foster/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-30 09:41:11 -05:00
Code Issues Wiki Activity
forgejo/modules/util
History
Gusted 51988ef52b
[GITEA] rework long-term authentication 
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
filebuffer Add Debian package registry (#24426) 2023-05-02 12:31:35 -04:00
rotatingfilewriter Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
color.go Modify luminance calculation and extract related functions into single files (#24586) 2023-05-10 11:19:03 +00:00
color_test.go Modify luminance calculation and extract related functions into single files (#24586) 2023-05-10 11:19:03 +00:00
error.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
file_unix.go
file_unix_test.go
file_windows.go
io.go Fix profile render when the README.md size is larger than 1024 bytes (#25270) 2023-06-15 01:39:34 +00:00
io_test.go Fix profile render when the README.md size is larger than 1024 bytes (#25270) 2023-06-15 01:39:34 +00:00
keypair.go Add Alpine package registry (#23714) 2023-05-12 17:27:50 +00:00
keypair_test.go Use minio/sha256-simd for accelerated SHA256 (#23052) 2023-02-22 14:21:46 -05:00
legacy.go [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
legacy_test.go [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
pack.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
pack_test.go Add support for incoming emails (#22056) 2023-01-14 23:57:10 +08:00
paginate.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
paginate_test.go
path.go Move some regexp out of functions (#25430) (#25445) 2023-06-22 16:01:54 +00:00
path_test.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
remove.go
sanitize.go
sanitize_test.go
sec_to_time.go
sec_to_time_test.go
shellquote.go
shellquote_test.go
slice.go Improve utils of slices (#22379) 2023-01-11 13:31:16 +08:00
slice_test.go Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
string.go
string_test.go
timer.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
timer_test.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
truncate.go Add ability to set multiple redirect URIs in OAuth application UI (#25072) 2023-06-05 15:00:12 +08:00
truncate_test.go Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
url.go
util.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
util_test.go Introduce GiteaLocaleNumber custom element to handle number localization on pages. (#23861) 2023-04-03 12:58:09 -04:00