forgejo/models
Gusted 1770117178
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.

(cherry picked from commit 1ce33aa38d)

v9: Removed migration - XORM can handle this case automatically without
migration. Add `DEFAULT 'long_term_authorization'`.
2024-11-15 11:33:17 +01:00
..
actions fix: Actions PR workflows must update the commit status 2024-11-04 14:10:27 +00:00
activities fix: correct SQL query for active issues 2024-10-20 23:31:54 +00:00
admin
asymkey Merge pull request '[gitea] week 2024-34 cherry pick (gitea/main -> forgejo)' (#4998) from earl-warren/wcp/2024-34 into forgejo 2024-08-20 06:32:09 +00:00
auth fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
avatars chore(build): use a stable mirror for go-libravatar 2024-09-14 09:58:49 +02:00
db style: reenable switch check 2024-08-18 15:19:01 +02:00
dbfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
fixtures fix: Add recentupdated as recognized sort option 2024-10-20 10:58:07 +00:00
forgefed enhance test & fix reviews 2024-05-14 08:24:31 +02:00
forgejo/semver Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forgejo_migrations [FEAT] Add support for webauthn credential level 3 2024-08-29 10:05:03 +02:00
git Merge pull request '[gitea] week 2024-34 cherry pick (gitea/main -> forgejo)' (#4998) from earl-warren/wcp/2024-34 into forgejo 2024-08-20 06:32:09 +00:00
issues chore(refactor): split ReloadLabels out of LoadLabels in issue model 2024-11-07 10:38:36 +00:00
migrations Fix linting issues 2024-08-18 16:25:13 +02:00
organization fix: Add recentupdated as recognized sort option 2024-10-20 10:58:07 +00:00
packages fix: use buffered iterate for debian searchpackages 2024-10-27 00:10:02 +00:00
perm Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
project Fix the display of project type for deleted projects (#31732) 2024-08-04 10:14:34 +02:00
pull
quota feat: Trivial default quota configuration 2024-08-26 13:25:34 +02:00
repo fix: anomynous users code search for private/limited user's repository 2024-11-15 11:32:38 +01:00
secret Clarify Actions resources ownership (#31724) 2024-08-04 18:24:10 +02:00
shared/types
system Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
unit i18n: UX improvements: Team permissions and issue closing 2024-09-24 19:03:30 +02:00
unittest Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
webhook Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
error.go
fixture_generation.go
fixture_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
main_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
org.go
org_team.go
org_team_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
org_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repo.go
repo_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repo_transfer.go
repo_transfer_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00