forgejo

mirror of https://codeberg.org/forgejo/forgejo synced 2024-06-01 17:52:39 +02:00

History

Gusted 51988ef52b [GITEA] rework long-term authentication - The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry-pick from `eff097448b`) Conflicts: modules/context/context_cookie.go trivial context conflicts routers/web/web.go ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go		2023-10-05 08:50:54 +02:00
..
avatar.go	Fix context cache bug & enable context cache for dashabord commits' authors(#26991 ) (#27017 )	2023-09-20 12:50:46 +02:00
badge.go
block.go	[MODERATION] add user blocking API	2023-07-17 00:26:42 +02:00
block_test.go	[MODERATION] add user blocking API	2023-07-17 00:26:42 +02:00
email_address.go	check blocklist for emails when adding them to account (#26812 ) (#26831 )	2023-09-08 08:09:18 +02:00
email_address_test.go
error.go
external_login_user.go	Replace `interface{}` with `any` (#25686 ) (#25687 )	2023-07-04 23:41:32 -04:00
follow.go	[MODERATION] organization blocking a user (#802 )	2023-07-17 00:26:42 +02:00
follow_test.go
list.go
main_test.go
must_change_password.go
openid.go
openid_test.go
redirect.go
redirect_test.go
search.go
setting.go
setting_keys.go
setting_test.go
user.go	[GITEA] rework long-term authentication	2023-10-05 08:50:54 +02:00
user_system.go	[BRANDING] reserve forgejo-actions username	2023-07-17 00:25:56 +02:00
user_test.go	[MODERATION] organization blocking a user (#802 )	2023-07-17 00:26:42 +02:00
user_update.go