Commit Graph

19006 Commits

Author SHA1 Message Date
Fang
0a32bcda35
Merge branch 'release/next-sys' into ford-fusion 2020-06-09 20:10:28 +02:00
Philip Monk
80ead610ea
Merge remote-tracking branch 'origin/master' into release/next-sys 2020-06-04 17:52:42 -07:00
Liam Fitzgerald
3ff99b0d7f Merge branch 'origin/lf/get-eyre-redirect' into release/next-sys 2020-06-05 10:41:15 +10:00
Liam Fitzgerald
b553d57c29 eyre: 303 redirect on successful login
Changes the HTTP status code of the redirect that occurs upon a
successful login from 307 to 303. 307 preserves the method of the
original request, so the redirected request is a POST. With the new SPA,
this causes a 404 as app/file-server validates the method of the
request, something that did not happen in earlier versions of landscape.
303 instead changes the method to always produce a GET request.
2020-06-04 15:09:00 +10:00
matildepark
79bbaec5e8
Update os1-bug-report.md 2020-06-03 17:38:21 -04:00
Fang
74b6f26a34
Merge pull request #2970 from urbit/m/eyre-logout
eyre: provide logout endpoint
2020-06-03 14:55:21 +02:00
Fang
a66cfc31da
eyre: fake duct for on-load logout binding
Empty duct is considered not good.
2020-06-03 14:29:13 +02:00
Fang
6e3284feac
eyre: use 303 to redirect to login post-logout
This ensures the client sends a GET request, which is more appropriate.
2020-06-03 14:28:30 +02:00
Ted Blackman
8d330626f0 /app: fix merge bugs 2020-06-03 01:48:57 -04:00
Philip Monk
8b78f04dd3
Merge remote-tracking branch 'origin/master' into ford-fusion 2020-06-02 21:50:20 -07:00
Fang
2f83797a07
dbug fe: add eyre logout buttons 2020-06-03 01:40:57 +02:00
Fang
4d93349402
eyre: provide logout endpoint
Set up, by default, on /~/logout.

Sending a POST request to this expires the current session and redirects
to the login page. If the "all" key is set in the request body, expires
all open sessions.
2020-06-03 01:40:32 +02:00
Philip Monk
818d2231f6
ames: remove jumbo packets 2020-06-02 14:13:28 -07:00
Philip Monk
84b8a67e47
clay: handle reefs for non-home desks
We build a reef for each desk but use the compiler from our kernel.  At
some point we should use the compiler from the desk, but then we need to
validate any results we get from it.
2020-06-01 20:52:20 -07:00
Philip Monk
62889d78d1
txt: don't conflict if identical changes 2020-06-01 20:46:43 -07:00
Fang
574b05a88a
Merge pull request #2959 from urbit/m/eyre-cookies
eyre: augmented cookie handling
2020-06-01 22:11:57 +02:00
Fang
2c02a91633
tests: update eyre tests
To account for recent cookie-related changes.
2020-06-01 21:42:32 +02:00
Fang
ef7cd131e5
Merge pull request #2962 from urbit/m/eyre-forwarded
eyre: respect "forwarded" header from localhost
2020-06-01 20:35:33 +02:00
Ted Blackman
b191636276 clay: WIP reef building 2020-06-01 12:56:21 -04:00
Fang
750ff6e5e1
eyre: respect "forwarded" header from localhost
For request transparency, HTTP proxies may set the Forwarded header to
specify who the original requester is.

For requests from localhost only, we make Eyre respect the Forwarded
header, and adjust the handled ip address accordingly.

Note that we do not support X-Forwarded or other non-standard variants.
The header remains in the request, so server applications can handle
them as desired.

Fixes #2723.
2020-05-31 17:45:22 +02:00
Fang
a87000149d
zuse: add parsers for http header field values
Multi-value format as used by some headers.

Also updates pill with recent zuse changes.
2020-05-31 17:45:20 +02:00
Fang
b1daaec7bf
zuse: add parsers for ip addresses
Parses into +address:eyre.
2020-05-31 17:45:18 +02:00
Fang
63c26151a3
eyre: extend session duration on-use
When sending a response to an authenticated request, update the session
to last for +session-timeout again, and send an updated cookie to match.

Assuming the user makes an actual HTTP request at least once a week,
this will make sure they don't get logged out automatically. Simply
keeping a channel open, unfortunately, doesn't count.
2020-05-30 02:29:20 +02:00
Fang
a51d93326a
eyre: clean up old +load code
Removes pre-breach state adapter logic and touches up code style.
2020-05-29 15:33:22 +02:00
Fang
00e3159287
eyre: clear expired sessions/cookies from state
Instead of setting a timer for every session, we set a single expiry
timer when the first session is created. On the subsequent wake event,
we clear all cookies that have expired at that time, then set a timer
for when the next session expires.

This approach gives us flexibility wrt sessions going forward, allowing
extending or early deleting of sessions without having to care about the
related timers.

