7 commits

Author	SHA1	Message	Date
Matthew Holt	937ec34201	caddyauth: Prevent user enumeration by timing ... Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!	2020-10-31 10:51:05 -06:00
Matthew Holt	8a0fff58aa	caddyauth: hash-password: Set bcrypt cost to 14 (#3580)	2020-07-17 12:20:53 -06:00
Francis Lavoie	bb67e19d7b	cmd: hash-password: Fix broken terminal state on SIGINT (#3416) ... * caddyauth: Fix hash-password broken terminal state on SIGINT * caddycmd: Move TrapSignals calls to only subcommands that run long	2020-05-21 13:09:49 -06:00
Andrew Zhou	5bde8d705b	cmd: hash-password: Support reading from stdin (#3373) ... Closes #3365 * http: Add support in hash-password for reading from terminals/stdin * FIXUP: Run gofmt -s * FIXUP * FIXUP: Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * FIXUP Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2020-05-11 14:10:47 -06:00
Mohammed Al Sahaf	7dfd69cdc5	chore: make the linter happier (#3245) ... * chore: make the linter happier * chore: remove reference to maligned linter in .golangci.yml	2020-04-08 15:31:51 -06:00
Matthew Holt	442fd748f6	caddyhttp: Minor cleanup and fix nil pointer deref in caddyfile adapter	2019-10-28 15:08:45 -06:00
Matthew Holt	f8366c2f09	http: authentication module; hash-password cmd; http_basic provider ... This implements HTTP basicauth into Caddy 2. The basic auth module will not work with passwords that are not securely hashed, so a subcommand hash-password was added to make it convenient to produce those hashes. Also included is Caddyfile support. Closes #2747.	2019-10-10 14:37:27 -06:00