mox/webauth
Mechiel Lukkien c57aeac7f0
prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization
an é (e with accent) can also be written as e+\u0301. the first form is NFC,
the second NFD. when logging in, we transform usernames (email addresses) to
NFC. so both forms will be accepted. if a client is using NFD, they can log
in too.

for passwords, we apply the PRECIS "opaquestring", which (despite the name)
transforms the value too: unicode spaces are replaced with ascii spaces. the
string is also normalized to NFC. PRECIS may reject confusing passwords when
you set a password.
2024-03-09 09:20:29 +01:00
..
accounts.go replace http basic auth for web interfaces with session cookie & csrf-based auth 2024-01-05 10:48:42 +01:00
admin.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00
webauth.go prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization 2024-03-09 09:20:29 +01:00