forgejo/services/auth
Gusted 42f3644409
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.

(cherry picked from commit e6bbecb02d)
2024-11-15 11:33:45 +01:00
..
source [CHORE] Move to new sessioner library 2024-08-25 03:47:08 +02:00
additional_scopes_test.go tests additional grant scopes 2024-08-09 14:58:15 +02:00
auth.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
auth_test.go
basic.go fix: disallow basic authorization when security keys are enrolled 2024-11-15 11:33:45 +01:00
group.go
httpsign.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
interface.go
main_test.go
oauth2.go OAuth2 provider: support for granular scopes 2024-08-09 14:58:15 +02:00
reverseproxy.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
reverseproxy_test.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
session.go Fix the bug that user may logout if he switch pages too fast (#29962) 2024-03-26 19:04:26 +01:00
signin.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
source.go
sspi.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
sspiauth_posix.go
sspiauth_windows.go
sync.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00