forgejo

mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-01 07:09:21 +01:00

History

Gusted 51988ef52b [GITEA] rework long-term authentication - The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry-pick from `eff097448b`) Conflicts: modules/context/context_cookie.go trivial context conflicts routers/web/web.go ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go		2023-10-05 08:50:54 +02:00
..
setting	[GITEA] rework long-term authentication	2023-10-05 08:50:54 +02:00
avatar.go	Set `X-Gitea-Debug` header once (#23361 )	2023-03-08 15:40:04 -05:00
code.go	Add missing tabs to org projects page (#22705 )	2023-03-10 09:18:20 -06:00
home.go	Fix context filter has no effect in dashboard (#26695 ) (#26811 )	2023-09-08 08:09:18 +02:00
home_test.go	Add a simple test for external renderer (#20033 )	2022-12-12 20:45:21 +08:00
main_test.go	Implement FSFE REUSE for golang files (#21840 )	2022-11-27 18:20:29 +00:00
notification.go	Fix notification list bugs (#25781 ) (#25787 )	2023-07-09 19:15:00 +00:00
package.go	Redirect to package after version deletion (#25594 ) (#25599 )	2023-06-30 00:14:57 +02:00
profile.go	fix pagination for followers and following (#27127 ) (#27138 )	2023-09-20 12:50:46 +02:00
search.go	Replace `interface{}` with `any` (#25686 ) (#25687 )	2023-07-04 23:41:32 -04:00
stop_watch.go	Move `convert` package to services (#22264 )	2022-12-29 10:57:15 +08:00
task.go	Replace `interface{}` with `any` (#25686 ) (#25687 )	2023-07-04 23:41:32 -04:00