forgejo/models
Gusted a14be197eb
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
2023-10-09 22:17:28 +02:00
..
actions [CLI] implement forgejo-cli 2023-10-09 17:15:31 +02:00
activities Add Index to action.user_id (#27403) 2023-10-03 21:41:25 -04:00
admin Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey [GITEA] Make atomic ssh keys replacement robust 2023-10-09 22:17:20 +02:00
auth [GITEA] rework long-term authentication 2023-10-09 22:17:28 +02:00
avatars Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
db [GITEA] Add slow SQL query warning 2023-10-09 20:25:24 +02:00
dbfs make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
fixtures [GITEA] Improve HTML title on repositories 2023-10-09 20:25:23 +02:00
forgejo/semver [v1.22] [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-10-09 19:11:03 +02:00
forgejo_migrations [GITEA] rework long-term authentication 2023-10-09 22:17:28 +02:00
git Restore warning commit status (#27504) 2023-10-08 22:16:06 +00:00
issues [GITEA] enable system users for comment.LoadPoster 2023-10-09 20:44:24 +02:00
migrations [GITEA] Drop sha256-simd in favor of stdlib 2023-10-09 22:17:14 +02:00
organization Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
packages make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
perm Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
project More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
pull refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo [GITEA] Use restricted sanitizer for repository description 2023-10-09 20:44:24 +02:00
secret Refactor secrets modification logic (#26873) 2023-09-05 15:21:02 +00:00
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 2023-05-12 08:43:27 +00:00
system Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
unit Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
unittest [TESTS] tests.AddFixtures helper loads additional per-test fixtures 2023-10-09 19:11:03 +02:00
user [GITEA] rework long-term authentication 2023-10-09 22:17:28 +02:00
webhook make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
error.go Sync branches into databases (#22743) 2023-06-29 10:03:20 +00:00
fixture_generation.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
fixture_test.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
org.go refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
org_team.go Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
org_team_test.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
org_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo.go Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
repo_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo_transfer.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
repo_transfer_test.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00