1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-23 08:47:42 -05:00
forgejo/models
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
actions Fix log typo in task.go (#26337) (#26343) 2023-08-21 07:22:17 +02:00
activities Quote table release in sql queries (#27205) (#27219) 2023-10-03 14:48:18 +02:00
admin Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
asymkey Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
auth [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
avatars Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017) 2023-09-20 12:50:46 +02:00
db [GITEA] Add slow SQL query warning 2023-08-21 21:18:43 +02:00
dbfs Fix content holes in Actions task logs file (#25560) (#25566) 2023-06-28 23:39:23 +00:00
fixtures Allow get release download files and lfs files with oauth2 token format (#26430) (#27378) 2023-10-03 14:48:40 +02:00
forgejo/semver [UPGRADE] add sanity checks for [storage*] 2023-08-21 07:22:19 +02:00
forgejo_migrations [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-08-21 07:22:18 +02:00
git Fix pull request check list is limited (#26179) (#26245) 2023-08-21 07:22:15 +02:00
issues Fix bug of review request number (#27406) 2023-10-03 14:48:40 +02:00
migrations [UPGRADE] run sanity checks before the database is upgraded 2023-08-21 07:22:19 +02:00
organization Remove unused code (#25734) (#25788) 2023-07-09 19:47:58 +00:00
packages Fix NuGet search endpoints (#25613) (#26499) 2023-08-21 07:27:20 +02:00
perm Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
project Update xorm version (#26128) (#26150) 2023-07-26 13:50:10 +02:00
pull refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo [GITEA] Use restricted sanitizer for repository description 2023-09-13 17:17:37 +02:00
secret Respect original content when creating secrets (#24745) 2023-05-16 14:49:40 +08:00
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 2023-05-12 08:43:27 +00:00
system Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017) 2023-09-20 12:50:46 +02:00
unit Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
unittest Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
user [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
webhook Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
error.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
fixture_generation.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
fixture_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
main_test.go Merge setting.InitXXX into one function with options (#24389) 2023-05-04 11:55:35 +08:00
migrate.go Check primary keys for all tables and drop ForeignReference (#21721) 2022-12-23 19:35:43 +08:00
migrate_test.go Check primary keys for all tables and drop ForeignReference (#21721) 2022-12-23 19:35:43 +08:00
org.go refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
org_team.go Remove org users who belong to no teams (#24247) 2023-04-24 15:52:38 -04:00
org_team_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
org_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
repo_collaboration.go refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo_collaboration_test.go Rename repo.GetOwner to repo.LoadOwner (#22967) 2023-02-18 20:11:03 +08:00
repo_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo_transfer.go Fix unclear IsRepositoryExist logic (#24374) 2023-04-28 14:14:26 -04:00
repo_transfer_test.go Rename almost all Ctx functions (#22071) 2022-12-10 10:46:31 +08:00