opendev
/
gerrit
Code Issues Proposed changes
gerrit/Documentation
History
Han-Wen Nienhuys 84d830b5b3 gerrit-server: use hashed passwords for HTTP. 
Consequences:
* Removes the GET endpoint for the HTTP password
* Removes digest authentication
* Removes auth.gitBasicAuth config option.

With the move to NoteDB, the per-account data (including the HTTP
password) will be stored in a branch in the All-Users repo, where
it is subject to Gerrit ACLs.  Since these are notoriously hard to
setup correctly, we want to avoid storing the password in plaintext.

With this change, we support hashed passwords, and a schema upgrade
populates the existing 'password' field using previous passwords.

Tested migration manually:

  * ran schema upgrade
  * verified that schema upgrade inserts hashed passwords with gsql.
  * verified that the password still works with the new code.

Tested passwords manually:
  * verified that correct passwords get accepted when using curl --user.
  * verified that wrong passwords get rejected when using curl --user.

Change-Id: I26f5bcd7848040107e3721eeabf75baeb79c1724
 		2017-02-28 09:09:33 +01:00
..
images Use buck rule for ReleaseNotes instead of Makefile 2016-05-17 23:23:31 +00:00
.gitignore Ignore /Documentation/*.html 2015-05-06 11:25:51 -07:00
BUILD Create //Documentation:js_licenses.txt. 2016-12-08 17:32:27 +01:00
access-control.txt Allow users given specific permission to delete their own changes 2017-02-21 11:11:40 +00:00
cmd-apropos.txt Harmonize notation of admonition blocks in documentation 2016-07-08 15:42:31 +02:00
cmd-ban-commit.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-cherry-pick.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-close-connection.txt Fix broken synopsis formatting in documentation 2016-07-06 10:54:42 +02:00
cmd-create-account.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-create-branch.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-create-group.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-create-project.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-flush-caches.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-gc.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-gsql.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-hook-commit-msg.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-index-activate.txt doc: add option and example section to ssh index command 2016-07-20 09:50:05 -07:00
cmd-index-changes.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-index-project.txt Allow to index all changes of a project 2017-02-24 11:10:22 +00:00
cmd-index-start.txt doc update: how to get online index status info 2016-08-15 13:57:37 -07:00
cmd-index.txt Allow to index all changes of a project 2017-02-24 11:10:22 +00:00
cmd-kill.txt Fix broken synopsis formatting in documentation 2016-07-06 10:54:42 +02:00
cmd-logging-ls-level.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-logging-set-level.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-ls-groups.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-ls-members.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-ls-projects.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-ls-user-refs.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-plugin-enable.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-plugin-install.txt Fix various typos, spelling mistakes, and inconsistencies 2016-09-06 16:27:49 +09:00
cmd-plugin-ls.txt Fix broken synopsis formatting in documentation 2016-07-06 10:54:42 +02:00
cmd-plugin-reload.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-plugin-remove.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-query.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-receive-pack.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-rename-group.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-review.txt Support move change via SSH 2016-11-23 12:50:27 +02:00
cmd-set-account.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-set-head.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-set-members.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-set-project-parent.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-set-project.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-set-reviewers.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-show-caches.txt Fix some legacy-style titles in documentation 2016-07-08 13:45:28 +02:00
cmd-show-connections.txt ShowConnections: Only show start and idle columns for mina backend 2016-08-04 05:55:37 +00:00
cmd-show-queue.txt doc update: how to get online index status info 2016-08-15 13:57:37 -07:00
cmd-stream-events.txt AssigneeChanged event 2016-09-23 14:27:39 +00:00
cmd-suexec.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-test-submit-rule.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-test-submit-type.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
cmd-version.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
