meissa
/
forgejo
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
forgejo-federated-star
forgejo
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fba4ee7efc'
${ noResults }
forgejo/modules/setting
History
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606) 
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
 		9 months ago
..
config Refactor system setting (#27000) 9 months ago
actions.go Make Actions tasks/jobs timeouts configurable by the user (#27400) 9 months ago
actions_test.go Restrict `[actions].DEFAULT_ACTIONS_URL` to only `github` or `self` (#25581) 1 year ago
admin.go Refactor the setting to make unit test easier (#22405) 1 year ago
api.go Refactor the setting to make unit test easier (#22405) 1 year ago
asset_dynamic.go Use a general approach to access custom/static/builtin assets (#24022) 1 year ago
asset_static.go Use a general approach to access custom/static/builtin assets (#24022) 1 year ago
attachment.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
attachment_test.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
cache.go Refactor the setting to make unit test easier (#22405) 1 year ago
camo.go Refactor the setting to make unit test easier (#22405) 1 year ago
config.go Refactor system setting (#27000) 9 months ago
config_env.go Fix `environment-to-ini` inherited key bug (#27543) 9 months ago
config_env_test.go Fix `environment-to-ini` inherited key bug (#27543) 9 months ago
config_provider.go Remove redundant `len` check around loop (#27464) 9 months ago
config_provider_test.go Fix INI parsing for value with trailing slash (#26995) 10 months ago
cors.go Fix incorrect CORS default values (#24206) 1 year ago
cron.go Replace `interface{}` with `any` (#25686) 1 year ago
cron_test.go Rewrite queue (#24505) 1 year ago
database.go Remove "CHARSET" config option for MySQL, always use "utf8mb4" (#25413) 1 year ago
database_sqlite.go Implement FSFE REUSE for golang files (#21840) 2 years ago
database_test.go Implement FSFE REUSE for golang files (#21840) 2 years ago
federation.go Refactor the setting to make unit test easier (#22405) 1 year ago
git.go Use `[git.config]` for reflog cleaning up (#24958) 1 year ago
git_test.go Use `[git.config]` for reflog cleaning up (#24958) 1 year ago
highlight.go Refactor the setting to make unit test easier (#22405) 1 year ago
i18n.go Refactor the setting to make unit test easier (#22405) 1 year ago
incoming_email.go Refactor the setting to make unit test easier (#22405) 1 year ago
indexer.go Allow skipping forks and mirrors from being indexed (#23187) 1 year ago
indexer_test.go Implement FSFE REUSE for golang files (#21840) 2 years ago
lfs.go Handle base64 decoding correctly to avoid panic (#26483) 11 months ago
lfs_test.go Display deprecated warning in admin panel pages as well as in the log file (#26094) 11 months ago
log.go Clarify the logger's MODE config option (#26267) 11 months ago
log_test.go Replace `interface{}` with `any` (#25686) 1 year ago
mailer.go Make mailer SMTP check have timed context (#24751) 1 year ago
mailer_test.go Remove unnecessary code (#24610) 1 year ago
markup.go Add .livemd as a markdown extension (#22730) 1 year ago
metrics.go Refactor the setting to make unit test easier (#22405) 1 year ago
migrations.go Refactor the setting to make unit test easier (#22405) 1 year ago
mime_type_map.go Refactor the setting to make unit test easier (#22405) 1 year ago
mirror.go Avoid polluting the config (#25345) 1 year ago
oauth2.go Pre-register OAuth application for tea (#27509) 9 months ago
other.go Refactor `setting.Other` and remove unused `SHOW_FOOTER_BRANDING` (#24270) 1 year ago
packages.go Avoid creating directories when loading config (#25944) 12 months ago
packages_test.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
path.go Update path related documents (#25417) 12 months ago
path_test.go Refactor path & config system (#25330) 1 year ago
picture.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
project.go Refactor the setting to make unit test easier (#22405) 1 year ago
proxy.go Refactor the setting to make unit test easier (#22405) 1 year ago
queue.go Increase queue length (#27555) 9 months ago
repository.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
repository_archive.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
repository_archive_test.go Fix all possible setting error related storages and added some tests (#23911) 1 year ago
security.go Enhanced auth token / remember me (#27606) 9 months ago
server.go Remove some dead code (#27196) 9 months ago
service.go Add reverseproxy auth for API back with default disabled (#26703) 10 months ago
service_test.go Fix allowed user types setting problem (#26200) 11 months ago
session.go Use secure cookie for HTTPS sites (#26999) 10 months ago
setting.go Make "install page" respect environment config (#25648) 12 months ago
setting_test.go Implement FSFE REUSE for golang files (#21840) 2 years ago
ssh.go Expanded minimum RSA Keylength to 3072 (#26604) 10 months ago
storage.go Fix storage path logic especially for relative paths (#26441) 11 months ago
storage_test.go Fix storage path logic especially for relative paths (#26441) 11 months ago
task.go handle deprecated settings (#22992) 1 year ago
time.go Remove unused setting `time.FORMAT` (#24430) 1 year ago
ui.go Rename the default themes to gitea-light, gitea-dark, gitea-auto (#27419) 9 months ago
webhook.go Refactor the setting to make unit test easier (#22405) 1 year ago