forgejo/modules/setting
Gusted 51988ef52b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry-pick from eff097448b)

Conflicts:

	modules/context/context_cookie.go
	trivial context conflicts

	routers/web/web.go
	ctx.GetSiteCookie(setting.CookieRememberName) moved from services/auth/middleware.go
2023-10-05 08:50:54 +02:00
..
actions.go [CI] DEFAULT_ACTIONS_URL support for self & github (squash) 2023-07-19 14:34:38 +02:00
actions_test.go [CI] DEFAULT_ACTIONS_URL support for self & github (squash) 2023-07-19 14:34:38 +02:00
admin.go
api.go
asset_dynamic.go
asset_static.go
attachment.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
cache.go
camo.go
config_env.go Remove last newline from config file (#26468) (#26471) 2023-08-21 07:22:19 +02:00
config_env_test.go Remove last newline from config file (#26468) (#26471) 2023-08-21 07:22:19 +02:00
config_provider.go Fix INI parsing for value with trailing slash (#26995) (#27001) 2023-09-20 12:50:46 +02:00
config_provider_test.go Fix INI parsing for value with trailing slash (#26995) (#27001) 2023-09-20 12:50:46 +02:00
cors.go
cron.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
cron_test.go Rewrite queue (#24505) 2023-05-08 19:49:59 +08:00
database.go [GITEA] Add slow SQL query warning 2023-08-21 21:18:43 +02:00
database_sqlite.go
database_test.go
federation.go
forgejo_storage_test.go [TESTS] verify facts for the admin storage documentation (squash) 2023-08-31 15:32:22 +02:00
git.go Use [git.config] for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
git_test.go Use [git.config] for reflog cleaning up (#24958) 2023-05-28 01:07:14 +00:00
highlight.go
i18n.go
incoming_email.go
indexer.go Allow skipping forks and mirrors from being indexed (#23187) 2023-05-25 16:13:47 +08:00
indexer_test.go
lfs.go Avoid writing config file if not installed (#26107) (#26113) 2023-08-21 07:22:15 +02:00
lfs_test.go Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154) 2023-07-30 07:42:53 +02:00
log.go Clarify the logger's MODE config option (#26267) (#26281) 2023-08-21 07:22:16 +02:00
log_test.go Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mailer.go Make mailer SMTP check have timed context (#24751) 2023-05-16 22:55:51 +02:00
mailer_test.go Remove unnecessary code (#24610) 2023-05-10 04:57:06 +00:00
markup.go
metrics.go
migrations.go
mime_type_map.go
mirror.go Avoid polluting the config (#25345) (#25354) 2023-06-18 20:56:50 +00:00
oauth2.go Do not prepare oauth2 config if it is not enabled, do not write config in some sub-commands (#25567) (#25576) 2023-06-29 06:30:40 +02:00
other.go
packages.go Avoid creating directories when loading config (#25944) (#25957) 2023-07-24 07:58:56 +02:00
packages_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
path.go Update path related documents (#25417) (#25982) 2023-07-24 07:58:56 +02:00
path_test.go [BRANDING] alias {FORGEJO,GITEA}_{CUSTOM,WORK_DIR} 2023-07-17 00:25:56 +02:00
picture.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
project.go
proxy.go
queue.go Calculate MAX_WORKERS default value by CPU number (#26177) (#26183) 2023-07-30 07:46:18 +02:00
repository.go [BRANDING] Rebrand default config settings for new installs (#140) 2023-07-17 00:25:55 +02:00
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) (#25244) 2023-06-14 08:36:52 +02:00
security.go [GITEA] rework long-term authentication 2023-10-05 08:50:54 +02:00
server.go [BRANDING] Rebrand default config settings for new installs (#140) 2023-07-17 00:25:55 +02:00
service.go Fix some slice append usages (#26778) (#26798) 2023-09-08 08:09:18 +02:00
service_test.go Fix allowed user types setting problem (#26200) (#26206) 2023-07-30 07:46:19 +02:00
session.go Use secure cookie for HTTPS sites (#26999) (#27013) 2023-09-20 12:50:46 +02:00
setting.go [SEMVER] store SemVer in ForgejoSemVer after a database upgrade 2023-08-21 07:22:18 +02:00
setting_test.go
ssh.go
storage.go Fix storage path logic especially for relative paths (#26441) (#26481) 2023-08-21 07:22:19 +02:00
storage_test.go Fix storage path logic especially for relative paths (#26441) (#26481) 2023-08-21 07:22:19 +02:00
task.go
time.go
ui.go [BRANDING] Rebrand default meta tags 2023-07-17 00:25:55 +02:00
webhook.go [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00