Infrastructure/forgejo
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-02 11:49:44 -05:00
Code Issues Activity
forgejo/modules
History
Gusted 1770117178
fix: extend forgejo_auth_token table 
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v9: Removed migration - XORM can handle this case automatically without
migration. Add `DEFAULT 'long_term_authorization'`.
2024-11-15 11:33:17 +01:00
..
actions Fix wrong status of Set up Job when first step is skipped (#32120) 2024-09-29 11:52:09 +02:00
activitypub Use forum.gitea.com instead of old URL (#31989) 2024-09-09 20:54:47 +02:00
analyze
assetfs
auth
avatar
base fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
cache Increase cacheContextLifetime to reduce false reports (#32011) 2024-09-14 17:09:03 +02:00
charset
container
csv
emoji
eventsource [BUG] Make logout event non-blocking 2024-08-12 19:13:23 +02:00
forgefed style: reenable switch check 2024-08-18 15:19:01 +02:00
generate
git fix(grep): fix git-grep for code search when git version is below 2.38 2024-10-31 21:26:03 +01:00
gitgraph
gitrepo [CHORE] Drop go-git support 2024-08-12 19:11:09 +02:00
graceful
hcaptcha
highlight [BUG] Make chroma match case-insenstive 2024-10-11 17:35:54 +00:00
hostmatcher Support allowed hosts for migrations to work with proxy (#32025) 2024-09-14 17:52:54 +02:00
html
httpcache Fix wrong last modify time (#32102) 2024-09-27 08:13:30 +00:00
httplib Fix wrong last modify time (#32102) 2024-09-27 08:13:30 +00:00
indexer Fixed race condition when deleting documents by repoId in ElasticSearch (#32185) 2024-10-06 11:45:22 +02:00
issue/template Fix linting issues 2024-08-18 16:25:13 +02:00
json
keying [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
label
lfs [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
log
markup fix: strict matching of allowed content for sanitizer 2024-11-15 11:32:51 +01:00
mcaptcha
metrics
migration Use correct function name (#31887) 2024-08-25 11:56:35 +02:00
nosql [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
optional
options
packages fix: handle renamed dependency for cargo registery 2024-11-13 22:56:30 +00:00
paginator
pprof
private
process
proxy
proxyprotocol
public
queue chore: update mock redis client 2024-09-01 05:42:34 +02:00
recaptcha
references
regexplru
repository style: reenable switch check 2024-08-18 15:19:01 +02:00
secret
session [FEAT] Only implement used API of Redis client 2024-08-30 04:33:15 +02:00
setting fix: Specify default value for EXPLORE_DEFAULT_SORT. 2024-10-20 23:07:18 +00:00
sitemap
ssh
storage
structs fix: add label to issues and PR labeled/unlabeled events 2024-11-04 14:10:27 +00:00
svg
sync
system
templates Lazy load avatar images (#32051) 2024-09-27 08:13:29 +00:00
test
testlogger fix: make branch protection work for new branches 2024-10-24 20:21:43 +00:00
timeutil
translation
turnstile
typesniffer
updatechecker
uri
user
util feat: add IfZero utility function 2024-09-27 08:13:29 +00:00
validation
web
webhook
zstd Cache generated binary across jobs 2024-08-26 23:43:09 +02:00