luci/modules/rpc/luasrc/controller, branch 0.11.1 Lua Configuration Interface (mirror) https://git.openwrt.org/project/luci/atom?h=0.11.1 2012-08-08T09:48:53Z modules/rpc: adapt rpc controller to sauth api changes 2012-08-08T09:48:53Z Jo-Philipp Wich 2012-08-08T09:48:53Z urn:sha1:c8ffc897e312355ce2cebdb7446529d0fb41bb08 Rework authentication system 2012-08-07T19:11:56Z Jo-Philipp Wich 2012-08-07T19:11:56Z urn:sha1:a58370ab74aebca6871b1524a655f7bb5086e0a6 The validity of authentication tokens was determined by the mtime of respective authentication tokens on filesystem stored in $sessionpath. Talking about hardware without RTC or without a prior connection to a time server, date/time usually around 1970 - so is the mtime of the authentication token file in $sessionpath. When now configuring an internet connection via LuCI, the system might fetch the current date/time (e.g. via ntp) which invalidates the token, returns "403 Forbidden" and kicks the user out of the interface. This patch changes the authentication system to use time values based on the uptime of the machine - rather than values based upon gettimeofday() and {a|m}time values - and save them inside the token. That way can always determine the difference between login (last interaction respectively) and the current time, in- dependant of the system clock jumping backwards/forwards. Warning: This patch removes the clean() function and respective calls. This means, invalid tokens will NOT be determined and removed from filesystem automatically anymore. Before, every HTTP-call caused a scan for invalid tokens, which is quite expensive. Instead consider using a cron job deleting all stalled files periodically. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org> return "403 Forbidden" if authentication token was given, however is invalid 2012-08-07T19:11:52Z Jo-Philipp Wich 2012-08-07T19:11:52Z urn:sha1:69aa218335330e1e8c623fdc2e5e336b2b78056f Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Mirko Vogt <mirko@openwrt.org> modules/rpc: remove uvl bindings 2011-01-02T19:55:21Z Jo-Philipp Wich 2011-01-02T19:55:21Z urn:sha1:c4f70ce38a049acdfefb632f7778806192dcfe01 convert luci.fs users to nixio.fs api 2009-07-19T00:24:58Z Jo-Philipp Wich 2009-07-19T00:24:58Z urn:sha1:8fcd841aa9af96c8a4a4d3c1a555d2d1ed42332c Refined urltokens and XSRF protection 2008-12-15T10:40:45Z Steven Barth 2008-12-15T10:40:45Z urn:sha1:1ee5ba632ab52b5d3af5c88803fee89c8eaf6fe1 Implement URL tokens 2008-12-14T21:43:10Z Steven Barth 2008-12-14T21:43:10Z urn:sha1:271c53a4af7a79414a440b3a4d90ef7dbc48fd77 Add basic XSRF protection Move RPC-bidnings out of the way to prevent the indexer to require them 2008-09-05T19:25:57Z Steven Barth 2008-09-05T19:25:57Z urn:sha1:cd53740e0f117885dddcd9781b2209ead7170ae5 Fix UVL RPC-API 2008-09-05T19:09:11Z Steven Barth 2008-09-05T19:09:11Z urn:sha1:13579a4e211de5220c653fb97c211d6ef43dfa27 Fixed UVL bindings 2008-09-05T15:43:57Z Steven Barth 2008-09-05T15:43:57Z urn:sha1:b02fe4b480faed9fdea58bb346c5c839f202d9a0