May 2015 15:02:57 +0000 (11:02 -0400)]
comments
Joey Hess [Thu, 14 May 2015 14:57:56 +0000 (10:57 -0400)]
passwordauth: Don't allow registering accounts that look like openids.
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
Joey Hess [Thu, 14 May 2015 14:46:59 +0000 (10:46 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Thu, 14 May 2015 14:44:09 +0000 (10:44 -0400)]
crufty po updates
Joey Hess [Thu, 14 May 2015 14:41:07 +0000 (10:41 -0400)]
update re passwordauth @
Joey Hess [Thu, 14 May 2015 14:40:52 +0000 (10:40 -0400)]
sanitize nickname derived from email address
https://id.koumbit.net/anarcat [Thu, 14 May 2015 12:22:29 +0000 (08:22 -0400)]
acls and expectations
kjs [Thu, 14 May 2015 12:14:37 +0000 (08:14 -0400)]
Critical of automatic merging of stylesheets
kjs [Thu, 14 May 2015 11:06:43 +0000 (07:06 -0400)]
smcv [Thu, 14 May 2015 10:05:58 +0000 (06:05 -0400)]
please do cloak email addresses, the principle of least astonishment applies
smcv [Thu, 14 May 2015 09:49:45 +0000 (05:49 -0400)]
proposal for making emailauth not force username == email address
Joey Hess [Thu, 14 May 2015 03:44:23 +0000 (23:44 -0400)]
note about email visibility in git commits
Joey Hess [Thu, 14 May 2015 03:43:16 +0000 (23:43 -0400)]
fix page extension
Joey Hess [Thu, 14 May 2015 03:42:34 +0000 (23:42 -0400)]
close
Joey Hess [Thu, 14 May 2015 03:38:56 +0000 (23:38 -0400)]
Merge branch 'emailauth'
Joey Hess [Thu, 14 May 2015 03:38:46 +0000 (23:38 -0400)]
changelog
Joey Hess [Thu, 14 May 2015 03:32:29 +0000 (23:32 -0400)]
don't let emailauth user's email address be changed on preferences page
There's no real problem if they do change it, except they may get confused
and expect to be able to log in with the changed email and get the same
user account.
Joey Hess [Thu, 14 May 2015 03:24:27 +0000 (23:24 -0400)]
when an emailauth user posts a comment, use the username only, not the full email address
This makes the email not be displayed on the wiki, so spammers won't find
it there.
Note that the full email address is still put into the comment template.
The email is also used as the username of the git commit message
(when posting comments or page edits). May want to revisit this later.
Joey Hess [Thu, 14 May 2015 03:23:53 +0000 (23:23 -0400)]
avoid showing password prefs for emailauth user
Joey Hess [Thu, 14 May 2015 03:07:29 +0000 (23:07 -0400)]
allow adminuser to be an email address
Joey Hess [Thu, 14 May 2015 03:07:07 +0000 (23:07 -0400)]
tweak wording
Joey Hess [Thu, 14 May 2015 03:06:52 +0000 (23:06 -0400)]
fix up session cookie
Joey Hess [Thu, 14 May 2015 02:27:03 +0000 (22:27 -0400)]
emailauth link sent and verified; user login works
Still some work to do since the user name is an email address and should
not be leaked.
Joey Hess [Thu, 14 May 2015 01:15:08 +0000 (21:15 -0400)]
add emailauth.tmpl
Joey Hess [Wed, 13 May 2015 22:52:47 +0000 (18:52 -0400)]
move stub auth hook to loginselector
Joey Hess [Wed, 13 May 2015 22:50:40 +0000 (18:50 -0400)]
email auth plugin now works through email address entry
Joey Hess [Wed, 13 May 2015 22:37:24 +0000 (18:37 -0400)]
Converted openid-selector into a more generic loginselector helper plugin.
Joey Hess [Wed, 13 May 2015 21:56:36 +0000 (17:56 -0400)]
rename openid selector files to login-selector
Joey Hess [Wed, 13 May 2015 21:51:29 +0000 (17:51 -0400)]
further generalization of openid selector
Now template variables can be set to control which login methods are shown
Joey Hess [Wed, 13 May 2015 20:44:43 +0000 (16:44 -0400)]
generalized the openid selector to a login selector
This includes some CSS changes to names of elements.
