0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 07:13:02 -05:00
forgejo/modules
Gusted b770282d45
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v7: Removed migration - XORM can handle this case automatically without migration.

assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests
because v7 does not include the user name to the recipient.
2024-11-15 12:02:14 +01:00
..
actions enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
activitypub enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
analyze
assetfs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
auth enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
avatar enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
base fix: extend forgejo_auth_token table 2024-11-15 12:02:14 +01:00
cache enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
charset enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
container Add container.FilterSlice function (gitea#30339) (skip using it) 2024-08-18 06:55:15 +02:00
csv enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
emoji
eventsource
generate enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
git Fix IsObjectExist with gogit (#31790) (#31806) 2024-08-11 09:41:23 +02:00
gitgraph models/asymkey: Implement Tag verification 2024-04-01 13:42:11 +00:00
gitrepo
graceful enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
hcaptcha
highlight enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
hostmatcher
html
httpcache
httplib enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
indexer enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
issue/template
json
label
lfs Fix #31185 try fix lfs download from bitbucket failed (#31201) 2024-08-18 07:01:03 +02:00
log enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
markup fix: strict matching of allowed content for sanitizer 2024-11-15 11:59:35 +01:00
mcaptcha
metrics
migration enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
nosql s/Gitea/Forgejo in various log messages and comments 2024-04-22 14:41:17 +00:00
optional enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
options
packages enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
paginator
pprof
private Move database operations of merging a pull request to post receive hook and add a transaction (#30805) 2024-05-14 15:37:32 +02:00
process [FIX] make pprof labels conformant with prometheus spec 2024-04-01 18:22:11 +00:00
proxy
proxyprotocol
public enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
queue enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
recaptcha
references enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
regexplru enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repository enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
secret enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
session Avoid importing modules/web/middleware in modules/session (#30584) (#30589) 2024-04-21 18:16:09 +02:00
setting enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
sitemap enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
ssh
storage enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
structs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
svg
sync
system enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
templates enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
test test(util): MockProtect when mocking multiple times 2024-06-02 14:32:00 +00:00
testlogger Merge pull request '[v7.0/forgejo] [FEAT] Mark database errors in tests as failure' (#2978) from bp-v7.0/forgejo-2dabd20 into v7.0/forgejo 2024-04-02 15:53:23 +00:00
timeutil Remove the time-since class (#29826) 2024-03-20 08:46:30 +01:00
translation enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
turnstile
typesniffer enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
updatechecker enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
uri enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
user enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
util enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
validation
web enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
webhook [FEAT] sourcehut webhooks 2024-04-05 19:36:04 +00:00