webapp: Use securemem for constant time auth token comparisons.
Debian stable does not have securemem, but neither does it have warp-tls, so just disable use of securemem when not building with https support.
This commit is contained in:
Joey Hess
parent
ea0138d8a1
commit
66b8b9c094
9 changed files with 63 additions and 33 deletions
|
|
@ -14,6 +14,7 @@ import Assistant.WebApp.Types
|
|||
import Assistant.Common
|
||||
import Utility.NotificationBroadcaster
|
||||
import Utility.Yesod
|
||||
import Utility.WebApp
|
||||
|
||||
import Data.Text (Text)
|
||||
import Control.Concurrent
|
||||
|
|
@ -36,7 +37,7 @@ newNotifier getbroadcaster = liftAssistant $ do
|
|||
webAppFormAuthToken :: Widget
|
||||
webAppFormAuthToken = do
|
||||
webapp <- liftH getYesod
|
||||
[whamlet|<input type="hidden" name="auth" value="#{secretToken webapp}">|]
|
||||
[whamlet|<input type="hidden" name="auth" value="#{fromAuthToken (authToken webapp)}">|]
|
||||
|
||||
{- A button with an icon, and maybe label or tooltip, that can be
|
||||
- clicked to perform some action.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue