forgejo/modules
Gusted fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
..
actions [ACTIONS] on.schedule: the event is always "schedule" 2023-12-23 15:58:37 +01:00
activitypub More refactoring of db.DefaultContext (#27083) 2023-09-15 06:13:19 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
auth [GITEA] Drop sha256-simd in favor of stdlib 2023-11-13 14:06:31 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2023-11-13 14:06:31 +01:00
base [GITEA] Drop sha256-simd in favor of stdlib 2023-11-13 14:06:31 +01:00
cache improve unit test for caching (#26185) 2023-07-27 22:24:40 +02:00
charset Add option to disable ambiguous unicode characters detection (#28454) (#28499) 2023-12-22 12:07:01 +01:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
contexttest Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Initalize stroage for orphaned repository doctor (#28487) (#28490) 2023-12-22 12:05:11 +01:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource More db.DefaultContext refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
generate Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
git Add option to disable ambiguous unicode characters detection (#28454) (#28499) 2023-12-22 12:07:01 +01:00
gitgraph More db.DefaultContext refactor (#27265) (#27347) 2023-09-29 13:35:01 +00:00
graceful Allow the use of alternative net.Listener implementations by downstreams (#25855) 2023-07-24 07:18:17 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Add option to disable ambiguous unicode characters detection (#28454) (#28499) 2023-12-22 12:07:01 +01:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) (#27675) 2023-10-18 15:07:52 +02:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [BRANDING] add X-Forgejo-* headers 2023-11-13 13:58:18 +01:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer Add option to disable ambiguous unicode characters detection (#28454) (#28499) 2023-12-22 12:07:01 +01:00
issue/template Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
json Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs [GITEA] Drop sha256-simd in favor of stdlib 2023-11-13 14:06:31 +01:00
log Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
markup Fix the issue ref rendering for wiki (#28556) (#28559) 2023-12-22 12:10:03 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
migration Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Close all hashed buffers (#27787) (#27790) 2023-10-25 22:24:25 +02:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private [CLI] implement forgejo-cli 2023-11-13 11:52:15 +01:00
process Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Refactor CORS handler (#28587) (#28611) 2024-01-16 14:08:38 +00:00
queue [CI] disable redis test, no redis server yet in CI 2023-11-13 11:52:15 +01:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052) 2023-09-14 02:59:53 +00:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285) 2023-12-08 13:41:16 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2023-11-13 14:06:31 +01:00
session Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
setting [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh [GITEA] Remove SSH workaround 2023-11-13 14:06:31 +01:00
storage [CI] Forgejo Actions based CI for PR & branches 2023-11-13 11:52:15 +01:00
structs [ACTIONS] on.schedule: create a new payload 2023-12-23 15:58:37 +01:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Fix label render containing invalid HTML (#27752) (#27762) 2023-10-24 09:39:13 +08:00
test Move web/api context related testing function into a separate package (#26859) 2023-09-01 11:26:07 +00:00
testlogger Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Detect ogg mime-type as audio or video (#26494) 2023-08-15 10:31:25 +08:00
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2023-11-13 13:57:31 +01:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util [GITEA] rework long-term authentication 2024-01-16 14:14:46 +00:00
validation [GITEA] add option for banning dots in usernames 2023-11-13 14:04:16 +01:00
web [GITEA] Use maintained gziphandler 2024-01-16 14:09:55 +00:00
webhook [ACTIONS] on.schedule: the event is always "schedule" 2023-12-23 15:58:37 +01:00