From: Juliusz Chroboczek <jch@irif.fr>
To: galene@lists.galene.org
Subject: [Galene] Token-based invitation merged into master
Date: Tue, 04 Apr 2023 01:36:08 +0200 [thread overview]
Message-ID: <87y1n8edxz.wl-jch@irif.fr> (raw)
Hi,
I've just merged the stateful token code into Galene. You may test it at
<https://galene.org:8443/group/public/>.
# Basic usage
In order to generate a token, you must either be group operator or have
specified
"allow-tokens": true
in the group description. In order to invite a single person, you type
/invite username
This will generate a link that you may send to said user and that will
allow logging-in without the need to specify either a username or
password. By default, tokens are valid for one week, but you may specify
a different duration:
/invite username 15d
In order to make a wildcard invitation (one that you may send to multiple
users), simply type:
/invite
This will generate a link that will lead to a simplified login dialog,
where the password field has been removed. Again, you may specify
a different duration:
/invite '' 15d
There's a menu entry on the context menu of your own username that allows
generating a wildcard token valid a day. This should be expanded to pop
up a friendly dialog, but I'm not likely to do that myself.
# Token management
Unlike the stateless tokens previously implemented, the tokens used by the
/invite command are stateful: we keep track of all the tokens that we have
generated in a file on the server. If you have the "op" privilege, you
may view the list of all (stateful) tokens generated for the group:
/listtokens
You may revoke a token:
/revoke https://galene.org:8443/group/public/?token=xxx
and you may extend its lifetime (even if it's been revoked):
/reinvite https://galene.org:8443/group/public/?token=xxx 2d
# Token storage
Tokens are stored in the file `data/var/tokens.jsonl`. They are deleted
one week after their expiration date. The expiration date is stored in
absolute time, so your server better have accurate time if you want
accurate expiration of tokens.
It should be safe to modify the file while Galene is running (the server
will notice your modifications straight away), although of course you
might suffer from the lost update problem if two entities modify the file
at the same time.
There are some features that I've implemented that can currently only be
accessed by editing the token file directly, such as tokens with unusual
permissions (permission to record, permission to create new tokens) or
tokens that are only valid *after* a certain date. I'll extend the
protocol support if there's demand.
Enjoy,
-- Juliusz
reply other threads:[~2023-04-03 23:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y1n8edxz.wl-jch@irif.fr \
--to=jch@irif.fr \
--cc=galene@lists.galene.org \
--subject='Re: [Galene] Token-based invitation merged into master' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox