summaryrefslogtreecommitdiffstats
path: root/models/token.go
Commit message (Collapse)AuthorAgeFilesLines
* Use base32 for 2FA scratch token (#18384)wxiaoguang2022-01-261-1/+1
| | | | * Use base32 for 2FA scratch token * rename Secure* to Crypto*, add comments
* Refactor auth package (#17962)Lunny Xiao2022-01-021-3/+3
|
* Fix problem when database ID is not incremented as expected (#17229)finga2021-10-061-1/+1
| | | | | | Although #17124 fixed the same issue for the feed, some other parts with the same issue were found. Co-authored-by: finga <finga@onders.org>
* Move twofactor to models/login (#17143)Lunny Xiao2021-09-251-2/+3
|
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* DBContext is just a Context (#17100)zeripath2021-09-231-8/+8
| | | | | | | | | | | | | | | | | | | | | | | | | * DBContext is just a Context This PR removes some of the specialness from the DBContext and makes it context This allows us to simplify the GetEngine code to wrap around any context in future and means that we can change our loadRepo(e Engine) functions to simply take contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * fix unit tests Signed-off-by: Andrew Thornton <art27@cantab.net> * another place that needs to set the initial context Signed-off-by: Andrew Thornton <art27@cantab.net> * avoid race Signed-off-by: Andrew Thornton <art27@cantab.net> * change attachment error Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move db related basic functions to models/db (#17075)Lunny Xiao2021-09-191-8/+26
| | | | | | | | | | | | | | | | | | | | | | | | | * Move db related basic functions to models/db * Fix lint * Fix lint * Fix test * Fix lint * Fix lint * revert unnecessary change * Fix test * Fix wrong replace string * Use *Context * Correct committer spelling and fix wrong replaced words Co-authored-by: zeripath <art27@cantab.net>
* Add `AbsoluteListOptions` (#17028)KN4CK3R2021-09-141-1/+1
| | | | This PR adds a `ListOptions` type which is not paged but uses absolute values. It is implemented as discussed in Discord. Extracted from #16510 to clean that PR.
* Add API Token Cache (#16547)zeripath2021-08-171-1/+40
| | | | | | | | | | | | | | | | | One of the issues holding back performance of the API is the problem of hashing. Whilst banning BASIC authentication with passwords will help, the API Token scheme still requires a PBKDF2 hash - which means that heavy API use (using Tokens) can still cause enormous numbers of hash computations. A slight solution to this whilst we consider moving to using JWT based tokens and/or a session orientated solution is to simply cache the successful tokens. This has some security issues but this should be balanced by the security issues of load from hashing. Related #14668 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* [API] generalize list header (#16551)65432021-08-121-0/+9
| | | | | | | | | | | | | * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
* Only check access tokens if they are likely to be tokens (#16164)zeripath2021-06-161-1/+7
| | | | | | | | | | | * Only check access tokens if they are likely to be tokens Gitea will currently check every if every password is an access token even though most passwords are not and cannot be access tokens. By creation access tokens are 40 byte hexadecimal strings therefore only these should be checked. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use single shared random string generation function (#15741)silverwind2021-05-101-2/+2
| | | | | | | | | | | | | | | | | | * Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com>
* [API] Delete Token accept names too (#12366)65432020-08-281-7/+18
| | | | | | | | * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Use google/uuid to instead satori/go.uuid (#11943)Lunny Xiao2020-06-181-2/+2
| | | Co-authored-by: Lauris BH <lauris@nix.lv>
* Reject duplicate AccessToken names (#10994)65432020-04-131-0/+5
| | | | | | | | | | | | | | | | | | | * make sure duplicate token names cannot be used * add check to api routes too * add @lunny s suggestion * fix & don't forget User.ID * AccessTokenByNameExists() return error too * unique token for each test * fix lint Signed-off-by: 6543 <6543@obermui.de> Co-authored-by: Lanre Adelowo <yo@lanre.wtf>
* FIX Pagination of ListAccessTokens and GetIssueWatchers (#10449)65432020-02-241-1/+1
| | | | | | * fix a pagination bug * fix pagination of ListAccessTokens
