forgejo/services/auth
Gusted e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
..
source Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo 2024-10-21 14:31:32 +00:00
additional_scopes_test.go tests additional grant scopes 2024-08-09 14:58:15 +02:00
auth.go
auth_test.go
basic.go fix: disallow basic authorization when security keys are enrolled 2024-11-15 10:59:36 +01:00
group.go
httpsign.go
interface.go
main_test.go
oauth2.go OAuth2 provider: support for granular scopes 2024-08-09 14:58:15 +02:00
reverseproxy.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
reverseproxy_test.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
session.go Fix the bug that user may logout if he switch pages too fast (#29962) 2024-03-26 19:04:26 +01:00
signin.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
source.go
sspi.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
sspiauth_posix.go
sync.go