mirrors/forgejo
1
1
Fork 1
mirror of https://codeberg.org/forgejo/forgejo synced 2025-10-18 15:20:38 +02:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/services
History
Exact
Gusted a76099ca94 fix: require password login for creation of new token 
- The creation of new API tokens for users via the API is guarded behind
a extra check. This extra makes sure the user is authorized via the
reverse proxy method (if enabled) or via basic authorization.
- For, what seems to me, historical reasons the basic authorization also
handles logging in via the API token.
- This results in a API token (with `write:user` scope) or OAuth2 token
being able to create a new API token with escalated privileges.
- Add a new condition to this check to ensure the user logged in via
password.
- Change error to better indicate what went wrong.

(cherry picked from commit 85e839e21d)
2025-08-30 11:13:36 +00:00
..
actions [v11.0/forgejo] fix: de-duplicate Forgejo Actions job names when needed (#8884) 2025-08-16 18:24:51 +02:00
agit [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
asymkey [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
attachment [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
auth fix: require password login for creation of new token 2025-08-30 11:13:36 +00:00
automerge [v11.0/forgejo] fix: do not ignore automerge while a PR is checking for conflicts (#8456) 2025-07-09 14:09:12 +02:00
context [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
contexttest [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
convert [v11.0/forgejo] fix(migrations): transfer PR flow information (#7437) 2025-04-03 07:35:20 +00:00
cron [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
doctor [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
externalaccount [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
f3 [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
federation [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
feed [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
forgejo [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
forms [v11.0/forgejo] fix: validate input for default_{merge,update}_style (#7401) 2025-03-31 09:43:46 +00:00
gitdiff [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
indexer [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
issue [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
lfs [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
mailer fix(sec): consider webauthn for external login 2025-05-02 07:31:20 +02:00
markup [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
migrations [v11.0/forgejo] fix(migrations): transfer PR flow information (#7437) 2025-04-03 07:35:20 +00:00
mirror [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
notify [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
org [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
packages [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
pull [v11.0/forgejo] fix: do not ignore automerge while a PR is checking for conflicts (#8456) 2025-07-09 14:09:12 +02:00
release [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
remote [v11.0/forgejo] chore: tune down remote user promotion debug message shown as error (#7691) 2025-04-29 13:31:36 +00:00
repository [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
secrets [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
shared/automerge [v11.0/forgejo] fix: do not ignore automerge while a PR is checking for conflicts (#8456) 2025-07-09 14:09:12 +02:00
task [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
uinotification [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
user [v11.0/forgejo] chore: merge tests.AddFixtures and unittest.OverrideFixtures (#7649) 2025-04-25 09:59:30 +00:00
webhook [v11.0/forgejo] chore: merge tests.AddFixtures and unittest.OverrideFixtures (#7649) 2025-04-25 09:59:30 +00:00
wiki [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00