mirror of
1
Fork 0
forgejo/models/user
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
..
fixtures Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
avatar.go Replace -1 with GhostUserID (#27703) 2023-10-20 14:43:08 +00:00
badge.go Remove most path-based golangci exclusions (#24214) 2023-04-19 22:08:01 -04:00
block.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
block_test.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
email_address.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
email_address_test.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
error.go Remove unused `KeyID`. (#29167) 2024-02-16 15:20:52 +01:00
external_login_user.go allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
federated_user.go initial 2024-05-16 08:15:43 +02:00
federated_user_test.go initial 2024-05-16 08:15:43 +02:00
follow.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
follow_test.go Next round of `db.DefaultContext` refactor (#27089) 2023-09-16 14:39:12 +00:00
list.go Reduce usage of `db.DefaultContext` (#27073) 2023-09-14 17:09:32 +00:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
must_change_password.go Add command to bulk set must-change-password (#22823) 2023-02-14 16:12:19 -06:00
openid.go More refactoring of `db.DefaultContext` (#27083) 2023-09-15 06:13:19 +00:00
openid_test.go More refactoring of `db.DefaultContext` (#27083) 2023-09-15 06:13:19 +00:00
redirect.go Another round of `db.DefaultContext` refactor (#27103) 2023-09-25 13:17:37 +00:00
redirect_test.go Another round of `db.DefaultContext` refactor (#27103) 2023-09-25 13:17:37 +00:00
search.go Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
setting.go More refactoring of `db.DefaultContext` (#27083) 2023-09-15 06:13:19 +00:00
setting_keys.go Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
setting_test.go More refactoring of `db.DefaultContext` (#27083) 2023-09-15 06:13:19 +00:00
user.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
user_repository.go initial 2024-05-16 08:15:43 +02:00
user_system.go [BRANDING] reserve forgejo-actions username 2024-02-05 16:05:01 +01:00
user_test.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
user_update.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00