forgejo/modules/context
Gusted a14be197eb
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
2023-10-09 22:17:28 +02:00
..
access_log.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
api.go Updates to the API for archived repos (#27149) 2023-09-21 23:43:29 +00:00
api_org.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
api_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
base.go Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) 2023-08-09 14:57:45 +08:00
captcha.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
context.go Make web context initialize correctly for different cases (#26726) 2023-08-25 19:07:42 +08:00
context_cookie.go [GITEA] rework long-term authentication 2023-10-09 22:17:28 +02:00
context_model.go Improve Gitea's web context, decouple "issue template" code into service package (#24590) 2023-05-09 01:30:14 +02:00
context_request.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00
context_response.go Start using template context function (#26254) 2023-08-08 01:22:47 +00:00
context_template.go Start using template context function (#26254) 2023-08-08 01:22:47 +00:00
context_test.go Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
csrf.go Refactor cookie (#24107) 2023-04-13 15:45:33 -04:00
org.go Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
package.go Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
pagination.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
permission.go Add context parameter to some database functions (#26055) 2023-07-22 22:14:27 +08:00
private.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
repo.go Add support for HEAD ref in /src/branch and /src/commit routes (#27384) 2023-10-03 15:37:06 +08:00
response.go Refactor web package and context package (#25298) 2023-06-18 09:59:09 +02:00
utils.go Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
xsrf.go Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00
xsrf_test.go Update gitea-vet to check FSFE REUSE (#22004) 2022-12-02 22:14:57 +08:00