1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-27 09:11:53 -05:00
forgejo/modules/context
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
access_log.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
api.go [BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP 2023-07-17 00:25:56 +02:00
api_forgejo_test.go [BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP 2023-07-17 00:25:56 +02:00
api_org.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
api_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
base.go Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405) 2023-08-21 07:22:18 +02:00
captcha.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
context.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
context_cookie.go [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
context_model.go Improve Gitea's web context, decouple "issue template" code into service package (#24590) 2023-05-09 01:30:14 +02:00
context_request.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00
context_response.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
context_test.go Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
csrf.go Refactor cookie (#24107) 2023-04-13 15:45:33 -04:00
org.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00
package.go Revert package access change from #23879 (#25707) (#25785) 2023-07-09 21:00:42 +00:00
pagination.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
permission.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
private.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
repo.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00
response.go Fix regression: access log template, gitea manager cli command (#24838) 2023-05-22 09:38:38 +08:00
utils.go Avoid double-unescaping of form value (#26853) (#26863) 2023-09-08 08:09:18 +02:00
xsrf.go Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00
xsrf_test.go Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00