0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-26 15:14:24 +01:00
gitea/models/migrations
M Hickford 191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
..
fixtures Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
testlogger_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
v70.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v71.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v72.go
v73.go
v74.go
v75.go
v76.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v77.go
v78.go
v79.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v80.go
v81.go Upgrade xorm to v1.0.0 (#10646) 2020-03-22 11:12:55 -04:00
v82.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v83.go
v84.go
v85.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v86.go
v87.go
v88.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v89.go
v90.go
v91.go
v92.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v93.go
v94.go
v95.go
v96.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v97.go
v98.go
v99.go Migrations (v82,v96,v99,v136) remove dependencies (#12286) 2020-07-22 09:27:22 -05:00
v100.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v101.go
v102.go Use transaction in V102 migration (#12395) 2020-08-06 19:16:49 +01:00
v103.go
v104.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v105.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v106.go
v107.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v108.go
v109.go
v110.go Upgrade xorm to v1.0.0 (#10646) 2020-03-22 11:12:55 -04:00
v111.go Move issues related files into models/issues (#19931) 2022-06-13 17:37:59 +08:00
v112.go Add a storage layer for attachments (#11387) 2020-08-18 12:23:45 +08:00
v113.go
v114.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v115.go Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
v116.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v117.go
v118.go
v119.go Refactor: Remove Dependencys from Migration v112-v119 (#11811) 2020-06-09 16:34:05 -04:00
v120.go
v121.go
v122.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v123.go
v124.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v125.go Migrate reviews when migrating repository from github (#9463) 2020-01-23 19:28:15 +02:00
v126.go Update topics repo count when deleting repository (#10051) 2020-01-31 08:57:19 +02:00
v127.go Language statistics bar for repositories (#8037) 2020-02-11 11:34:17 +02:00
v128.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v129.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v130.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
v131.go System-wide webhooks (#10546) 2020-03-09 00:08:05 +02:00
v132.go Allow to set protected file patterns that can not be changed under no conditions (#10806) 2020-03-27 00:26:34 +02:00
v133.go make avatar lookup occur at image request (#10540) 2020-03-27 14:34:39 +02:00
v134.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v135.go Add Organization Wide Labels (#10814) 2020-04-01 01:14:46 -03:00
v136.go Propagate context and ensure git commands run in request context (#17868) 2022-01-19 23:26:57 +00:00
v137.go Prevent merge of outdated PRs on protected branches (#11012) 2020-04-16 22:00:36 -03:00
v138.go Add a way to mark Conversation (code comment) resolved (#11037) 2020-04-18 10:50:25 -03:00
v139.go Fix issue ref migration (#11419) 2020-05-15 15:05:18 +01:00
v140.go Change language statistics to save size instead of percentage (#11681) 2020-05-30 10:46:15 +03:00
v141.go Fix migration v141 (#14387) 2021-01-28 23:58:33 +01:00
v142.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v143.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v144.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v145.go Fix Migration 145 on MSSQL if varchar is changed to nvarchar (#12445) 2020-08-10 16:01:10 +03:00
v146.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v147.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
v148.go [BugFix] Fix comment broken issue ref dependence (#12651) 2020-09-04 09:36:56 +08:00
v149.go Add Created & Updated to Milestone (#12662) 2020-09-05 13:38:54 -04:00
v150.go Add Primary Key to Topic and RepoTopic (#12639) 2020-09-10 20:45:01 +01:00
v151.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v152.go Add configurable Trust Models (#11712) 2020-09-20 00:44:55 +08:00
v153.go Add team support for review request (#12039) 2020-10-12 20:55:13 +01:00
v154.go Use neutral language in comments and docs (#20135) 2022-06-25 17:50:12 -05:00
v155.go [Enhancement] Allow admin to merge pr with protected file changes (#12078) 2020-10-13 14:50:57 -04:00
v156.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v157.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v158.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v159.go Include OriginalAuthor in Reaction constraint (#13505) 2020-11-10 22:37:11 +00:00
v160.go Add block on official review requests branch protection (#13705) 2020-11-28 21:30:46 +02:00
v161.go Fix database keyword quote problem on migration v161 (#17522) 2021-11-05 00:47:01 +02:00
v162.go Add support for corporate WeChat webhooks (#15910) 2021-07-23 12:41:27 +08:00
v163.go Change topic name size from 25 to 50 (#14150) 2020-12-26 23:28:47 +00:00
v164.go Minimal OpenID Connect implementation (#14139) 2021-01-02 00:33:27 +08:00
