mirror of
1
Fork 0
forgejo/routers/web/user
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
setting [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
avatar.go Set `X-Gitea-Debug` header once (#23361) 2023-03-08 15:40:04 -05:00
code.go Add missing tabs to org projects page (#22705) 2023-03-10 09:18:20 -06:00
home.go Fix context filter has no effect in dashboard (#26695) (#26811) 2023-09-08 08:09:18 +02:00
home_test.go Add a simple test for external renderer (#20033) 2022-12-12 20:45:21 +08:00
main_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
notification.go Fix notification list bugs (#25781) (#25787) 2023-07-09 19:15:00 +00:00
package.go Redirect to package after version deletion (#25594) (#25599) 2023-06-30 00:14:57 +02:00
profile.go fix pagination for followers and following (#27127) (#27138) 2023-09-20 12:50:46 +02:00
search.go Replace `interface{}` with `any` (#25686) (#25687) 2023-07-04 23:41:32 -04:00
stop_watch.go Move `convert` package to services (#22264) 2022-12-29 10:57:15 +08:00
task.go Replace `interface{}` with `any` (#25686) (#25687) 2023-07-04 23:41:32 -04:00