<feed xmlns='http://www.w3.org/2005/Atom'>
<title>cccms/lib/authentication.rb, branch erdgeist-modernize-auth</title>
<subtitle>[no description]</subtitle>
<id>https://erdgeist.org/gitweb/cccms/atom?h=erdgeist-modernize-auth</id>
<link rel='self' href='https://erdgeist.org/gitweb/cccms/atom?h=erdgeist-modernize-auth'/>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/'/>
<updated>2026-07-16T17:45:42Z</updated>
<entry>
<title>Implement transparent password hash migration</title>
<updated>2026-07-16T17:45:42Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-07-16T17:45:42Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=220ed6c7914f5977d36b7617e9c38999317f57e5'/>
<id>urn:sha1:220ed6c7914f5977d36b7617e9c38999317f57e5</id>
<content type='text'>
Add has_secure_password and bcrypt while retaining compatibility with
legacy SHA-1 password hashes. Existing users are upgraded to
password_digest on their next successful login.

Add regression tests covering both legacy and modern authentication
paths.
</content>
</entry>
<entry>
<title>Use SecureRandom instead of the hand rolled implementation</title>
<updated>2026-07-16T16:28:52Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-07-16T16:28:52Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=79eaaa68dd5380d3572ed48e32e556531bfd49eb'/>
<id>urn:sha1:79eaaa68dd5380d3572ed48e32e556531bfd49eb</id>
<content type='text'>
</content>
</entry>
<entry>
<title>* initial commit of the stripped restful-authentication</title>
<updated>2009-02-15T19:22:01Z</updated>
<author>
<name>simon</name>
<email>simon@zagal.(none)</email>
</author>
<published>2009-02-08T22:15:11Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=9f94a70c3e3d9bf766cb9663b0a904d30a190d85'/>
<id>urn:sha1:9f94a70c3e3d9bf766cb9663b0a904d30a190d85</id>
<content type='text'>
* http basic auth and login from cookie have been removed
* no it does not work yet, it's so f*cking secure, it won't even let legitimate users login
</content>
</entry>
</feed>
