MirrorHub/forgejo
0
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-04 03:38:26 +01:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/modules
History
Gusted 72bdd4f3b9
[v1.21] [GITEA] rework long-term authentication 
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
2023-10-23 15:35:33 +02:00
..
actions [CI] Search .forgejo/workflows first 2023-10-23 13:49:07 +02:00
activitypub More refactoring of db.DefaultContext (#27083) 2023-09-15 06:13:19 +00:00
analyze
assetfs Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
auth [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
avatar [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
base [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
cache
charset
container
context [v1.21] [GITEA] rework long-term authentication 2023-10-23 15:35:33 +02:00
contexttest Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
csv
doctor Add doctor dbconsistency fix to delete repos with no owner (#27290) (#27693) 2023-10-22 02:21:41 +02:00
emoji
eventsource More db.DefaultContext refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
generate
git [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
gitgraph More db.DefaultContext refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
graceful
hcaptcha
highlight
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) (#27675) 2023-10-18 15:07:52 +02:00
html
httpcache
httplib
indexer [CI] disable meilisearch/elasticsearch test, no server yet in CI 2023-10-23 13:49:07 +02:00
issue/template
json
label
lfs [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
log
markup [GITEA] Use restricted sanitizer for repository description 2023-10-23 15:35:33 +02:00
mcaptcha
metrics Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
migration
nosql
options
packages
paginator
pprof
private [CLI] implement forgejo-cli 2023-10-23 13:49:07 +02:00
process
proxy
proxyprotocol
public
queue [CI] disable redis test, no redis server yet in CI 2023-10-23 13:49:07 +02:00
recaptcha
references Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052) 2023-09-14 02:59:53 +00:00
regexplru
repository Refactor system setting (#27000) (#27452) 2023-10-05 10:37:59 +00:00
secret [v1.21] [GITEA] Drop sha256-simd in favor of stdlib 2023-10-23 15:35:33 +02:00
session Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
setting [v1.21] [GITEA] rework long-term authentication 2023-10-23 15:35:33 +02:00
sitemap
ssh [GITEA] Remove SSH workaround 2023-10-23 15:35:33 +02:00
storage [CI] Forgejo Actions based CI for PR & branches 2023-10-23 13:49:07 +02:00
structs [v1.21] [FEAT] allow setting the update date on issues and comments 2023-10-23 14:20:50 +02:00
svg
sync
system
templates Improve feed icons and feed merge text color (#27498) (#27716) 2023-10-21 12:29:06 +02:00
test Move web/api context related testing function into a separate package (#26859) 2023-09-01 11:26:07 +00:00
testlogger
timeutil
translation
turnstile
typesniffer
updatechecker
upload
uri
user
util [v1.21] [GITEA] rework long-term authentication 2023-10-23 15:35:33 +02:00
validation [GITEA] add option for banning dots in usernames 2023-10-23 15:35:32 +02:00
web [GITEA] Use maintained gziphandler 2023-10-23 15:35:33 +02:00
webhook