forgejo/models
Gusted eff097448b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.
2023-10-05 08:03:27 +02:00
..
actions [v1.22] [CLI] implement forgejo-cli 2023-10-02 16:28:25 +02:00
activities More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
admin Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey [GITEA] Make atomic ssh keys replacement robust 2023-10-02 19:28:45 +02:00
auth [GITEA] rework long-term authentication 2023-10-05 08:03:27 +02:00
avatars make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
db [GITEA] Add slow SQL query warning 2023-10-02 19:23:41 +02:00
dbfs make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
fixtures [GITEA] Improve HTML title on repositories 2023-10-02 19:23:24 +02:00
forgejo/semver [v1.22] [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-10-02 17:14:30 +02:00
forgejo_migrations [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-10-02 17:06:23 +02:00
git More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
issues [GITEA] enable system users for comment.LoadPoster 2023-10-02 19:23:42 +02:00
migrations [GITEA] Drop sha256-simd in favor of stdlib 2023-10-02 19:28:45 +02:00
organization make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
packages make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
perm make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
project More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
pull refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo [GITEA] Use restricted sanitizer for repository description 2023-10-02 19:23:42 +02:00
secret Refactor secrets modification logic (#26873) 2023-09-05 15:21:02 +00:00
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 2023-05-12 08:43:27 +00:00
system make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
unit Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
unittest make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
user [GITEA] rework long-term authentication 2023-10-05 08:03:27 +02:00
webhook make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
error.go Sync branches into databases (#22743) 2023-06-29 10:03:20 +00:00
fixture_generation.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
fixture_test.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
org.go refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
org_team.go Use db.WithTx for AddTeamMember to avoid ctx abuse (#27095) 2023-09-16 12:54:23 +00:00
org_team_test.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
org_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo.go move repository deletion to service layer (#26948) 2023-09-08 04:51:15 +00:00
repo_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo_transfer.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
repo_transfer_test.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00