Use argon as default password hash algorithm (#12688)
* Restrict TLS connections to 1.2 minimum * Set Argon2 as the default KDF * Fix user.yml * Remove TLS minversion changes Signed-off-by: Andrew Thornton <art27@cantab.net> * Add migration as per @techknowlogick Signed-off-by: Andrew Thornton <art27@cantab.net> * set the password algo in the fixtures Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove the v148 migration - it needs recreate table to change the defaults Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Nadim Kobeissi <nadim@symbolic.software>
This commit is contained in:
parent
8fa7a4b511
commit
5c0697ad1e
6 changed files with 64 additions and 35 deletions
|
@ -508,8 +508,8 @@ ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
|
||||||
;If left empty or no valid values are specified, the default is off (no checking)
|
;If left empty or no valid values are specified, the default is off (no checking)
|
||||||
;Classes include "lower,upper,digit,spec"
|
;Classes include "lower,upper,digit,spec"
|
||||||
PASSWORD_COMPLEXITY = off
|
PASSWORD_COMPLEXITY = off
|
||||||
; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
|
; Password Hash algorithm, either "argon2", "pbkdf2", "scrypt" or "bcrypt"
|
||||||
PASSWORD_HASH_ALGO = pbkdf2
|
PASSWORD_HASH_ALGO = argon2
|
||||||
; Set false to allow JavaScript to read CSRF cookie
|
; Set false to allow JavaScript to read CSRF cookie
|
||||||
CSRF_COOKIE_HTTP_ONLY = true
|
CSRF_COOKIE_HTTP_ONLY = true
|
||||||
|
|
||||||
|
|
|
@ -325,7 +325,7 @@ set name for unique queues. Individual queues will default to
|
||||||
- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
|
- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
|
||||||
- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
|
- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
|
||||||
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
|
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
|
||||||
- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\].
|
- `PASSWORD_HASH_ALGO`: **argon2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\].
|
||||||
- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
|
- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
|
||||||
- `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
|
- `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
|
||||||
- lower - use one or more lower latin characters
|
- lower - use one or more lower latin characters
|
||||||
|
|
|
@ -7,7 +7,8 @@
|
||||||
full_name: User One
|
full_name: User One
|
||||||
email: user1@example.com
|
email: user1@example.com
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: true
|
is_admin: true
|
||||||
|
@ -24,7 +25,8 @@
|
||||||
email: user2@example.com
|
email: user2@example.com
|
||||||
keep_email_private: true
|
keep_email_private: true
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -43,7 +45,8 @@
|
||||||
full_name: " <<<< >> >> > >> > >>> >> "
|
full_name: " <<<< >> >> > >> > >>> >> "
|
||||||
email: user3@example.com
|
email: user3@example.com
|
||||||
email_notifications_preference: onmention
|
email_notifications_preference: onmention
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -60,7 +63,8 @@
|
||||||
full_name: " "
|
full_name: " "
|
||||||
email: user4@example.com
|
email: user4@example.com
|
||||||
email_notifications_preference: onmention
|
email_notifications_preference: onmention
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -77,7 +81,8 @@
|
||||||
full_name: User Five
|
full_name: User Five
|
||||||
email: user5@example.com
|
email: user5@example.com
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -95,7 +100,8 @@
|
||||||
full_name: User Six
|
full_name: User Six
|
||||||
email: user6@example.com
|
email: user6@example.com
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -112,7 +118,8 @@
|
||||||
full_name: User Seven
|
full_name: User Seven
|
||||||
email: user7@example.com
|
email: user7@example.com
|
||||||
email_notifications_preference: disabled
|
email_notifications_preference: disabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -129,7 +136,8 @@
|
||||||
full_name: User Eight
|
full_name: User Eight
|
||||||
email: user8@example.com
|
email: user8@example.com
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -147,7 +155,8 @@
|
||||||
full_name: User Nine
|
full_name: User Nine
|
||||||
email: user9@example.com
|
email: user9@example.com
|
||||||
email_notifications_preference: onmention
|
email_notifications_preference: onmention
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -162,7 +171,8 @@
|
||||||
name: user10
|
name: user10
|
||||||
full_name: User Ten
|
full_name: User Ten
|
||||||
email: user10@example.com
|
email: user10@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -177,7 +187,8 @@
|
||||||
name: user11
|
name: user11
|
||||||
full_name: User Eleven
|
full_name: User Eleven
|
||||||
email: user11@example.com
|
email: user11@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -192,7 +203,8 @@
|
||||||
name: user12
|
name: user12
|
||||||
full_name: User 12
|
full_name: User 12
|
||||||
email: user12@example.com
|
email: user12@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -207,7 +219,8 @@
|
||||||
name: user13
|
name: user13
|
||||||
full_name: User 13
|
full_name: User 13
|
||||||
email: user13@example.com
|
email: user13@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -222,7 +235,8 @@
|
||||||
name: user14
|
name: user14
|
||||||
full_name: User 14
|
full_name: User 14
|
||||||
email: user14@example.com
|
email: user14@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -237,7 +251,8 @@
|
||||||
name: user15
|
name: user15
|
||||||
full_name: User 15
|
full_name: User 15
|
||||||
email: user15@example.com
|
email: user15@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -252,7 +267,8 @@
