NoLog.cz/decide.nolog.cz
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
620 commits 1 branch 0 tags 22 MiB
Commit graph

12 commits

Author SHA1 Message Date
jelhan
a545f7f956 remove auto generated files from repository 2016-04-11 01:00:59 +02:00
jelhan
d02837db6b Fix tests failing caused by exceeded server expiration date ... 2015-11-24 01:15:34 +01:00
jelhan
bfe1f488d4 remove proof key knowledge cause it's not secure implemented yet 2015-10-29 12:48:46 +01:00
jelhan
dec12d81a7 move legacy support to api 2015-10-17 15:44:27 +02:00
jelhan
38eecd64ff PHP 7 is right: an empty string is not a valid JSON 2015-08-23 19:04:58 +02:00
jelhan
b9bef69977 user has to proof that he knows encryption key when he participates 
Therefore sha256 hash of encryption key is validated against one which is stored
on server on poll creation.
This one is transfered as X-Croodle-Proof-Key-Knowledge HTTP HEADER.

Prevents an attacker of transmitting data with wrong encryption key, which
would cause decryption errors for legit users.
 2015-08-23 18:56:41 +02:00
jelhan
6ed0cc367a reimplement expiration date in new api models 2015-08-23 06:18:05 +02:00
jelhan
09c8310bb6 rewritten API models 2015-08-22 23:47:31 +02:00
jelhan
450a78255d expiration date should also be encrypted on get; 
therefore we have to duplicate it in store:
* encrypted for to serve for clients (encryptedExpirationDate)
* unencrypted for server to check if it's exceeded (serverExpirationDate)
serverExpirationDate should never be send to client
 2015-08-18 21:53:52 +02:00
jelhan
2ad55da50c create tmp data dir for tests if it does not exist 2015-08-01 21:37:15 +02:00
jelhan
200b25be5d Fix: .gitignore where to strict for codeception 2015-08-01 21:30:14 +02:00
jelhan
e94ee685ea tests for api using codeception 2015-08-01 21:05:22 +02:00