mirror of
1
Fork 0
forgejo/models
Gusted b770282d45
fix: extend `forgejo_auth_token` table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v7: Removed migration - XORM can handle this case automatically without migration.

assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests
because v7 does not include the user name to the recipient.
2024-11-15 12:02:14 +01:00
..
actions enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
activities enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
admin Next round of `db.DefaultContext` refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey Fix panic of ssh public key page after deletion of auth source (#31829) (#31836) 2024-08-18 07:11:32 +02:00
auth fix: extend `forgejo_auth_token` table 2024-11-15 12:02:14 +01:00
avatars enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
db enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
dbfs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
fixtures test(oauth): RFC 6749 Section 10.2 conformance 2024-06-06 10:01:56 +00:00
forgejo/semver enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
forgejo_migrations enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
git Show lock owner instead of repo owner on LFS setting page (#31788) (#31817) 2024-08-18 07:01:03 +02:00
issues enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
migrations enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
organization enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
packages enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
perm enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
project enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
pull [GITEA] GetScheduledMergeByPullID may involve a system user 2024-02-05 16:09:41 +01:00
repo fix: anomynous users code search for private/limited user's repository 2024-11-15 11:59:22 +01:00
secret Make runs-on support variable expression (#29468) 2024-03-11 23:36:59 +07:00
shared/types Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
system enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
unit enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
unittest enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
user fix: extend `forgejo_auth_token` table 2024-11-15 12:02:14 +01:00
webhook enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
error.go Add merge style `fast-forward-only` (#28954) 2024-02-14 17:19:19 +01:00
fixture_generation.go Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
fixture_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
main_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
org.go Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
org_team.go Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220) 2023-12-07 15:27:36 +08:00
org_team_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
org_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repo.go Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
repo_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repo_transfer.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
repo_transfer_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00