You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
gitea/models
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
1 year ago
..
actions Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
activities Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
admin Next round of `db.DefaultContext` refactor (#27089) 2 years ago
asymkey Replace assert.Fail with assert.FailNow (#27578) 1 year ago
auth Enhanced auth token / remember me (#27606) 1 year ago
avatars Refactor system setting (#27000) 1 year ago
db make writing main test easier (#27270) 1 year ago
dbfs make writing main test easier (#27270) 1 year ago
fixtures Test more templates for if they contain an error (#27367) 1 year ago
git Restore warning commit status (#27504) 1 year ago
issues Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
migrations Enhanced auth token / remember me (#27606) 1 year ago
organization Even more `db.DefaultContext` refactor (#27352) 1 year ago
packages make writing main test easier (#27270) 1 year ago
perm Even more `db.DefaultContext` refactor (#27352) 1 year ago
project More `db.DefaultContext` refactor (#27265) 1 year ago
pull refactor some functions to support ctx as first parameter (#21878) 2 years ago
repo Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
secret Refactor secrets modification logic (#26873) 2 years ago
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 2 years ago
system Refactor system setting (#27000) 1 year ago
unit Make actions default enabled for newly created repository if global configuraion enabled (#27482) 1 year ago
unittest Replace assert.Fail with assert.FailNow (#27578) 1 year ago
user Refactor system setting (#27000) 1 year ago
webhook make writing main test easier (#27270) 1 year ago
error.go Sync branches into databases (#22743) 2 years ago
fixture_generation.go Fix yaml test (#27297) 1 year ago
fixture_test.go Fix yaml test (#27297) 1 year ago
main_test.go make writing main test easier (#27270) 1 year ago
org.go refactor some functions to support ctx as first parameter (#21878) 2 years ago
org_team.go Even more `db.DefaultContext` refactor (#27352) 1 year ago
org_team_test.go Reduce usage of `db.DefaultContext` (#27073) 2 years ago
org_test.go Implement FSFE REUSE for golang files (#21840) 2 years ago
repo.go Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
repo_test.go Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
repo_transfer.go Next round of `db.DefaultContext` refactor (#27089) 2 years ago
repo_transfer_test.go Next round of `db.DefaultContext` refactor (#27089) 2 years ago