mirror of
1
Fork 0
forgejo/modules
zeripath c702e7995d
Provide the ability to set password hash algorithm parameters (#22942) (#22943)
Backport #22942

This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-19 15:35:52 +08:00
..
activitypub Fix dashboard ignored system setting cache (#21621) (#21759) 2022-11-10 19:41:44 +08:00
analyze Simplify `IsVendor` (#19626) 2022-05-06 10:12:30 +01:00
auth Provide the ability to set password hash algorithm parameters (#22942) (#22943) 2023-02-19 15:35:52 +08:00
avatar Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
base Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
cache Fix get system setting bug when enabled redis cache (#22298) 2023-01-01 23:24:01 +08:00
charset Fix isAllowed of escapeStreamer (#22814) (#22837) 2023-02-10 11:36:58 +08:00
container Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
context Prepend refs/heads/ to issue template refs (#20461) (#22427) 2023-01-13 16:33:35 -06:00
convert Fix pull request API field `closed_at` always being `null` (#22482) (#22483) 2023-01-17 11:41:43 +00:00
csv Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
doctor Prevent dangling user redirects (#21856) (#21858) 2022-11-18 22:25:00 +08:00
emoji Update Emoji dataset to Unicode 14 (#22342) (#22343) 2023-01-04 12:45:18 -06:00
eventsource Move some files into models' sub packages (#20262) 2022-08-25 10:31:57 +08:00
generate Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
git Fix blame view missing lines (#22826) (#22929) 2023-02-17 10:19:24 +08:00
gitgraph Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
graceful Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Upgrade chroma to v2.3.0 (#21259) 2022-09-26 13:50:03 +08:00
hostmatcher Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
httpcache Add Cache-Control header to html and api responses, add no-transform (#20432) 2022-07-23 14:38:03 +08:00
httplib refactor httplib (#18338) 2022-01-19 19:31:39 -05:00
indexer Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
issue/template Use path not filepath in template filenames (#21993) (#22022) 2022-12-04 13:58:58 +08:00
json Refactor legacy `unknwon/com` package, improve golangci lint (#19284) 2022-04-01 16:47:50 +08:00
lfs escape filename when assemble URL (#22850) (#22871) 2023-02-12 09:39:52 +00:00
log Improve trace logging for pulls and processes (#22633) (#22812) 2023-02-13 11:17:36 +08:00
markup Fix README TOC links (#22577) (#22677) 2023-01-31 17:23:19 +08:00
mcaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
metrics Move some files into models' sub packages (#20262) 2022-08-25 10:31:57 +08:00
migration Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794) 2023-02-08 08:39:42 +00:00
mirror Implement sync push mirror on commit (#19411) 2022-07-08 20:45:12 +01:00
nosql fix broken insecureskipverify handling in rediss connection uris (#20967) 2022-08-29 16:38:49 +02:00
notification Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642) 2023-01-28 15:51:00 +00:00
options Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
packages Use import of OCI structs (#22765) (#22805) 2023-02-08 07:50:19 +08:00
paginator Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
pprof Go 1.19 format (#20758) 2022-08-30 21:15:45 -05:00
private Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
process Improve trace logging for pulls and processes (#22633) (#22812) 2023-02-13 11:17:36 +08:00
proxy Use proxy for pull mirror (#22771) (#22772) 2023-02-11 16:11:54 +08:00
proxyprotocol Support Proxy protocol (#12527) 2022-08-21 19:20:43 +01:00
public Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
queue Correctly handle select on multiple channels in Queues (#22146) (#22428) 2023-01-13 20:42:42 +00:00
recaptcha Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
references Remove unnecessary misspell ignore pattern (#21475) 2022-10-18 12:52:25 -04:00
regexplru Custom regexp external issues (#17624) 2022-06-10 13:39:53 +08:00
repository Fix error when calculate the repository size (#22392) (#22474) 2023-01-16 16:07:06 -06:00
secret Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439) 2022-02-04 18:03:15 +01:00
session format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
setting Provide the ability to set password hash algorithm parameters (#22942) (#22943) 2023-02-19 15:35:52 +08:00
sitemap Fix sitemap (#22272) (#22320) 2023-01-03 22:03:56 +08:00
ssh Support Proxy protocol (#12527) 2022-08-21 19:20:43 +01:00
storage Local storage should not store files as executable (#22162) (#22163) 2022-12-19 01:12:25 +02:00
structs Add `sync_on_commit` option for push mirrors api (#22271) (#22292) 2022-12-31 19:46:14 +08:00
svg Remove legacy `+build:` constraint (#19582) 2022-05-02 23:22:45 +08:00
sync Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
system Fix dashboard ignored system setting cache (#21621) (#21759) 2022-11-10 19:41:44 +08:00
templates Display error log when a modified template has an error so that it could recovery when the error fixed (#22261) (#22321) 2023-01-03 19:39:58 +08:00
test Refactor AssertExistsAndLoadBean to use generics (#20797) 2022-08-16 10:22:25 +08:00
timeutil Check for zero time instant in TimeStamp.IsZero() (#22171) (#22172) 2022-12-20 10:04:46 +08:00
translation Make every not exist error unwrappable to a fs.ErrNotExist (#20891) 2022-10-18 07:50:37 +02:00
typesniffer Rework raw file http header logic (#20484) 2022-07-29 17:26:55 +02:00
updatechecker Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
upload Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
uri Prevent NPE if gitea uploader fails to open url (#18080) 2021-12-23 16:27:33 +00:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Improve checkIfPRContentChanged (#22611) (#22644) 2023-01-28 17:56:16 +00:00
validation Add more checks in migration code (#21011) 2022-09-04 13:47:56 +03:00
watcher Share HTML template renderers and create a watcher framework (#20218) 2022-08-28 10:43:25 +01:00
web refactor webhook *NewPost (#20729) 2022-08-11 17:48:23 +02:00