Note that in +load, we clear all existing sessions. We would start the
expiry timer flow there, but can't. Forcing the user to login again
post-ota once isn't the end of the world.
2020-05-29 15:28:44 +02:00
Philip Monk
18e396cf53
release: urbit-os-v1.0.20
Previous urbit-os-v1.0.20 was not released
2020-05-28 18:43:20 -07:00
Philip Monk
d49e8adc08
Merge remote-tracking branch 'origin/philip/behn-fix' into release/hotfix
behn: fix +unset-timer
2020-05-28 18:37:39 -07:00
Philip Monk
3ab618e234
behn: fix +unset-timer
It was throwing away timers sometimes if you cancelled a timer at the
same date as other timers.
2020-05-28 17:09:25 -07:00
Philip Monk
0cfee46fa8
jael: send breach notifications in order
See #2952 for details
2020-05-28 15:24:19 -07:00
Philip Monk
1be5411c75
jael: don't notify breach on initial update to ship
See #2952 for details
2020-05-28 14:38:07 -07:00
Philip Monk
c20cd29932
jael: look for correct wire
We inspect the wire of our subscriber to see if we need to produce the
result as a %public-keys or a %boon.  This is bad -- we should proxy the
subscription to avoid this need, but this doesn't make that change yet.

%pubs is an old name that doesn't exist anymore (last existed around
September 2019).  The new version is /public-keys, but it's worked so
far because /public-keys has only one item in the path, so it missed the
conditional.  This commit makes the intent more clear.

The [%a @ @ *] could be just [%a @ *], but I leave it to reduce the
chance of breaking stuff.
2020-05-28 14:27:08 -07:00
Philip Monk
b855741ddd
release: urbit-os-v1.0.20 2020-05-28 11:38:26 -07:00
Philip Monk
a362e4b3cb
gen: add |ames-wake
forgot to add this file
2020-05-28 10:50:32 -07:00
Philip Monk
0642cc5861
ames: add |ames-wake
Somehow we ended up with flows which expected to awaken but did not wake
up.  This was likely caused by the error in r920j OTA, urbit-os-v1.0.18.

This adds a command which ensures that every flow has an active timer.
I expect this to be needed only once, but it's a pretty general tool, so
it's worth keeping.

I've included an unused @t parameter to more easily add simple debug
commands to ames without having to add a new task
2020-05-28 10:28:31 -07:00
Philip Monk
c417e594e3
hood: update on-save 2020-05-27 19:35:22 -07:00
Philip Monk
53b919965f
release: urbit-os-v1.0.19 2020-05-27 18:49:09 -07:00
Philip Monk
472ad18c90
behn: already deleted, don't need to do it again 2020-05-27 18:47:50 -07:00
Philip Monk
86fb78d933
Merge remote-tracking branch 'origin/ted/behn-same-date' into release/hotfix 2020-05-27 18:36:10 -07:00
Philip Monk
ff01a1ea04
ames: don't set new timer if we woke up too early
Otherwise if we end up having multple outstanding timers, they never
coalesce to a single timer.
2020-05-27 17:38:18 -07:00
Ted Blackman
6780953859 bin/solid.pill update 2020-05-27 04:09:29 -04:00
Ted Blackman
8ed07dfc7e behn: fix bug with timers at same date 2020-05-27 02:59:07 -04:00
Philip Monk
d0b4d5a02e
release: urbit-os-v1.0.18 2020-05-26 17:41:42 -07:00
Fang
049cacfa51
Merge pull request #2932 from urbit/m/shoe
shoe: console application library
2020-05-27 00:39:27 +02:00
Fang
4b9ec0c9a4
shoe: include example usage of %klr sole-effect
Seems worthwhile to signal the existence of richer console output.

Also adds a brief description of what the example app does.
2020-05-26 23:45:45 +02:00
Fang
127355c381
shoe: simplify default +can-connect
This belongs in /app/shoe (and indeed already is there).
2020-05-26 23:14:51 +02:00
Fang
509fec7f7c
shoe: improve +on-load logic
Turns out that if we use a tag we can just check the value without
needing vase operations.
2020-05-26 23:10:54 +02:00
Fang
016fd9101c
Merge pull request #2875 from urbit/m/debug-dashboard
Initial debug dashboard
2020-05-26 22:01:48 +02:00
Fang
36b7fc2e4f
Merge branch 'release/next-sys' into m/debug-dashboard 2020-05-26 20:36:27 +02:00
Fang
5a16e43a34
Merge pull request #2936 from pkova/release/next-sys
zuse: improve json to rn parsing
2020-05-26 19:41:09 +02:00
pkova
28cd252ce7 zuse: improve json to rn parsing
Allow the exponent token to be 'e' or 'E', allow the explicit sign of '+'.
Following the spec at https://json.org. Fixes #2935.
2020-05-26 19:29:24 +03:00