mirror of
1
Fork 0
forgejo/modules
Gusted b770282d45
fix: extend `forgejo_auth_token` table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v7: Removed migration - XORM can handle this case automatically without migration.

assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests
because v7 does not include the user name to the recipient.
2024-11-15 12:02:14 +01:00
..
actions enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
activitypub enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
auth enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
avatar enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
base fix: extend `forgejo_auth_token` table 2024-11-15 12:02:14 +01:00
cache enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
charset enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
container Add container.FilterSlice function (gitea#30339) (skip using it) 2024-08-18 06:55:15 +02:00
csv enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Final round of `db.DefaultContext` refactor (#27587) 2023-10-14 08:37:24 +00:00
generate enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
git Fix `IsObjectExist` with gogit (#31790) (#31806) 2024-08-11 09:41:23 +02:00
gitgraph models/asymkey: Implement Tag verification 2024-04-01 13:42:11 +00:00
gitrepo Move get/set default branch from git package to gitrepo package to hide repopath (#29126) 2024-03-11 23:36:59 +07:00
graceful enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [BRANDING] add X-Forgejo-* headers 2024-02-05 16:02:14 +01:00
httplib enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
indexer enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
issue/template Extend issue template yaml engine (#29274) 2024-03-06 12:10:47 +08:00
json Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Fix #31185 try fix lfs download from bitbucket failed (#31201) 2024-08-18 07:01:03 +02:00
log enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
markup fix: strict matching of allowed content for sanitizer 2024-11-15 11:59:35 +01:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Reduce usage of `db.DefaultContext` (#27073) 2023-09-14 17:09:32 +00:00
migration enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
nosql s/Gitea/Forgejo in various log messages and comments 2024-04-22 14:41:17 +00:00
optional enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private Move database operations of merging a pull request to post receive hook and add a transaction (#30805) 2024-05-14 15:37:32 +02:00
process [FIX] make pprof labels conformant with prometheus spec 2024-04-01 18:22:11 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
queue enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
regexplru enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repository enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
secret enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
session Avoid importing `modules/web/middleware` in `modules/session` (#30584) (#30589) 2024-04-21 18:16:09 +02:00
setting enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
sitemap enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
structs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
templates enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
test test(util): MockProtect when mocking multiple times 2024-06-02 14:32:00 +00:00
testlogger Merge pull request '[v7.0/forgejo] [FEAT] Mark database errors in tests as failure' (#2978) from bp-v7.0/forgejo-2dabd20 into v7.0/forgejo 2024-04-02 15:53:23 +00:00
timeutil Remove the `time-since` class (#29826) 2024-03-20 08:46:30 +01:00
translation enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
updatechecker enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
uri enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
user enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
util enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
validation [GITEA] add option for banning dots in usernames 2024-02-05 16:05:50 +01:00
web enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
webhook [FEAT] sourcehut webhooks 2024-04-05 19:36:04 +00:00