Also, added Email login button (doesn't work yet of course),
and brought back the small openid login buttons. Demoted yahoo and verison
to small buttons. This makes the big buttons be the main login types, and
the small buttons be provider-specific helpers.
Joey Hess [Wed, 13 May 2015 20:49:12 +0000 (16:49 -0400)]
comments
https://id.koumbit.net/anarcat [Wed, 13 May 2015 19:49:18 +0000 (15:49 -0400)]
link to indieauth and mention existing problems with this approach
Joey Hess [Wed, 13 May 2015 18:31:08 +0000 (14:31 -0400)]
thoughts
Joey Hess [Wed, 13 May 2015 18:23:10 +0000 (14:23 -0400)]
tyo
Joey Hess [Wed, 13 May 2015 18:22:08 +0000 (14:22 -0400)]
update
Joey Hess [Wed, 13 May 2015 18:19:38 +0000 (14:19 -0400)]
update
Joey Hess [Wed, 13 May 2015 18:16:16 +0000 (14:16 -0400)]
proposal
Joey Hess [Wed, 13 May 2015 17:41:16 +0000 (13:41 -0400)]
close
Joey Hess [Wed, 13 May 2015 16:38:48 +0000 (12:38 -0400)]
remove the small buttons for livejournal/flickr/wordpress/aol
None of these are commonly used openid providers, and the openid button
can be used to log in with any such openid provider.
Joey Hess [Wed, 13 May 2015 16:36:38 +0000 (12:36 -0400)]
promote the other/password item to a large button
Joey Hess [Wed, 13 May 2015 16:18:22 +0000 (12:18 -0400)]
When openid and passwordauth are the only enabled auth plugins, make the openid selector display "Password" instead of "Other", so users are more likely to click on it when they don't have an openid.
kjs [Mon, 11 May 2015 11:55:41 +0000 (07:55 -0400)]
branch link fix
kjs [Mon, 11 May 2015 11:51:54 +0000 (07:51 -0400)]
local.css also blocking
http://hendry.iki.fi/ [Mon, 11 May 2015 05:18:34 +0000 (01:18 -0400)]
can't work this out
dmarti [Sun, 10 May 2015 18:35:28 +0000 (14:35 -0400)]
Add "Aloodo Blog"
http://hendry.iki.fi/ [Sun, 10 May 2015 02:22:28 +0000 (22:22 -0400)]
Added a comment: You are right
smcv [Sat, 9 May 2015 07:06:01 +0000 (03:06 -0400)]
Added a comment
santiago [Fri, 8 May 2015 07:15:31 +0000 (03:15 -0400)]
Fix Archlinux link
http://hendry.iki.fi/ [Fri, 8 May 2015 06:39:20 +0000 (02:39 -0400)]
Added a comment: Going mobile
Amitai Schlair [Wed, 6 May 2015 02:48:06 +0000 (22:48 -0400)]
Using ikiwiki for a new podcast.
https://id.koumbit.net/anarcat [Sat, 2 May 2015 23:32:34 +0000 (19:32 -0400)]
underlay plugin needs to be enabled of course
Joey Hess [Tue, 28 Apr 2015 16:28:47 +0000 (12:28 -0400)]
remove icon for google
Joey Hess [Tue, 28 Apr 2015 16:24:32 +0000 (12:24 -0400)]
Re-remove google from openid selector; their openid provider is gone for good.