config-auto-site-initialization.txt Doc: Fix minor nits in config-auto-site-initialization 2017-01-23 06:18:50 +00:00
config-cla.txt config-cla: Improve documentation of adding groups config 2016-08-22 17:46:31 +09:00
config-gerrit.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
config-gitweb.txt Harmonize notation of admonition blocks in documentation 2016-07-08 15:42:31 +02:00
config-hooks.txt Move hooks from core Gerrit to 'hooks' plugin 2016-07-04 11:06:18 +09:00
config-labels.txt Support disallowing voting on labels after submission 2016-11-15 18:38:25 -08:00
config-login-register.txt Remove footer blocks from included documentation pages 2017-01-11 01:20:24 +00:00
config-mail.txt Send email notification to user that is assigned to a change 2016-12-07 12:02:18 +01:00
config-plugins.txt Merge branch 'stable-2.13' 2016-11-24 09:52:22 +09:00
config-project-config.txt Document commentlink section in project.config file 2016-10-13 09:00:55 +02:00
config-reverseproxy.txt Update reverse proxy configuration example for nginx 2015-07-06 01:50:38 +00:00
config-robot-comments.txt Add support for Robot Comments 2016-09-28 15:34:54 +02:00
config-sso.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
config-themes.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
config-validation.txt New extension to validate branch updates by submit strategies. 2017-01-19 13:44:16 -08:00
database-setup.txt Remove footer blocks from included documentation pages 2017-01-11 01:20:24 +00:00
dev-bazel.txt Fix bazel documentation running test group example 2017-02-23 06:51:02 +00:00
dev-build-plugins.txt Allow plugins to contribute external workspace deps 2017-01-26 20:39:45 +00:00
dev-contributing.txt google-java-formatter: Document how to set up Eclipse plugin 2017-02-10 09:30:48 +00:00
dev-design.txt Update issue tracker URL in documentation 2016-06-23 06:48:12 +00:00
dev-eclipse.txt google-java-formatter: Document how to set up Eclipse plugin 2017-02-10 09:30:48 +00:00
dev-inspector.txt Merge "Some more broken synopsis formattings in documentation" 2016-07-08 14:07:44 +00:00
dev-intellij.txt Remove IntelliJ > 2016.02 from supported IDEs 2016-12-16 07:23:12 +00:00
dev-note-db.txt dev-note-db.txt: Clarify a sentence 2017-02-22 12:25:12 -05:00
dev-plugins.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
dev-readme.txt Remove Buck based build 2017-01-23 12:44:58 +00:00
dev-release-deploy-config.txt Update documentation of how to configure Maven for Google Storage 2016-09-21 07:36:26 +02:00
dev-release-jgit.txt Provide a diff file to make it easier to deploy JGit snapshot 2016-08-31 11:13:47 +09:00
dev-release-subproject.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
dev-release.txt Remove Buck based build 2017-01-23 12:44:58 +00:00
dev-rest-api.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
dev-stars.txt Fix various typos, spelling mistakes, and inconsistencies 2016-09-06 16:27:49 +09:00
error-branch-not-found.txt Doc: Consistently refer to "Web UI" rather than "WebUI" 2014-05-02 17:21:22 +09:00
error-change-closed.txt Doc: Consistently refer to "Web UI" rather than "WebUI" 2014-05-02 17:21:22 +09:00
error-change-does-not-belong-to-project.txt Consistently refer to Change-Id in documentation 2014-09-04 13:12:24 +09:00
error-change-not-found.txt Consistently refer to Change-Id in documentation 2014-09-04 13:12:24 +09:00
error-change-upload-blocked.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-commit-already-exists.txt Merge branch 'stable-2.8' 2014-03-11 18:24:13 +09:00
error-contains-banned-commit.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-has-duplicates.txt Fix some legacy-style titles in documentation 2016-07-08 13:45:28 +02:00
error-invalid-author.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-invalid-changeid-line.txt Doc: Consistently refer to "Web UI" rather than "WebUI" 2014-05-02 17:21:22 +09:00
error-invalid-committer.txt Fix reference to Forge Committer access right in documentation 2014-07-08 07:24:01 +00:00
error-messages.txt Provide more informative error message for Change-Id conflicts 2016-04-12 14:18:12 +00:00
error-missing-changeid.txt Consistently refer to Change-Id in documentation 2014-09-04 13:12:24 +09:00
error-missing-subject.txt Improve reject message if Change-Id is in subject 2014-02-21 09:25:33 +01:00
error-multiple-changeid-lines.txt Doc: Consistently refer to "Web UI" rather than "WebUI" 2014-05-02 17:21:22 +09:00
error-no-common-ancestry.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-no-new-changes.txt Update no-new-change error message documentation 2015-10-09 14:58:49 +00:00
error-non-fast-forward.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-not-a-gerrit-administrator.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-not-allowed-to-upload-merges.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-not-permitted-to-create.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-not-signed-off-by.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-not-valid-ref.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-permission-denied.txt Revert "Add '-T' switch to the SSH connectivity check examples" 2016-04-05 18:22:09 +00:00
