forgejo/modules
zeripath c702e7995d
Provide the ability to set password hash algorithm parameters (#22942) (#22943)
Backport #22942

This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-19 15:35:52 +08:00
..
activitypub Fix dashboard ignored system setting cache (#21621) (#21759) 2022-11-10 19:41:44 +08:00
analyze
auth Provide the ability to set password hash algorithm parameters (#22942) (#22943) 2023-02-19 15:35:52 +08:00
avatar Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
base Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
cache Fix get system setting bug when enabled redis cache (#22298) 2023-01-01 23:24:01 +08:00
charset Fix isAllowed of escapeStreamer (#22814) (#22837) 2023-02-10 11:36:58 +08:00
container Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
context Prepend refs/heads/ to issue template refs (#20461) (#22427) 2023-01-13 16:33:35 -06:00
convert Fix pull request API field closed_at always being null (#22482) (#22483) 2023-01-17 11:41:43 +00:00
csv Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
doctor Prevent dangling user redirects (#21856) (#21858) 2022-11-18 22:25:00 +08:00
emoji Update Emoji dataset to Unicode 14 (#22342) (#22343) 2023-01-04 12:45:18 -06:00
eventsource
generate
git Fix blame view missing lines (#22826) (#22929) 2023-02-17 10:19:24 +08:00
gitgraph Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
graceful Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
hcaptcha
highlight Upgrade chroma to v2.3.0 (#21259) 2022-09-26 13:50:03 +08:00
hostmatcher Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
httpcache
httplib
indexer Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
issue/template Use path not filepath in template filenames (#21993) (#22022) 2022-12-04 13:58:58 +08:00
json
lfs escape filename when assemble URL (#22850) (#22871) 2023-02-12 09:39:52 +00:00
log Improve trace logging for pulls and processes (#22633) (#22812) 2023-02-13 11:17:36 +08:00
markup Fix README TOC links (#22577) (#22677) 2023-01-31 17:23:19 +08:00
mcaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
metrics
migration Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794) 2023-02-08 08:39:42 +00:00
mirror
nosql fix broken insecureskipverify handling in rediss connection uris (#20967) 2022-08-29 16:38:49 +02:00
notification Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642) 2023-01-28 15:51:00 +00:00
options Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
packages Use import of OCI structs (#22765) (#22805) 2023-02-08 07:50:19 +08:00
paginator Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
pprof Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
private Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
process Improve trace logging for pulls and processes (#22633) (#22812) 2023-02-13 11:17:36 +08:00
proxy Use proxy for pull mirror (#22771) (#22772) 2023-02-11 16:11:54 +08:00
proxyprotocol
public Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
queue Correctly handle select on multiple channels in Queues (#22146) (#22428) 2023-01-13 20:42:42 +00:00
recaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
references Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
regexplru
repository Fix error when calculate the repository size (#22392) (#22474) 2023-01-16 16:07:06 -06:00
secret
session
setting Provide the ability to set password hash algorithm parameters (#22942) (#22943) 2023-02-19 15:35:52 +08:00
sitemap Fix sitemap (#22272) (#22320) 2023-01-03 22:03:56 +08:00
ssh
storage Local storage should not store files as executable (#22162) (#22163) 2022-12-19 01:12:25 +02:00
structs Add sync_on_commit option for push mirrors api (#22271) (#22292) 2022-12-31 19:46:14 +08:00
svg
sync Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
system Fix dashboard ignored system setting cache (#21621) (#21759) 2022-11-10 19:41:44 +08:00
templates Display error log when a modified template has an error so that it could recovery when the error fixed (#22261) (#22321) 2023-01-03 19:39:58 +08:00
test
timeutil Check for zero time instant in TimeStamp.IsZero() (#22171) (#22172) 2022-12-20 10:04:46 +08:00
translation Make every not exist error unwrappable to a fs.ErrNotExist (#20891) 2022-10-18 07:50:37 +02:00
typesniffer
updatechecker Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
upload
uri
user
util Improve checkIfPRContentChanged (#22611) (#22644) 2023-01-28 17:56:16 +00:00
validation Add more checks in migration code (#21011) 2022-09-04 13:47:56 +03:00
watcher
web