v165.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v166.go Remove unused commit (#14741) 2021-02-20 15:02:39 +01:00
v167.go Redirect on changed user and org name (#11649) 2021-01-24 16:23:05 +01:00
v168.go noop (#14521) 2021-01-29 23:52:13 +08:00
v169.go Use OldRef instead of CommitSHA for DeleteBranch comments (#14604) 2021-02-08 11:09:14 +08:00
v170.go Add dismiss review feature (#12674) 2021-02-11 18:32:25 +01:00
v171.go Add v171 (addSortingColToProjectBoard) migration for #14634 (#14652) 2021-02-12 13:01:26 +02:00
v172.go v172 migration adds created_unix field instead of expiry (#15458) 2021-04-13 20:04:17 -04:00
v173.go Add UI to delete tracked times (#14100) 2021-02-19 12:52:11 +02:00
v174.go Delete Labels & IssueLabels on Repo Delete too (#15039) 2021-03-19 21:01:24 +02:00
v175.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v176.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
v176_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v177.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
v177_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v178.go Add LFS Migration and Mirror (#14726) 2021-04-08 18:25:57 -04:00
v179.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v180.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v181.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v181_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v182.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v182_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v183.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
v184.go Check if column exist before rename if exist, just return with no error (#17870) 2021-12-02 21:17:24 +08:00
v185.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v186.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
v187.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
v188.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
v189.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v189_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v190.go Add agit flow support in gitea (#14295) 2021-07-28 17:42:56 +08:00
v191.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v192.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v193.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v193_test.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v194.go Support unprotected file patterns (#16395) 2021-09-11 16:21:17 +02:00
v195.go Fix commit status index problem (#17061) 2021-09-23 18:50:06 +08:00
v195_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v196.go Kanban colored boards (#16647) 2021-09-29 22:53:12 +02:00
v197.go Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
v198.go Save and view issue/comment content history (#16909) 2021-10-10 18:40:03 -04:00
v199.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v200.go Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
v201.go Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
v202.go Add support for ssh commit signing (#17743) 2021-12-19 00:37:18 -05:00
v203.go Support sorting for project board issuses (#17152) 2021-12-08 14:57:18 +08:00
v204.go Migration 204 use Sync2 (#18044) 2021-12-20 18:58:38 +01:00
v205.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v206.go Team permission allow different unit has different permission (#17811) 2022-01-05 11:37:00 +08:00
v207.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v208.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v209.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v210.go Update the webauthn_credential_id_sequence in Postgres (#19048) 2022-03-10 23:04:55 +01:00
v210_test.go Lock gofumpt to v0.3.0 and run it (#18866) 2022-02-23 20:16:07 +00:00
v211.go Store the foreign ID of issues during migration (#18446) 2022-03-17 18:08:35 +01:00
v212.go Add Package Registry (#16510) 2022-03-30 16:42:47 +08:00
v213.go Add "Allow edits from maintainer" feature (#18002) 2022-04-28 17:45:33 +02:00
v214.go Auto merge pull requests when all checks succeeded via API (#9307) 2022-05-08 01:05:52 +08:00
v215.go Delete related PullAutoMerge and ReviewState on User/Repo Deletion (#19649) 2022-05-08 15:46:34 +02:00
v216.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v217.go Alter hook_task TEXT fields to LONGTEXT (#20038) 2022-06-19 19:47:04 +01:00
v218.go Add another index for Action table on postgres (#21033) 2022-09-03 17:27:59 +01:00
v219.go Fix commit status icon when in subdirectory (#20285) 2022-07-15 14:01:32 +01:00
v220.go Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) 2022-08-08 02:16:22 +02:00
v221.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v221_test.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v222.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v223.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v224.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v225.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v226.go Set SemverCompatible to false for Conan packages (#21275) 2022-10-07 12:22:05 +08:00
v227.go Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
v228.go Add team member invite by email (#20307) 2022-10-19 14:40:28 +02:00
v229.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v229_test.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v230.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
v230_test.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00