Auth Cookie Support (#285)

* Auth cookie support * Add config option for auth cookie support * Safe handling of TEGid/auth_id strings * Fix bad size calculation due to pointer cast * Expiration timestamp instead of valid bit * Change setting to "allowed auth methods" This allows plaintext password auth to be disabled altogether * PR feedback
2025-12-10 16:00:48 +00:00 · 2024-09-17 20:41:48 -07:00
parent 52833f7fb3
commit a6eb0e2349
10 changed files with 185 additions and 36 deletions
--- a/config.ini
+++ b/config.ini
@@ -17,6 +17,10 @@ acceptallcustomnames=true
 # should attempts to log into non-existent accounts
 # automatically create them?
 autocreateaccounts=true
+# list of supported authentication methods (comma-separated)
+# password = allow login type 1 with plaintext passwords
+# cookie = allow login type 2 with one-shot auth cookies
+authmethods=password
 # how often should everything be flushed to the database?
 # the default is 4 minutes
 dbsaveinterval=240