Gusted b770282d45 fix: extend forgejo_auth_token table ... - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added. (cherry picked from commit 1ce33aa38d) v7: Removed migration - XORM can handle this case automatically without migration. assert.Equal(t, `doesnotexist@example.com`, msgs[0].To) in tests because v7 does not include the user name to the recipient.		2024-11-15 12:02:14 +01:00
..
api	fix: don't show private forks in forks list	2024-11-15 11:58:58 +01:00
common	Use relative links for commits, mentions, and issues in markdown (#29427)	2024-03-20 08:46:28 +01:00
install	Always load or generate oauth2 jwt secret (#30942)	2024-05-24 15:15:07 +02:00
private	fix(sec): use constant time check for internal token	2024-10-28 06:17:16 +00:00
utils	Improve user search display name (#29002)	2024-02-01 17:10:16 +00:00
web	fix: extend forgejo_auth_token table	2024-11-15 12:02:14 +01:00
init.go	s/Gitea/Forgejo in various log messages and comments	2024-04-22 14:41:17 +00:00