Commit graph

2 commits

Author SHA1 Message Date
Earl Warren 7a89d321c8
[GITEA] silently ignore obsolete sudo scope
Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb83bda162974028cff01ebcc7c574ec)
(cherry picked from commit 764eac47b50688d76fe90aad4819a426444ddb4a)
(cherry picked from commit 1141eb7b6f2deeeca0acf1714058823d32097cfd)
(cherry picked from commit 826b6509b6405ac0a0731ee0e1477ad2cbac585a)
(cherry picked from commit 9990d932b8b72f9a27b6529b350eb09d44b7ef88)
(cherry picked from commit 7eca57074385f296427d06c059d331d3704ccf15)
(cherry picked from commit 66e1d3f082a99bb0006daf0f337850f251c235dc)
(cherry picked from commit 188226a8e6b2926f1f276462741f7cc4d7a050b0)
(cherry picked from commit 4cd1bff25c6cafa33464594c99b39326a6dd5740)
(cherry picked from commit fad6b6d2c49492297d9d8512afc0369e544a6e75)
(cherry picked from commit 5b25c3d8512466fd5fceea86b550bdb35c3aa04b)
(cherry picked from commit 4746ece4dd018af781181744fb8743e83b64c6df)
(cherry picked from commit 2a6f85afb33a1a0b7424c30de3cdff030f483294)
(cherry picked from commit c027d724ee0b694e48d2b7ee1915ba55222a03e0)
(cherry picked from commit be2f1eeaeb92e552b5defcf8b374ceb4c3a6b1ee)
(cherry picked from commit 3058a54fe99c7cf0a015166b8b3f56f9ef9e45d9)
(cherry picked from commit 53936d38a0cb1649748f02cf86ec684fa76825b6)
(cherry picked from commit 311983cc978cc0a3128cdd8a9c12ac9605be62b9)
(cherry picked from commit 1651ae757b31c31023d5e780a4446da5be8951bf)
(cherry picked from commit d3dd8ea24dfd6fcf737eb16dcd0871a835b90477)
(cherry picked from commit 9a80326ff3a504d3d6b62e37532aa60ebfdb400b)
(cherry picked from commit 66eb33235ecaa93fd9834077bc88c9d330dd0e87)
(cherry picked from commit 769e24d5a839dd017e08cb6304f9ef7dc242a918)
(cherry picked from commit 436cc2121746648dd6551c4e0a9e72bf588ba12e)
(cherry picked from commit 817faca7f0833ce372c5ea573979a1381f5233e7)
(cherry picked from commit 80ee08aef1bcccaa023463b39ea929ce01dd752a)
(cherry picked from commit 15f8885d0ce307d79ba181de0e2676ad1653c002)
(cherry picked from commit 0944a4442cd1a42fa4dd8e8d106d08eb40f49c92)
(cherry picked from commit 91631d41b0c1ec52772f0d03728482420f0e1b24)
(cherry picked from commit 0fbda3386fbffc3a4b44cbd82d84b77ecda7b5e3)
(cherry picked from commit a464b0e2ba6df8dbb238d9876cfb4838e7ea346a)
(cherry picked from commit 0b98d50c9295341333ece6687e514abe3453e816)
(cherry picked from commit 6365d4b76196b252d96115a93ce568ca1f360134)
(cherry picked from commit 3af5715dbcf2a1182edcc14b04044d13c25cf0d7)
2024-02-05 16:05:50 +01:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
Renamed from models/auth/token_scope_test.go (Browse further)