mirror of
1
Fork 0
forgejo/modules/setting
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
actions.go [CI] DEFAULT_ACTIONS_URL support for self & github (squash) 2023-07-19 14:34:38 +02:00
actions_test.go [CI] DEFAULT_ACTIONS_URL support for self & github (squash) 2023-07-19 14:34:38 +02:00
admin.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
api.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
asset_dynamic.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
asset_static.go Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
attachment.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
cache.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
camo.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
config_env.go Remove last newline from config file (#26468) (#26471) 2023-08-21 07:22:19 +02:00
config_env_test.go Remove last newline from config file (#26468) (#26471) 2023-08-21 07:22:19 +02:00
config_provider.go Fix INI parsing for value with trailing slash (#26995) (#27001) 2023-09-20 12:50:46 +02:00
config_provider_test.go Fix INI parsing for value with trailing slash (#26995) (#27001) 2023-09-20 12:50:46 +02:00
cors.go Fix incorrect CORS default values (#24206) 2023-04-19 15:30:10 -04:00
cron.go Replace `interface{}` with `any` (#25686) (#25687) 2023-07-04 23:41:32 -04:00
cron_test.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
database.go [GITEA] Add slow SQL query warning 2023-08-21 21:18:43 +02:00
database_sqlite.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
database_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
federation.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
forgejo_storage_test.go [TESTS] verify facts for the admin storage documentation (squash) 2023-08-31 15:32:22 +02:00
git.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
git_test.go Use `[git.config]` for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
highlight.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
i18n.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
incoming_email.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
indexer.go Allow skipping forks and mirrors from being indexed (#23187) 2023-05-25 16:13:47 +08:00
indexer_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
lfs.go Avoid writing config file if not installed (#26107) (#26113) 2023-08-21 07:22:15 +02:00
lfs_test.go Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154) 2023-07-30 07:42:53 +02:00
log.go Clarify the logger's MODE config option (#26267) (#26281) 2023-08-21 07:22:16 +02:00
log_test.go Replace `interface{}` with `any` (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mailer.go Make mailer SMTP check have timed context (#24751) 2023-05-16 22:55:51 +02:00
mailer_test.go Remove unnecessary code (#24610) 2023-05-10 04:57:06 +00:00
markup.go Add .livemd as a markdown extension (#22730) 2023-04-26 11:22:54 -04:00
metrics.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
migrations.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mime_type_map.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
mirror.go Avoid polluting the config (#25345) (#25354) 2023-06-18 20:56:50 +00:00
oauth2.go Do not prepare oauth2 config if it is not enabled, do not write config in some sub-commands (#25567) (#25576) 2023-06-29 06:30:40 +02:00
other.go Refactor `setting.Other` and remove unused `SHOW_FOOTER_BRANDING` (#24270) 2023-04-22 19:38:25 -04:00
packages.go Avoid creating directories when loading config (#25944) (#25957) 2023-07-24 07:58:56 +02:00
packages_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
path.go Update path related documents (#25417) (#25982) 2023-07-24 07:58:56 +02:00
path_test.go [BRANDING] alias {FORGEJO,GITEA}_{CUSTOM,WORK_DIR} 2023-07-17 00:25:56 +02:00
picture.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
project.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
proxy.go Refactor the setting to make unit test easier (#22405) 2023-02-20 00:12:01 +08:00
queue.go Calculate MAX_WORKERS default value by CPU number (#26177) (#26183) 2023-07-30 07:46:18 +02:00
repository.go [BRANDING] Rebrand default config settings for new installs (#140) 2023-07-17 00:25:55 +02:00
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
security.go [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
server.go [BRANDING] Rebrand default config settings for new installs (#140) 2023-07-17 00:25:55 +02:00
service.go Fix some slice append usages (#26778) (#26798) 2023-09-08 08:09:18 +02:00
service_test.go Fix allowed user types setting problem (#26200) (#26206) 2023-07-30 07:46:19 +02:00
session.go Use secure cookie for HTTPS sites (#26999) (#27013) 2023-09-20 12:50:46 +02:00
setting.go [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-08-21 07:22:18 +02:00
setting_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
ssh.go Prefer native parser for SSH public key parsing (#23798) 2023-04-11 14:34:28 +08:00
storage.go Fix storage path logic especially for relative paths (#26441) (#26481) 2023-08-21 07:22:19 +02:00
storage_test.go Fix storage path logic especially for relative paths (#26441) (#26481) 2023-08-21 07:22:19 +02:00
task.go handle deprecated settings (#22992) 2023-02-20 16:18:26 -06:00
time.go Remove unused setting `time.FORMAT` (#24430) 2023-04-29 22:51:43 +02:00
ui.go [BRANDING] Rebrand default meta tags 2023-07-17 00:25:55 +02:00
webhook.go [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00