githaven/models
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
..
actions Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
activities Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
admin Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
auth Enhanced auth token / remember me (#27606) 2023-10-14 00:56:41 +00:00
avatars Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
db make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
dbfs make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
fixtures Test more templates for if they contain an error (#27367) 2023-10-02 07:56:55 +00:00
git Restore warning commit status (#27504) 2023-10-08 22:16:06 +00:00
issues Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
migrations Enhanced auth token / remember me (#27606) 2023-10-14 00:56:41 +00:00
organization Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
packages make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
perm Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
project More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
pull refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
secret Refactor secrets modification logic (#26873) 2023-09-05 15:21:02 +00:00
shared/types Display owner of a runner as a tooltip instead of static text (#24377) 2023-05-12 08:43:27 +00:00
system Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
unit Make actions default enabled for newly created repository if global configuraion enabled (#27482) 2023-10-10 14:45:31 +00:00
unittest Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
user Refactor system setting (#27000) 2023-10-05 09:08:19 +08:00
webhook make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
error.go Sync branches into databases (#22743) 2023-06-29 10:03:20 +00:00
fixture_generation.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
fixture_test.go Fix yaml test (#27297) 2023-09-26 23:30:03 -04:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
org_team_test.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
org_team.go Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
org_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
org.go refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
repo_test.go Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
repo_transfer_test.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
repo_transfer.go Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
repo.go Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00