mirror of
1
Fork 0
forgejo/models
Gusted 623c93ff46
Increase Salt randomness (#18179)
- The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit.
- The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness.
- Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16).
- When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt.

Thanks to @zeripath for working out the rouge edges from my first commit 😄.

Co-authored-by: lafriks <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
2022-01-04 15:13:52 +00:00
..
admin Move user/org deletion to services (#17673) 2021-11-19 01:42:27 +08:00
appstate Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
asymkey Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
auth Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
avatars Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951) 2021-12-16 10:18:38 +08:00
db Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
fixtures tests: add coverage for models migration helpers (#18162) 2022-01-03 23:35:01 +08:00
issues Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
migrations Increase Salt randomness (#18179) 2022-01-04 15:13:52 +00:00
perm Move accessmode into models/perm (#17828) 2021-11-28 12:58:28 +01:00
repo Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
unit Move unit into models/unit/ (#17576) 2021-11-09 20:57:58 +01:00
unittest tests: s/GITEA_UNIT_TESTS_VERBOSE/GITEA_UNIT_TESTS_LOG_SQL/ (#18142) 2022-01-01 04:31:24 +01:00
user Increase Salt randomness (#18179) 2022-01-04 15:13:52 +00:00
webhook Remove NewSession method from db.Engine interface (#17577) 2021-11-21 23:41:00 +08:00
access.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
access_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
action.go Prevent hang in git cat-file if repository is not a valid repository and other fixes (#17991) 2021-12-16 19:01:14 +00:00
action_list.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
action_test.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
branches.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
branches_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
commit.go Move keys to models/asymkey (#17917) 2021-12-10 16:14:24 +08:00
commit_status.go Add missing `X-Total-Count` and fix some related bugs (#17968) 2021-12-15 13:39:34 +08:00
commit_status_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
consistency.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
consistency_test.go A better go code formatter, and now `make fmt` can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
engine_test.go Refactor install page (db type) (#17919) 2021-12-07 13:44:08 +08:00
error.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
fixture_generation.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
fixture_test.go Decouple unit test code from business code (#17623) 2021-11-12 22:36:47 +08:00
helper.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
helper_directory.go refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
helper_environment.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
issue_assignees.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_assignees_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
issue_comment.go Add API to get issue/pull comments and events (timeline) (#17403) 2022-01-01 22:12:25 +08:00
issue_comment_list.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_comment_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_dependency.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_dependency_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
issue_label.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_label_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_list.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
issue_list_test.go Decouple unit test, remove intermediate `unittestbridge` package (#17662) 2021-11-16 16:53:21 +08:00
issue_lock.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
issue_milestone.go Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
issue_milestone_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_reaction.go Add missing `X-Total-Count` and fix some related bugs (#17968) 2021-12-15 13:39:34 +08:00
issue_reaction_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_stopwatch.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_stopwatch_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
issue_test.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
issue_tracked_time.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_tracked_time_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
issue_user.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_user_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_watch.go Add missing `X-Total-Count` and fix some related bugs (#17968) 2021-12-15 13:39:34 +08:00
issue_watch_test.go A better go code formatter, and now `make fmt` can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
issue_xref.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
issue_xref_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
lfs.go Allow admin to associate missing LFS objects for repositories (#18143) 2022-01-01 17:05:31 +08:00
lfs_lock.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
main_test.go Move keys to models/asymkey (#17917) 2021-12-10 16:14:24 +08:00
migrate.go tests: add coverage for models migration helpers (#18162) 2022-01-03 23:35:01 +08:00
migrate_test.go tests: add coverage for models migration helpers (#18162) 2022-01-03 23:35:01 +08:00
notification.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
notification_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
org.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
org_team.go Prevent hang in git cat-file if repository is not a valid repository and other fixes (#17991) 2021-12-16 19:01:14 +00:00
org_team_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
org_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
project.go Remove NewSession method from db.Engine interface (#17577) 2021-11-21 23:41:00 +08:00
project_board.go Support sorting for project board issuses (#17152) 2021-12-08 14:57:18 +08:00
project_issue.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
project_test.go Decouple unit test code from business code (#17623) 2021-11-12 22:36:47 +08:00
protected_tag.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
protected_tag_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
pull.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
pull_list.go Don't delete branch if other PRs with this branch are open (#18164) 2022-01-03 20:45:58 +01:00
pull_test.go Don't delete branch if other PRs with this branch are open (#18164) 2022-01-03 20:45:58 +01:00
release.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
repo.go Fix performance regression when user has many organization (#18125) 2021-12-30 13:03:40 +08:00
repo_activity.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
repo_collaboration.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
repo_collaboration_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
repo_generate.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
repo_generate_test.go Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
repo_list.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
repo_list_test.go Decouple unit test, remove intermediate `unittestbridge` package (#17662) 2021-11-16 16:53:21 +08:00
repo_permission.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
repo_permission_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
repo_test.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
repo_transfer.go Some repository refactors (#17950) 2021-12-12 23:48:20 +08:00
repo_transfer_test.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
review.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
review_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
statistic.go Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
task.go Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
token.go Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
token_test.go A better go code formatter, and now `make fmt` can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
upload.go Remove NewSession method from db.Engine interface (#17577) 2021-11-21 23:41:00 +08:00
user.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
user_heatmap.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
user_heatmap_test.go Move user related model into models/user (#17781) 2021-11-24 17:49:20 +08:00
user_test.go Use conditions but not repo ids as query condition (#16839) 2021-12-29 21:02:12 +08:00
userlist.go Move more model into models/user (#17826) 2021-11-28 22:11:58 +08:00
userlist_test.go Move more model into models/user (#17826) 2021-11-28 22:11:58 +08:00