gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

	Commit message (Collapse)	Author	Age	Files	Lines
*	Enhanced auth token / remember me (#27606)	KN4CK3R	2023-10-14	1	-132/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Closes #27455 > The mechanism responsible for long-term authentication (the 'remember me' cookie) uses a weak construction technique. It will hash the user's hashed password and the rands value; it will then call the secure cookie code, which will encrypt the user's name with the computed hash. If one were able to dump the database, they could extract those two values to rebuild that cookie and impersonate a user. That vulnerability exists from the date the dump was obtained until a user changed their password. > > To fix this security issue, the cookie could be created and verified using a different technique such as the one explained at https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies. The PR removes the now obsolete setting `COOKIE_USERNAME`.
*	More refactoring of `db.DefaultContext` (#27083)	JakobDev	2023-09-15	1	-17/+18
\| \| \|	Next step of #27065
*	Implement FSFE REUSE for golang files (#21840)	flynnnnnnnnnn	2022-11-27	1	-2/+1
\| \| \| \| \| \| \| \| \|	Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
*	Move some files into models' sub packages (#20262)	Lunny Xiao	2022-08-25	1	-0/+132
	* Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>