Gusted 51988ef52b [GITEA] rework long-term authentication ... - The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry-pick from eff097448b) Conflicts: modules/context/context_cookie.go trivial context conflicts routers/web/web.go ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go		2023-10-05 08:50:54 +02:00
..
actions.go
actions_test.go
admin.go
api.go
asset_dynamic.go
asset_static.go
attachment.go
attachment_test.go
cache.go
camo.go
config_env.go
config_env_test.go
config_provider.go
config_provider_test.go
cors.go
cron.go
cron_test.go
database.go
database_sqlite.go
database_test.go
federation.go
forgejo_storage_test.go
git.go
git_test.go
highlight.go
i18n.go
incoming_email.go
indexer.go
indexer_test.go
lfs.go
lfs_test.go
log.go
log_test.go
mailer.go
mailer_test.go
markup.go
metrics.go
migrations.go
mime_type_map.go
mirror.go
oauth2.go
other.go
packages.go
packages_test.go
path.go
path_test.go
picture.go
project.go
proxy.go
queue.go
repository.go
repository_archive.go
repository_archive_test.go
security.go	[GITEA] rework long-term authentication	2023-10-05 08:50:54 +02:00
server.go
service.go
service_test.go
session.go
setting.go
setting_test.go
ssh.go
storage.go
storage_test.go
task.go
time.go
ui.go
webhook.go