1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 12:54:53 -05:00
Commit graph

4 commits

Author SHA1 Message Date
Gusted
2580cece8e Merge pull request 'fix: dbconsistency check adding missing quotes' (#6124) from 71rd/forgejo:dbconsistency-forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6124
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
(cherry picked from commit b525eec82b)
2024-12-03 07:31:41 +00:00
Gusted
b770282d45
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v7: Removed migration - XORM can handle this case automatically without migration.

assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests
because v7 does not include the user name to the recipient.
2024-11-15 12:02:14 +01:00
Gusted
2236574d50 [BUG] Don't remove builtin OAuth2 applications
- When the database consistency is being run it would check for any
OAuth2 applications that don't have an existing user. However there are
few special OAuth2 applications that don't have an user set, because
they are global applications.
- This was not taken into account by the database consistency checker
and were removed if the database consistency check was being run with
autofix enabled.
- Take into account to ignore these global OAuth2 applications when
running the database consistency check.
- Add unit tests.
- Ref: https://codeberg.org/Codeberg/Community/issues/1530

(cherry picked from commit 6af8f3a3f2)
2024-04-06 07:03:41 +00:00
Lunny Xiao
62f995203a
Move doctor package from modules to services (#28856) 2024-01-20 10:07:31 +08:00
Renamed from modules/doctor/dbconsistency.go (Browse further)