0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 23:33:15 -05:00
forgejo/services/auth
Gusted e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
..
source Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo 2024-10-21 14:31:32 +00:00
additional_scopes_test.go tests additional grant scopes 2024-08-09 14:58:15 +02:00
auth.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
auth_test.go Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
basic.go fix: disallow basic authorization when security keys are enrolled 2024-11-15 10:59:36 +01:00
group.go Remove Named interface (#26913) 2023-09-05 15:58:30 +00:00
httpsign.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
interface.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
main_test.go Enhanced auth token / remember me (#27606) 2023-10-14 00:56:41 +00:00
oauth2.go OAuth2 provider: support for granular scopes 2024-08-09 14:58:15 +02:00
reverseproxy.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
reverseproxy_test.go [BUG] First user created through reverse proxy should be admin 2024-08-19 21:04:35 +02:00
session.go Fix the bug that user may logout if he switch pages too fast (#29962) 2024-03-26 19:04:26 +01:00
signin.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
source.go Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
sspi.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
sspiauth_posix.go Make SSPI auth mockable (#27036) 2023-09-17 23:32:56 +00:00
sync.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00