meissa
/
forgejo
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
forgejo-federated-star
forgejo
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c6c829fe3f'
${ noResults }
forgejo/models
History
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606) 
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
 		10 months ago
..
actions Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
activities Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
admin Next round of `db.DefaultContext` refactor (#27089) 11 months ago
asymkey Replace assert.Fail with assert.FailNow (#27578) 10 months ago
auth Enhanced auth token / remember me (#27606) 10 months ago
avatars Refactor system setting (#27000) 10 months ago
db make writing main test easier (#27270) 10 months ago
dbfs make writing main test easier (#27270) 10 months ago
fixtures Test more templates for if they contain an error (#27367) 10 months ago
git Restore warning commit status (#27504) 10 months ago
issues Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
migrations Enhanced auth token / remember me (#27606) 10 months ago
organization Even more `db.DefaultContext` refactor (#27352) 10 months ago
packages make writing main test easier (#27270) 10 months ago
perm Even more `db.DefaultContext` refactor (#27352) 10 months ago
project More `db.DefaultContext` refactor (#27265) 10 months ago
pull refactor some functions to support ctx as first parameter (#21878) 2 years ago
repo Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
secret Refactor secrets modification logic (#26873) 11 months ago
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 1 year ago
system Refactor system setting (#27000) 10 months ago
unit Make actions default enabled for newly created repository if global configuraion enabled (#27482) 10 months ago
unittest Replace assert.Fail with assert.FailNow (#27578) 10 months ago
user Refactor system setting (#27000) 10 months ago
webhook make writing main test easier (#27270) 10 months ago
error.go Sync branches into databases (#22743) 1 year ago
fixture_generation.go Fix yaml test (#27297) 10 months ago
fixture_test.go Fix yaml test (#27297) 10 months ago
main_test.go make writing main test easier (#27270) 10 months ago
org.go refactor some functions to support ctx as first parameter (#21878) 2 years ago
org_team.go Even more `db.DefaultContext` refactor (#27352) 10 months ago
org_team_test.go Reduce usage of `db.DefaultContext` (#27073) 11 months ago
org_test.go Implement FSFE REUSE for golang files (#21840) 2 years ago
repo.go Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
repo_test.go Penultimate round of `db.DefaultContext` refactor (#27414) 10 months ago
repo_transfer.go Next round of `db.DefaultContext` refactor (#27089) 11 months ago
repo_transfer_test.go Next round of `db.DefaultContext` refactor (#27089) 11 months ago