gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use general token signing secret (#29205) (#29325)	wxiaoguang	2024-02-22	2	-9/+49
\| \| \| \| \|	Backport #29205 (including #29172) Use a clearly defined "signing secret" for token signing.
*	Handle base64 decoding correctly to avoid panic (#26483)	wxiaoguang	2023-08-14	1	-3/+3
\| \| \|	Fix the panic if the "base64 secret" is too long.
*	Bump github.com/golang-jwt/jwt to v5 (#25975)	harryzcy	2023-07-19	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Bumping `github.com/golang-jwt/jwt` from v4 to v5. `github.com/golang-jwt/jwt` v5 is bringing some breaking changes: - standard `Valid()` method on claims is removed. It's replaced by `ClaimsValidator` interface implementing `Validator()` method instead, which is called after standard validation. Gitea doesn't seem to be using this logic. - `jwt.Token` has a field `Valid`, so it's checked in `ParseToken` function in `services/auth/source/oauth2/token.go` --------- Co-authored-by: Giteabot <teabot@gitea.io>
*	Implement FSFE REUSE for golang files (#21840)	flynnnnnnnnnn	2022-11-27	1	-2/+1
\| \| \| \| \| \| \| \| \|	Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
*	Use base32 for 2FA scratch token (#18384)	wxiaoguang	2022-01-26	1	-1/+1
\| \| \| \|	* Use base32 for 2FA scratch token * rename Secure* to Crypto*, add comments
*	Support webauthn (#17957)	Lunny Xiao	2022-01-14	1	-1/+1
\| \| \| \| \| \| \|	Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
*	switch to maintained lib (#16532)	techknowlogick	2021-07-24	1	-1/+2
\| \| \| \|	Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
*	Add asymmetric JWT signing (#16010)	KN4CK3R	2021-06-17	1	-5/+14
\| \| \| \| \| \| \| \| \| \| \|	* Added asymmetric token signing. * Load signing key from settings. * Added optional kid parameter. * Updated documentation. * Add "kid" to token header.
*	Use single shared random string generation function (#15741)	silverwind	2021-05-10	2	-54/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com>
*	Add gitea-vet (#10948)	John Olheiser	2020-04-05	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Add copyright Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add gitea-vet and fix non-compliance Signed-off-by: jolheiser <john.olheiser@gmail.com> * Combine tools.go into build.go and clean up Signed-off-by: jolheiser <john.olheiser@gmail.com> * Remove extra GO111MODULE=on Signed-off-by: jolheiser <john.olheiser@gmail.com>
*	Integrate OAuth2 Provider (#5378)	Jonas Franz	2019-03-08	1	-5/+3
\|
*	Implements generator cli for secrets (#3531)	Codruț Constantin Gușoi	2018-02-18	2	-0/+109
	Signed-off-by: Codruț Constantin Gușoi <codrut.gusoi@gmail.com>