0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-23 11:24:37 +01:00
gitea/models/migrations
M Hickford 191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
..
fixtures Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
testlogger_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
v70.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v71.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v72.go
v73.go
v74.go
v75.go
v76.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v77.go
v78.go
v79.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v80.go
v81.go
v82.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v83.go
v84.go
v85.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v86.go
v87.go
v88.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v89.go
v90.go
v91.go
v92.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v93.go
v94.go
v95.go
v96.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v97.go
v98.go
v99.go
v100.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v101.go
v102.go
v103.go
v104.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v105.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v106.go
v107.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v108.go
v109.go
v110.go
v111.go Move issues related files into models/issues (#19931) 2022-06-13 17:37:59 +08:00
v112.go
v113.go
v114.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v115.go Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
v116.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v117.go
v118.go
v119.go
v120.go
v121.go
v122.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v123.go
v124.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v125.go
v126.go
v127.go
v128.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v129.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v130.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
v131.go
v132.go
v133.go
v134.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v135.go
v136.go Propagate context and ensure git commands run in request context (#17868) 2022-01-19 23:26:57 +00:00
v137.go
v138.go
v139.go
v140.go
v141.go Fix migration v141 (#14387) 2021-01-28 23:58:33 +01:00
v142.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v143.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v144.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v145.go Fix Migration 145 on MSSQL if varchar is changed to nvarchar (#12445) 2020-08-10 16:01:10 +03:00
v146.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v147.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
v148.go
v149.go
v150.go
v151.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v152.go
v153.go
v154.go Use neutral language in comments and docs (#20135) 2022-06-25 17:50:12 -05:00
v155.go
v156.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v157.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v158.go chore(models): rewrite code format. (#14754) 2021-03-14 19:52:12 +01:00
v159.go
v160.go
v161.go Fix database keyword quote problem on migration v161 (#17522) 2021-11-05 00:47:01 +02:00
v162.go Add support for corporate WeChat webhooks (#15910) 2021-07-23 12:41:27 +08:00
v163.go
v164.go
v165.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v166.go Remove unused commit (#14741) 2021-02-20 15:02:39 +01:00
v167.go
v168.go noop (#14521) 2021-01-29 23:52:13 +08:00
v169.go Use OldRef instead of CommitSHA for DeleteBranch comments (#14604) 2021-02-08 11:09:14 +08:00
v170.go Add dismiss review feature (#12674) 2021-02-11 18:32:25 +01:00
v171.go Add v171 (addSortingColToProjectBoard) migration for #14634 (#14652) 2021-02-12 13:01:26 +02:00
v172.go v172 migration adds created_unix field instead of expiry (#15458) 2021-04-13 20:04:17 -04:00
v173.go Add UI to delete tracked times (#14100) 2021-02-19 12:52:11 +02:00
v174.go Delete Labels & IssueLabels on Repo Delete too (#15039) 2021-03-19 21:01:24 +02:00
v175.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v176.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
v176_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v177.go Create Proper Migration Tests (#15116) 2021-03-24 19:27:22 +01:00
v177_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v178.go Add LFS Migration and Mirror (#14726) 2021-04-08 18:25:57 -04:00
v179.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v180.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v181.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v181_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v182.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v182_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v183.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
v184.go Check if column exist before rename if exist, just return with no error (#17870) 2021-12-02 21:17:24 +08:00
v185.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v186.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
v187.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
v188.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
v189.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v189_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v190.go Add agit flow support in gitea (#14295) 2021-07-28 17:42:56 +08:00
v191.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v192.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v193.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v193_test.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v194.go Support unprotected file patterns (#16395) 2021-09-11 16:21:17 +02:00
v195.go Fix commit status index problem (#17061) 2021-09-23 18:50:06 +08:00
v195_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v196.go Kanban colored boards (#16647) 2021-09-29 22:53:12 +02:00
v197.go Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
v198.go Save and view issue/comment content history (#16909) 2021-10-10 18:40:03 -04:00
v199.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v200.go Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
v201.go Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
v202.go Add support for ssh commit signing (#17743) 2021-12-19 00:37:18 -05:00
v203.go Support sorting for project board issuses (#17152) 2021-12-08 14:57:18 +08:00
v204.go Migration 204 use Sync2 (#18044) 2021-12-20 18:58:38 +01:00
v205.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v206.go Team permission allow different unit has different permission (#17811) 2022-01-05 11:37:00 +08:00
v207.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v208.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v209.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v210.go Update the webauthn_credential_id_sequence in Postgres (#19048) 2022-03-10 23:04:55 +01:00
v210_test.go Lock gofumpt to v0.3.0 and run it (#18866) 2022-02-23 20:16:07 +00:00
v211.go Store the foreign ID of issues during migration (#18446) 2022-03-17 18:08:35 +01:00
v212.go Add Package Registry (#16510) 2022-03-30 16:42:47 +08:00
v213.go Add "Allow edits from maintainer" feature (#18002) 2022-04-28 17:45:33 +02:00
v214.go Auto merge pull requests when all checks succeeded via API (#9307) 2022-05-08 01:05:52 +08:00
v215.go Delete related PullAutoMerge and ReviewState on User/Repo Deletion (#19649) 2022-05-08 15:46:34 +02:00
v216.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v217.go Alter hook_task TEXT fields to LONGTEXT (#20038) 2022-06-19 19:47:04 +01:00
v218.go Add another index for Action table on postgres (#21033) 2022-09-03 17:27:59 +01:00
v219.go Fix commit status icon when in subdirectory (#20285) 2022-07-15 14:01:32 +01:00
v220.go Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) 2022-08-08 02:16:22 +02:00
v221.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v221_test.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v222.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v223.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v224.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v225.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v226.go Set SemverCompatible to false for Conan packages (#21275) 2022-10-07 12:22:05 +08:00
v227.go Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
v228.go Add team member invite by email (#20307) 2022-10-19 14:40:28 +02:00
v229.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v229_test.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v230.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
v230_test.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00