mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
16,672 Commits 23 Branches 235 Tags 625 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Gusted 72bdd4f3b9
[v1.21] [GITEA] rework long-term authentication 
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
 2023-10-23 15:35:33 +02:00
JakobDev 76659b1114
Reduce usage of `db.DefaultContext` (#27073) 
Part of #27065

This reduces the usage of `db.DefaultContext`. I think I've got enough
files for the first PR. When this is merged, I will continue working on
this.

Considering how many files this PR affect, I hope it won't take to long
to merge, so I don't end up in the merge conflict hell.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2023-09-14 17:09:32 +00:00
wxiaoguang 5b9557aef5
Refactor cookie (#24107) 
Close #24062

At the beginning, I just wanted to fix the warning mentioned by #24062

But, the cookie code really doesn't look good to me, so clean up them.

Complete the TODO on `SetCookie`: 

> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
 2023-04-13 15:45:33 -04:00
flynnnnnnnnnn e81ccc406b
Implement FSFE REUSE for golang files (#21840) 
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
 2022-11-27 18:20:29 +00:00
KN4CK3R 044c754ea5
Add `context.Context` to more methods (#21546) 
This PR adds a context parameter to a bunch of methods. Some helper
`xxxCtx()` methods got replaced with the normal name now.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
 2022-11-19 16:12:33 +08:00
Daniil Gentili 95383b7a16
Add sitemap support (#18407) 2022-06-25 19:06:01 +02:00
KN4CK3R 80fd25524e
Renamed ctx.User to ctx.Doer. (#19161) 
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2022-03-22 15:03:22 +08:00
Lunny Xiao de8e3948a5
Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
Lunny Xiao 1bfb0a24d8
Refactor routers directory (#15800) 
* refactor routers directory

* move func used for web and api to common

* make corsHandler a function to prohibit side efects

* rm unused func

Co-authored-by: 6543 <6543@obermui.de>
 2021-06-09 01:33:54 +02:00