Commit graph

11 commits

Author SHA1 Message Date
jelhan
08e9f68197 remove polls isDateTime attribute 2016-05-18 13:18:36 -07:00
jelhan
bfe1f488d4 remove proof key knowledge cause it's not secure implemented yet 2015-10-29 12:48:46 +01:00
jelhan
dec12d81a7 move legacy support to api 2015-10-17 15:44:27 +02:00
jelhan
b9bef69977 user has to proof that he knows encryption key when he participates
Therefore sha256 hash of encryption key is validated against one which is stored
on server on poll creation.
This one is transfered as X-Croodle-Proof-Key-Knowledge HTTP HEADER.

Prevents an attacker of transmitting data with wrong encryption key, which
would cause decryption errors for legit users.
2015-08-23 18:56:41 +02:00
jelhan
6ed0cc367a reimplement expiration date in new api models 2015-08-23 06:18:05 +02:00
jelhan
09c8310bb6 rewritten API models 2015-08-22 23:47:31 +02:00
jelhan
1bcee719d1 user id has to be unique 2015-08-19 15:30:33 +02:00
jelhan
450a78255d expiration date should also be encrypted on get;
therefore we have to duplicate it in store:
* encrypted for to serve for clients (encryptedExpirationDate)
* unencrypted for server to check if it's exceeded (serverExpirationDate)
serverExpirationDate should never be send to client
2015-08-18 21:53:52 +02:00
jelhan
e94ee685ea tests for api using codeception 2015-08-01 21:05:22 +02:00
jelhan
d1c8646bda rewritten api using Slim Framework 2015-08-01 18:42:48 +02:00
jelhan
fe878c61ba move api into own directory 2015-07-31 23:26:46 +02:00