error-prohibited-by-gerrit.txt Rename 'Push Annotated/Signed Tag' permission to 'Create Annotated/Signed Tag' 2016-09-08 13:50:04 +09:00
error-project-not-found.txt Doc: Consistently refer to "Web UI" rather than "WebUI" 2014-05-02 17:21:22 +09:00
error-push-fails-due-to-commit-message.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
error-same-change-id-in-multiple-changes.txt Provide more informative error message for Change-Id conflicts 2016-04-12 14:18:12 +00:00
error-upload-denied.txt Fix some legacy-style titles in documentation 2016-07-08 13:45:28 +02:00
i18n-readme.txt Use the new section title style in Asciidoctor. 2013-12-20 12:55:51 -08:00
index.txt Add developer documentation page about NoteDb 2017-02-22 10:46:02 -05:00
install-j2ee.txt Fix broken formatting in Tomcat reverse proxy config documentation 2014-10-21 11:04:42 +09:00
install-quick.txt Documentation: Specify JRE rather than JDK 2016-11-15 12:12:27 -08:00
install.txt Documentation: Specify JRE rather than JDK 2016-11-15 12:12:27 -08:00
intro-project-owner.txt Remove Buck based build 2017-01-23 12:44:58 +00:00
intro-quick.txt Fix typos in the documentation 2016-11-15 18:20:16 -08:00
intro-user.txt Revert "Add a User Preference to Receive only Plaintext Emails" 2017-02-15 00:49:11 +00:00
js-api.txt Fix remaining legacy section title styles in documentation 2016-12-06 08:46:05 +09:00
json.txt Add missing documentation of ChangeKind.MERGE_FIRST_PARENT_UPDATE 2016-07-04 02:04:02 +00:00
metrics.txt Document batch_update/execute_change_ops metric 2016-11-25 14:42:11 +01:00
pgm-LocalUsernamesToLowerCase.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
pgm-SwitchSecureStore.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
pgm-daemon.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
pgm-gsql.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
pgm-index.txt Gerrit command line utility to set/update secure.config 2017-01-12 00:25:25 +00:00
pgm-init.txt init: Add a flag to force-delete the cache 2016-10-06 17:20:01 +02:00
pgm-passwd.txt Gerrit command line utility to set/update secure.config 2017-01-12 00:25:25 +00:00
pgm-prolog-shell.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
pgm-reindex.txt Remove --dry-run option from reindex command documentation 2016-07-08 15:26:42 +02:00
pgm-rulec.txt Some more broken synopsis formattings in documentation 2016-07-08 13:47:29 +02:00
project-configuration.txt Rebase-Always strategy: always generate footers. 2016-11-22 12:19:24 +00:00
prolog-change-facts.txt Harmonize notation of admonition blocks in documentation 2016-07-08 15:42:31 +02:00
prolog-cookbook.txt Prolog cookbook typo; line should end with period, not comma 2016-10-17 08:24:13 +09:00
replace_macros.py Set file encoding on replace_macros.py 2016-05-19 16:24:11 -04:00
rest-api-access.txt Merge branch 'stable-2.13' 2016-10-03 13:32:09 +09:00
rest-api-accounts.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
rest-api-changes.txt Allow users given specific permission to delete their own changes 2017-02-21 11:11:40 +00:00
rest-api-config.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
rest-api-documentation.txt Remove Buck based build 2017-01-23 12:44:58 +00:00
rest-api-groups.txt Deprecate query option on List Groups REST endpoint 2017-01-17 08:01:34 +01:00
rest-api-plugins.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
rest-api-projects.txt Allow to index all changes of a project 2017-02-24 11:10:22 +00:00
rest-api.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00
user-change-cleanup.txt Add background job to abandon inactive changes automatically 2015-06-25 07:26:25 +02:00
user-changeid.txt Work around asciidoctor handling of nested ` and * 2015-04-06 17:22:37 +09:00
user-dashboards.txt Add user guide 2015-04-30 14:37:09 +00:00
user-inline-edit.txt Fix various typos, spelling mistakes, and inconsistencies 2016-09-06 16:27:49 +09:00
user-named-destinations.txt Add named destinations support 2015-09-03 10:50:07 -06:00
user-named-queries.txt Move 'User Refs' docs to the intro-user doc. 2015-09-04 14:55:15 +00:00
user-notify.txt Fix formatting of example blocks 2016-07-07 14:06:31 +02:00
user-review-ui.txt Allow users given specific permission to delete their own changes 2017-02-21 11:11:40 +00:00
user-search-accounts.txt Fix mistakes in account search documentation 2017-01-02 15:00:22 +01:00
user-search-groups.txt Support to query groups by owner group name 2017-02-10 09:21:55 +01:00
user-search.txt Support "cc:" query 2017-02-22 16:17:21 -05:00
user-signedoffby.txt Revert "== GERRIT" in documentation. 2014-03-25 19:44:49 +00:00
user-submodules.txt Fix typos in the documentation 2016-11-15 18:20:16 -08:00
user-upload.txt gerrit-server: use hashed passwords for HTTP. 2017-02-28 09:09:33 +01:00