Previously, a single key was used to access the API, this has not changed in terms of what the user sees. However, API keys now use an identifier and token internally. The identifier is the first 16 characters of the key, and the token is the remaining 32. The token is stored encrypted at rest in the database and the identifier is used by the API middleware to grab that record and make a timing attack safe comparison.
* added a null check on the last_run
* corrected a mistake made when changing the file
* another mistake :/
* changed to be less specific and so it checks against the value instead of >
Refactored entire startup repository code block to be more efficient
and cleaner. Also includes modifications to front-end to make it match
backend name and design.
* add translation to navigation
* redesign base.api.index view
add translations
* remove license derp
* translate never in base.api.index view
* simplify user drop down for now
add translations
Permission obtained from @DDynamic. Contributions from other users were
removed since we did not obtain permission from them for the re-license.
From this point forward all contributors must have a signed Contributor
License Agreement on file.
Cleaned up the code a bit, also checks TOTP before attemping to verify
user.
This addresses the potential for an attacker to try at a password
and/or confirm that the password is correct unless they have a valid
TOTP code for the request. A failed TOTP response will trigger a
throttle count on the login as well.
