forgejo/modules/setting
Gusted 6404845df9
[v1.21] [GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
2023-10-16 17:27:03 +02:00
..
config Refactor system setting (#27000) (#27452) 2023-10-05 10:37:59 +00:00
actions.go [CI] DEFAULT_ACTIONS_URL = https://codeberg.org 2023-10-16 13:26:26 +02:00
actions_test.go [CI] DEFAULT_ACTIONS_URL = https://codeberg.org 2023-10-16 13:26:26 +02:00
admin.go [GITEA] notifies admins on new user registration 2023-10-16 17:25:37 +02:00
api.go
asset_dynamic.go
asset_static.go
attachment.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
cache.go
camo.go
config.go Refactor system setting (#27000) (#27452) 2023-10-05 10:37:59 +00:00
config_env.go Fix environment-to-ini inherited key bug (#27543) (#27546) 2023-10-09 17:46:58 +00:00
config_env_test.go Fix environment-to-ini inherited key bug (#27543) (#27546) 2023-10-09 17:46:58 +00:00
config_provider.go [GITEA] add GetFile to config provider 2023-10-16 15:50:10 +02:00
config_provider_test.go Fix INI parsing for value with trailing slash (#26995) 2023-09-10 16:15:51 +00:00
cors.go
cron.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
cron_test.go
database.go [GITEA] Add slow SQL query warning 2023-10-16 17:25:36 +02:00
database_sqlite.go
database_test.go
federation.go
forgejo_storage_test.go [TESTS] verify facts for the admin storage documentation 2023-10-16 15:50:10 +02:00
git.go
git_test.go
highlight.go
i18n.go
incoming_email.go
indexer.go
indexer_test.go
lfs.go Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
lfs_test.go Display deprecated warning in admin panel pages as well as in the log file (#26094) 2023-07-26 03:53:37 +00:00
log.go Clarify the logger's MODE config option (#26267) 2023-08-01 18:28:23 +00:00
log_test.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
mailer.go
mailer_test.go
markup.go
metrics.go
migrations.go
mime_type_map.go
mirror.go Avoid polluting the config (#25345) 2023-06-18 16:10:44 +00:00
oauth2.go Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
other.go
packages.go Avoid creating directories when loading config (#25944) 2023-07-18 07:32:36 -05:00
packages_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
path.go Update path related documents (#25417) 2023-07-19 11:22:57 +02:00
path_test.go Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
picture.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
project.go
proxy.go
queue.go Increase queue length (#27555) (#27562) 2023-10-10 20:22:26 +08:00
repository.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) 2023-06-14 11:42:38 +08:00
security.go [v1.21] [GITEA] rework long-term authentication 2023-10-16 17:27:03 +02:00
server.go Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2023-07-21 12:14:20 +00:00
service.go [GITEA] add option for banning dots in usernames 2023-10-16 17:25:36 +02:00
service_test.go Fix allowed user types setting problem (#26200) 2023-07-28 12:15:39 -04:00
session.go Use secure cookie for HTTPS sites (#26999) 2023-09-11 17:03:51 +08:00
setting.go [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-10-16 15:50:10 +02:00
setting_test.go
ssh.go Expanded minimum RSA Keylength to 3072 (#26604) 2023-08-28 00:53:16 +00:00
storage.go Fix storage path logic especially for relative paths (#26441) 2023-08-13 22:09:25 +02:00
storage_test.go Fix storage path logic especially for relative paths (#26441) 2023-08-13 22:09:25 +02:00
task.go
time.go
ui.go Remove the service worker (#25010) 2023-05-31 02:07:04 +00:00
webhook.go