discourse/lib/auth
David Taylor 4c9ca24ccf
FEATURE: Hash API keys in the database (#8438)
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
2019-12-12 11:45:00 +00:00
..
auth_provider.rb FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
authenticator.rb SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 10:28:15 +01:00
current_user_provider.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
default_current_user_provider.rb FEATURE: Hash API keys in the database (#8438) 2019-12-12 11:45:00 +00:00
discord_authenticator.rb FEATURE: Login with Discord (#8053) 2019-08-30 10:54:19 +01:00
facebook_authenticator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
github_authenticator.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
google_oauth2_authenticator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
instagram_authenticator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
managed_authenticator.rb DEV: Add missing parenthesis for 47ad2a4d 2019-07-24 11:29:18 +01:00
oauth2_authenticator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
open_id_authenticator.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
result.rb FIX: Do not raise exception if the authenticator email is missing 2019-08-14 12:08:59 +01:00
twitter_authenticator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00