* API add/generalize pagination (#9452)SpaWn2KiLl2020-01-241-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * paginate results * fixed deadlock * prevented breaking change * updated swagger * go fmt * fixed find topic * go mod tidy * go mod vendor with go1.13.5 * fixed repo find topics * fixed unit test * added Limit method to Engine struct; use engine variable when provided; fixed gitignore * use ItemsPerPage for default pagesize; fix GetWatchers, getOrgUsersByOrgID and GetStargazers; fix GetAllCommits headers; reverted some changed behaviors * set Page value on Home route * improved memory allocations * fixed response headers * removed logfiles * fixed import order * import order * improved swagger * added function to get models.ListOptions from context * removed pagesize diff on unit test * fixed imports * removed unnecessary struct field * fixed go fmt * scoped PR * code improvements * code improvements * go mod tidy * fixed import order * fixed commit statuses session * fixed files headers * fixed headers; added pagination for notifications * go mod tidy * go fmt * removed Private from user search options; added setting.UI.IssuePagingNum as default valeu on repo's issues list * Apply suggestions from code review Co-Authored-By: 6543 <6543@obermui.de> Co-Authored-By: zeripath <art27@cantab.net> * fixed build error * CI.restart() * fixed merge conflicts resolve * fixed conflicts resolve * improved FindTrackedTimesOptions.ToOptions() method * added backwards compatibility on ListReleases request; fixed issue tracked time ToSession * fixed build error; fixed swagger template * fixed swagger template * fixed ListReleases backwards compatibility * added page to user search route Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Display ui time with customize time location (#7792)Lunny Xiao2019-08-151-8/+8
| | | | | | | | | | | | | | | | | | * display ui time with customize time location * fix lint * rename UILocation to DefaultUILocation * move time related functions to modules/timeutil * fix tests * fix tests * fix build * fix swagger
* Hash App token (#6724)techknowlogick2019-05-041-14/+37
|
* Refactor struct's time to remove unnecessary memory usage (#3142)Lunny Xiao2017-12-111-10/+7
| | | | | | | | | | | | | | * refactor struct's time to remove unnecessary memory usage * use AsTimePtr simple code * fix tests * fix time compare * fix template on gpg * use AddDuration instead of Add
* Replace deprecated Id method with ID (#2655)Ethan Koenig2017-10-051-2/+2
|
* Use AfterLoad instead of AfterSet on Structs (#2628)Lunny Xiao2017-10-011-12/+7
| | | | | | | | * use AfterLoad instead of AfterSet on Structs * fix the comments on AfterLoad * fix the comments on action AfterLoad
* Use created & updated instead BeforeInsert & BeforeUpdate (#2482)Lunny Xiao2017-09-131-12/+2
| | | | | | | | | | | | * use created & updated instead BeforeInsert & BeforeUpdate * fix vendor checksum * only show generated SQL when development mode * remove extra update column updated_unix * remove trace config
* Create missing database indexes (#596)Andrey Nering2017-01-061-4/+4
|
* fixed vulnerabilities (#392)Lunny Xiao2016-12-151-3/+10
|
* Lint models/token.go (#244)Bwko2016-11-251-0/+3
|
* Merge remote-tracking branch 'upstream/master' into feature/rewrite-xorm-queriesThibault Meyer2016-11-101-1/+1
|\ | | | | | | | | | | | | | | | | # Conflicts: # models/git_diff.go # models/issue.go # models/org.go # models/pull.go # models/repo.go
| * Update import paths from github.com/go-gitea to code.gitea.io (#135)Sandro Santilli2016-11-101-1/+1
| | | | | | | | | | | | | | - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
* | Rewrite XORM queriesThibault Meyer2016-11-101-1/+4
|/
* Change import reference to match gitea instead of gogs (#37)Rémy Boulanouar2016-11-031-1/+1
|
* Remove redundant Unix timestamp method callUnknwon2016-07-231-2/+2
| | | | Unix() already uses UTC as timezone
* Fixes #3110 (#3136)Franz Schmidt2016-06-271-0/+3
|
* #2302 Replace time.Time with Unix Timestamp (int64)Unknwon2016-03-091-16/+30
|
* Replace uuid module with original packageUnknwon2016-02-201-2/+3
|
* typo fixzhuharev2016-01-061-2/+2
|
* finish all new user settings UIUnknwon2015-09-101-1/+1
|
* #842 able to use access token replace basic authUnknwon2015-09-021-6/+1
|
* token recent activityUnknwon2015-08-191-2/+8
|
* new access token UIUnknwon2015-08-191-2/+2
|
* work on #1493Unknwon2015-08-171-2/+2
|
* routers/repo/http.go: allow HTTP push/pull by token for #845Unknwon2015-02-071-15/+0
|
* allow http push by token - #842Christopher Brickley2015-01-081-0/+15
|
* add personal access token panel #12Unknwon2014-11-121-0/+69