github-forks
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Projects Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.1
v1.1.0
v1.0.2
v0.9.99
v1.0.0
v1.0.1
v1.1.2
v1.2.0-rc3
v1.20.0-rc0
v1.20.0-rc1
v1.23.0-dev
v1.24.0-dev
v1.4.2
v1.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c6c829fe3f'
${ noResults }
gitea/modules
History
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606) 
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
 		1 year ago
..
actions chore(actions): support cron schedule task (#26655) 2 years ago
activitypub make writing main test easier (#27270) 2 years ago
analyze Rename code_langauge.go to code_language.go (#26377) 2 years ago
assetfs Use `Set[Type]` instead of `map[Type]bool/struct{}`. (#26804) 2 years ago
auth Next round of `db.DefaultContext` refactor (#27089) 2 years ago
avatar Remove nfnt/resize and oliamb/cutter (#25999) 2 years ago
base Replace `interface{}` with `any` (#25686) 2 years ago
cache improve unit test for caching (#26185) 2 years ago
charset Replace `interface{}` with `any` (#25686) 2 years ago
container Implement FSFE REUSE for golang files (#21840) 2 years ago
context Enhanced auth token / remember me (#27606) 1 year ago
contexttest Replace assert.Fail with assert.FailNow (#27578) 1 year ago
csv Refactor locale number (#24134) 2 years ago
doctor Penultimate round of `db.DefaultContext` refactor (#27414) 1 year ago
emoji Update emoji set to Unicode 15 (#25595) 2 years ago
eventsource More `db.DefaultContext` refactor (#27265) 1 year ago
generate Handle base64 decoding correctly to avoid panic (#26483) 2 years ago
git Replace assert.Fail with assert.FailNow (#27578) 1 year ago
gitgraph More `db.DefaultContext` refactor (#27265) 1 year ago
graceful Allow the use of alternative net.Listener implementations by downstreams (#25855) 2 years ago
hcaptcha Consume hcaptcha and pwn deps (#22610) 2 years ago
highlight Upgrade go dependencies (#25819) 2 years ago
hostmatcher Implement FSFE REUSE for golang files (#21840) 2 years ago
html Refactor backend SVG package and add tests (#26335) 2 years ago
httpcache Less naked returns (#25713) 2 years ago
httplib Less naked returns (#25713) 2 years ago
indexer Replace assert.Fail with assert.FailNow (#27578) 1 year ago
issue/template Replace `interface{}` with `any` (#25686) 2 years ago
json Replace `interface{}` with `any` (#25686) 2 years ago
label Make label templates have consistent behavior and priority (#23749) 2 years ago
lfs Refactor lfs requests (#26783) 2 years ago
log Reduce some allocations in type conversion (#26772) 2 years ago
markup fix media description render for orgmode (#26895) 2 years ago
mcaptcha Implement FSFE REUSE for golang files (#21840) 2 years ago
metrics Reduce usage of `db.DefaultContext` (#27073) 2 years ago
migration Replace `interface{}` with `any` (#25686) 2 years ago
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2 years ago
options Use a general approach to access custom/static/builtin assets (#24022) 2 years ago
packages Use docs.gitea.com instead of docs.gitea.io (#26739) 2 years ago
paginator Use more specific test methods (#24265) 2 years ago
pprof Implement FSFE REUSE for golang files (#21840) 2 years ago
private Replace `interface{}` with `any` (#25686) 2 years ago
process Replace assert.Fail with assert.FailNow (#27578) 1 year ago
proxy Use proxy for pull mirror (#22771) 2 years ago
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2 years ago
public Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2 years ago
queue Increase queue length (#27555) 1 year ago
recaptcha Implement FSFE REUSE for golang files (#21840) 2 years ago
references Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052) 2 years ago
regexplru Upgrade go dependencies (#25819) 2 years ago
repository Refactor system setting (#27000) 1 year ago
secret Improve decryption failure message (#24573) 2 years ago
session Next round of `db.DefaultContext` refactor (#27089) 2 years ago
setting Enhanced auth token / remember me (#27606) 1 year ago
sitemap Fix sitemap (#22272) 2 years ago
ssh restrict certificate type for builtin SSH server (#26789) 2 years ago
storage Fix object storage path handling (#27024) 2 years ago
structs Restore warning commit status (#27504) 1 year ago
svg Refactor backend SVG package and add tests (#26335) 2 years ago
sync Implement FSFE REUSE for golang files (#21840) 2 years ago
system make writing main test easier (#27270) 2 years ago
templates Improve feed icons and feed merge text color (#27498) 1 year ago
test Move web/api context related testing function into a separate package (#26859) 2 years ago
testlogger Replace `interface{}` with `any` (#25686) 2 years ago
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2 years ago
translation Replace `interface{}` with `any` (#25686) 2 years ago
turnstile Add new captcha: cloudflare turnstile (#22369) 2 years ago
typesniffer Detect ogg mime-type as audio or video (#26494) 2 years ago
updatechecker Implement FSFE REUSE for golang files (#21840) 2 years ago
upload Implement FSFE REUSE for golang files (#21840) 2 years ago
uri Implement FSFE REUSE for golang files (#21840) 2 years ago
user Implement FSFE REUSE for golang files (#21840) 2 years ago
util Refactor lfs requests (#26783) 2 years ago
validation Check blocklist for emails when adding them to account (#26812) 2 years ago
web Remove some dead code (#27196) 2 years ago
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2 years ago