Yes to leaflet.js
Amitai Schlair [Sun, 19 Apr 2015 01:17:29 +0000 (21:17 -0400)]
Looking again at fancying up podcasts for iTunes.
https://id.koumbit.net/anarcat [Sat, 18 Apr 2015 19:04:58 +0000 (15:04 -0400)]
split it
cbaines [Sat, 18 Apr 2015 18:21:49 +0000 (14:21 -0400)]
Start discussion regarding OpenLayers 2
https://id.koumbit.net/anarcat [Sat, 18 Apr 2015 17:44:45 +0000 (13:44 -0400)]
https://id.koumbit.net/anarcat [Sat, 18 Apr 2015 17:43:34 +0000 (13:43 -0400)]
still works here, thanks to version pinning
https://id.koumbit.net/anarcat [Sat, 18 Apr 2015 17:42:44 +0000 (13:42 -0400)]
Joey Hess [Sat, 18 Apr 2015 16:35:36 +0000 (12:35 -0400)]
Merge branch 'master' of ssh://git.ikiwiki.info
Joey Hess [Sat, 18 Apr 2015 16:30:47 +0000 (12:30 -0400)]
bug report
smcv [Tue, 14 Apr 2015 17:38:13 +0000 (13:38 -0400)]
add more details of CVE-2015-2793
smcv [Tue, 14 Apr 2015 17:33:32 +0000 (13:33 -0400)]
yes Debian wheezy is vulnerable, a proposed-update is queued
Jonathan Dowland [Tue, 14 Apr 2015 13:27:33 +0000 (14:27 +0100)]
is ikiwiki in wheezy vulnerable?
smcv [Mon, 13 Apr 2015 17:29:51 +0000 (13:29 -0400)]
Added a comment
osm
Added a comment: zombie
fr33domlover [Tue, 7 Apr 2015 14:21:08 +0000 (10:21 -0400)]
Update comment on bug
fr33domlover [Tue, 7 Apr 2015 14:15:38 +0000 (10:15 -0400)]
Comment on templatebody bug
fr33domlover [Tue, 7 Apr 2015 14:14:11 +0000 (10:14 -0400)]
Comment on templatebody bug
https://launchpad.net/~beaufils [Tue, 31 Mar 2015 16:01:51 +0000 (12:01 -0400)]
Typos
https://launchpad.net/~beaufils [Tue, 31 Mar 2015 16:00:38 +0000 (12:00 -0400)]
Add question about meta, title and pagename
https://id.koumbit.net/anarcat [Tue, 31 Mar 2015 00:35:39 +0000 (20:35 -0400)]
had a 500 here
https://id.koumbit.net/anarcat [Tue, 31 Mar 2015 00:34:28 +0000 (20:34 -0400)]
small bug
https://id.koumbit.net/anarcat [Mon, 30 Mar 2015 23:24:45 +0000 (19:24 -0400)]
security review seems to say this is an okay change
Joey Hess [Mon, 30 Mar 2015 15:31:59 +0000 (11:31 -0400)]
update for recent XSS
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 11:09:33 +0000 (07:09 -0400)]
respond
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 11:02:01 +0000 (07:02 -0400)]
close fixed bug
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)]
fix formatting
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 10:55:39 +0000 (06:55 -0400)]
rename bugs/XSS_Alert...__33____33____33__.html to bugs/XSS_Alert...__33____33____33__.mdwn
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 10:53:00 +0000 (06:53 -0400)]
also mention 3.
20141016.2
http://smcv.pseudorandom.co.uk/ [Mon, 30 Mar 2015 10:51:34 +0000 (06:51 -0400)]
fix formatting
Simon McVittie [Sun, 29 Mar 2015 21:46:39 +0000 (22:46 +0100)]
Add news for version 3.
20150329
Simon McVittie [Sun, 29 Mar 2015 21:11:38 +0000 (22:11 +0100)]
https://id.koumbit.net/anarcat [Sat, 28 Mar 2015 16:47:50 +0000 (12:47 -0400)]
ouf, works!
https://id.koumbit.net/anarcat [Sat, 28 Mar 2015 16:42:02 +0000 (12:42 -0400)]
fail
https://id.koumbit.net/anarcat [Sat, 28 Mar 2015 16:32:56 +0000 (12:32 -0400)]
https://id.koumbit.net/anarcat [Sat, 28 Mar 2015 16:31:53 +0000 (12:31 -0400)]
Added a comment: progress
https://id.koumbit.net/anarcat [Sat, 28 Mar 2015 16:29:42 +0000 (12:29 -0400)]
figure it out at last: would need review from smcv for symlink security