|
||||||
name: user16
|
name: user16
|
||||||
full_name: User 16
|
full_name: User 16
|
||||||
email: user16@example.com
|
email: user16@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -267,7 +283,8 @@
|
||||||
name: user17
|
name: user17
|
||||||
full_name: User 17
|
full_name: User 17
|
||||||
email: user17@example.com
|
email: user17@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -284,7 +301,8 @@
|
||||||
name: user18
|
name: user18
|
||||||
full_name: User 18
|
full_name: User 18
|
||||||
email: user18@example.com
|
email: user18@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -299,7 +317,8 @@
|
||||||
name: user19
|
name: user19
|
||||||
full_name: User 19
|
full_name: User 19
|
||||||
email: user19@example.com
|
email: user19@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -316,7 +335,8 @@
|
||||||
name: user20
|
name: user20
|
||||||
full_name: User 20
|
full_name: User 20
|
||||||
email: user20@example.com
|
email: user20@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -331,7 +351,8 @@
|
||||||
name: user21
|
name: user21
|
||||||
full_name: User 21
|
full_name: User 21
|
||||||
email: user21@example.com
|
email: user21@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -346,7 +367,8 @@
|
||||||
name: limited_org
|
name: limited_org
|
||||||
full_name: Limited Org
|
full_name: Limited Org
|
||||||
email: limited_org@example.com
|
email: limited_org@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -364,7 +386,8 @@
|
||||||
name: privated_org
|
name: privated_org
|
||||||
full_name: Privated Org
|
full_name: Privated Org
|
||||||
email: privated_org@example.com
|
email: privated_org@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -383,7 +406,8 @@
|
||||||
full_name: "user24"
|
full_name: "user24"
|
||||||
email: user24@example.com
|
email: user24@example.com
|
||||||
keep_email_private: true
|
keep_email_private: true
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -401,7 +425,8 @@
|
||||||
name: org25
|
name: org25
|
||||||
full_name: "org25"
|
full_name: "org25"
|
||||||
email: org25@example.com
|
email: org25@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -418,7 +443,8 @@
|
||||||
full_name: "Org26"
|
full_name: "Org26"
|
||||||
email: org26@example.com
|
email: org26@example.com
|
||||||
email_notifications_preference: onmention
|
email_notifications_preference: onmention
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 1 # organization
|
type: 1 # organization
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -436,7 +462,8 @@
|
||||||
full_name: User Twenty-Seven
|
full_name: User Twenty-Seven
|
||||||
email: user27@example.com
|
email: user27@example.com
|
||||||
email_notifications_preference: enabled
|
email_notifications_preference: enabled
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -451,7 +478,8 @@
|
||||||
full_name: "user27"
|
full_name: "user27"
|
||||||
email: user28@example.com
|
email: user28@example.com
|
||||||
keep_email_private: true
|
keep_email_private: true
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
@ -469,7 +497,8 @@
|
||||||
name: user29
|
name: user29
|
||||||
full_name: User 29
|
full_name: User 29
|
||||||
email: user29@example.com
|
email: user29@example.com
|
||||||
passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
|
passwd_hash_algo: argon2
|
||||||
|
passwd: a3d5fcd92bae586c2e3dbe72daea7a0d27833a8d0227aa1704f4bbd775c1f3b03535b76dd93b0d4d8d22a519dca47df1547b # password
|
||||||
type: 0 # individual
|
type: 0 # individual
|
||||||
salt: ZogKvWdyEx
|
salt: ZogKvWdyEx
|
||||||
is_admin: false
|
is_admin: false
|
||||||
|
|
|
@ -105,7 +105,7 @@ type User struct {
|
||||||
KeepEmailPrivate bool
|
KeepEmailPrivate bool
|
||||||
EmailNotificationsPreference string `xorm:"VARCHAR(20) NOT NULL DEFAULT 'enabled'"`
|
EmailNotificationsPreference string `xorm:"VARCHAR(20) NOT NULL DEFAULT 'enabled'"`
|
||||||
Passwd string `xorm:"NOT NULL"`
|
Passwd string `xorm:"NOT NULL"`
|
||||||
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'pbkdf2'"`
|
PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
|
||||||
|
|
||||||
// MustChangePassword is an attribute that determines if a user
|
// MustChangePassword is an attribute that determines if a user
|
||||||
// is to change his/her password after registration.
|
// is to change his/her password after registration.
|
||||||
|
|
|
@ -239,7 +239,7 @@ func TestHashPasswordDeterministic(t *testing.T) {
|
||||||
b := make([]byte, 16)
|
b := make([]byte, 16)
|
||||||
rand.Read(b)
|
rand.Read(b)
|
||||||
u := &User{Salt: string(b)}
|
u := &User{Salt: string(b)}
|
||||||
algos := []string{"pbkdf2", "argon2", "scrypt", "bcrypt"}
|
algos := []string{"argon2", "pbkdf2", "scrypt", "bcrypt"}
|
||||||
for j := 0; j < len(algos); j++ {
|
for j := 0; j < len(algos); j++ {
|
||||||
u.PasswdHashAlgo = algos[j]
|
u.PasswdHashAlgo = algos[j]
|
||||||
for i := 0; i < 50; i++ {
|
for i := 0; i < 50; i++ {
|
||||||
|
|
|
@ -819,7 +819,7 @@ func NewContext() {
|
||||||
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
ImportLocalPaths = sec.Key("IMPORT_LOCAL_PATHS").MustBool(false)
|
||||||
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
|
DisableGitHooks = sec.Key("DISABLE_GIT_HOOKS").MustBool(false)
|
||||||
OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
|
OnlyAllowPushIfGiteaEnvironmentSet = sec.Key("ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET").MustBool(true)
|
||||||
PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2")
|
PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("argon2")
|
||||||
CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
|
CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true)
|
||||||
|
|
||||||
InternalToken = loadInternalToken(sec)
|
InternalToken = loadInternalToken(sec)
|
||||||
|
|
Loading…
Reference in a new issue