mirror of
1
Fork 0
Commit Graph

6 Commits

Author SHA1 Message Date
Loïc Dachary de51b21624
[SECURITY] default to pbkdf2 with 320,000 iterations
(cherry picked from commit 3ea0b287d7)
(cherry picked from commit db8392a8ac)
(cherry picked from commit bd2a5fa292)
(cherry picked from commit 2436acb3d9)
(cherry picked from commit 62f50e1c52)
(cherry picked from commit dba1892521)
(cherry picked from commit 4b58e3b6d4)
(cherry picked from commit 1247056856)
(cherry picked from commit afbaea7009)
(cherry picked from commit dcd4813d96)
(cherry picked from commit b51dc963d1)
(cherry picked from commit 611e895efd)
(cherry picked from commit fd492a03f5)
(cherry picked from commit 2c99991f44)
(cherry picked from commit 7426c1edb4)
(cherry picked from commit 373244f8b2)
(cherry picked from commit 4f6efecdb9)
(cherry picked from commit 61d500808e)
(cherry picked from commit 65f8384b63)
(cherry picked from commit 12ed28e734)
(cherry picked from commit ec6cdc9e1a)
(cherry picked from commit 08653ba051)
(cherry picked from commit d5847c87cb)
(cherry picked from commit 640a96e19b)
(cherry picked from commit 46177814a9)
(cherry picked from commit b0098f5a80)
(cherry picked from commit ce5ddeeca9)
(cherry picked from commit 5736fa1025)
(cherry picked from commit c43ca210fc)
(cherry picked from commit 7f92906bf3)
(cherry picked from commit f726525d2d)
(cherry picked from commit db86c93b0b)
(cherry picked from commit 6751bd93c3)
(cherry picked from commit 74bb523ac9)
(cherry picked from commit 94f9045a81)
(cherry picked from commit 5297eac42d)
(cherry picked from commit 57e3c57c51)
(cherry picked from commit c5cacfee51)
(cherry picked from commit dfa31ee004)
(cherry picked from commit d7d10a76b4)
(cherry picked from commit 62bd4edd46)
(cherry picked from commit 798c211f86)
(cherry picked from commit 1f645aecea)
(cherry picked from commit 8a8b62e10e)
(cherry picked from commit d3ff4e1fdf)
(cherry picked from commit 81412571f8)
(cherry picked from commit e9faa1f4e0)
(cherry picked from commit bce1ab85f7)
2024-02-05 14:44:32 +01:00
KN4CK3R f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
wxiaoguang b2359f3df6
Fix various bugs for "install" page (#23194)
## TLDR

* Fix the broken page / broken image problem when click "Install"
* Close #20089
* Fix the Password Hash Algorithm display problem for #22942
* Close #23183
* Close #23184

## Details

### The broken page / broken image problem when click "Install"
(Redirect failed after install gitea #23184)

Before: when click "install", all new requests will fail, because the
server has been restarted. Users just see a broken page with broken
images, sometimes the server is not ready but the user would have been
redirect to "/user/login" page, then the users see a new broken page
(connection refused or something wrong ...)

After: only check InstallLock=true for necessary handlers, and sleep for
a while before restarting the server, then the browser has enough time
to load the "post-install" page. And there is a script to check whether
"/user/login" is ready, the user will only be redirected to the login
page when the server is ready.

### During new instance setup make 'Gitea Base URL' filled from
window.location.origin #20089

If the "app_url" input contains `localhost` (the default value from
config), use current window's location href as the `app_url` (aka
ROOT_URL)

### Fix the Password Hash Algorithm display problem for "Provide the
ability to set password hash algorithm parameters #22942"

Before: the UI shows `pbkdf2$50000$50`

<details>

![image](https://user-images.githubusercontent.com/2114189/221917143-e1e54798-1698-4fee-a18d-00c48081fc39.png)

</details>

After: the UI shows `pbkdf2`

<details>

![image](https://user-images.githubusercontent.com/2114189/221916999-97a15be8-2ebb-4a01-bf93-dac18e354fcc.png)

</details>

### GET data: net::ERR_INVALID_URL #23183

Cause by empty `data:` in `<link rel="manifest"
href="data:{{.ManifestData}}">`

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-03-04 10:12:02 +08:00
zeripath 1319ba6742
Use minio/sha256-simd for accelerated SHA256 (#23052)
minio/sha256-simd provides additional acceleration for SHA256 using
AVX512, SHA Extensions for x86 and ARM64 for ARM.

It provides a drop-in replacement for crypto/sha256 and if the
extensions are not available it falls back to standard crypto/sha256.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-02-22 14:21:46 -05:00
zeripath ef11d41639
Make CI use a dummy password hasher for all tests (#22983)
During the recent hash algorithm change it became clear that the choice
of password hash algorithm plays a role in the time taken for CI to run.

Therefore as attempt to improve CI we should consider using a dummy
hashing algorithm instead of a real hashing algorithm.

This PR creates a dummy algorithm which is then set as the default
hashing algorithm during tests that use the fixtures. This hopefully
will cause a reduction in the time it takes for CI to run.

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-20 13:20:30 +08:00
zeripath 61b89747ed
Provide the ability to set password hash algorithm parameters (#22942)
This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-19 15:35:20 +08:00