forgejo/models/migrations
M Hickford 191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
..
fixtures Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
migrations_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
testlogger_test.go Kd/ci playwright go test (#20123) 2022-09-02 15:18:23 -04:00
v70.go
v71.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v72.go
v73.go
v74.go
v75.go
v76.go
v77.go
v78.go
v79.go
v80.go
v81.go
v82.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v83.go
v84.go
v85.go Use base32 for 2FA scratch token (#18384) 2022-01-26 12:10:10 +08:00
v86.go
v87.go
v88.go
v89.go
v90.go
v91.go
v92.go
v93.go
v94.go
v95.go
v96.go
v97.go
v98.go
v99.go
v100.go
v101.go
v102.go
v103.go
v104.go
v105.go
v106.go
v107.go
v108.go
v109.go
v110.go
v111.go Move issues related files into models/issues (#19931) 2022-06-13 17:37:59 +08:00
v112.go
v113.go
v114.go
v115.go Add generic set type (#21408) 2022-10-12 13:18:26 +08:00
v116.go
v117.go
v118.go
v119.go
v120.go
v121.go
v122.go
v123.go
v124.go
v125.go
v126.go
v127.go
v128.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v129.go
v130.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
v131.go
v132.go
v133.go
v134.go Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
v135.go
v136.go Propagate context and ensure git commands run in request context (#17868) 2022-01-19 23:26:57 +00:00
v137.go
v138.go
v139.go
v140.go
v141.go
v142.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v143.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v144.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v145.go
v146.go
v147.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
v148.go
v149.go
v150.go
v151.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v152.go
v153.go
v154.go Use neutral language in comments and docs (#20135) 2022-06-25 17:50:12 -05:00
v155.go
v156.go Make git.OpenRepository accept Context (#19260) 2022-03-30 03:13:41 +08:00
v157.go
v158.go
v159.go
v160.go
v161.go Fix database keyword quote problem on migration v161 (#17522) 2021-11-05 00:47:01 +02:00
v162.go Add support for corporate WeChat webhooks (#15910) 2021-07-23 12:41:27 +08:00
v163.go
v164.go
v165.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v166.go
v167.go
v168.go
v169.go
v170.go
v171.go
v172.go
v173.go
v174.go
v175.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
v176.go
v176_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v177.go
v177_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v178.go
v179.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v180.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v181.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v181_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v182.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v182_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v183.go Add push to remote mirror repository (#15157) 2021-06-14 19:20:43 +02:00
v184.go Check if column exist before rename if exist, just return with no error (#17870) 2021-12-02 21:17:24 +08:00
v185.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
v186.go Add tag protection (#15629) 2021-06-25 16:28:55 +02:00
v187.go Refactor Webhook + Add X-Hub-Signature (#16176) 2021-06-27 20:21:09 +01:00
v188.go Add option to provide signature for a token to verify key ownership (#14054) 2021-07-13 15:28:07 +02:00
v189.go Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
v189_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v190.go Add agit flow support in gitea (#14295) 2021-07-28 17:42:56 +08:00
v191.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v192.go Add primary_key to issue_index (#16813) 2021-08-25 09:42:51 +01:00
v193.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v193_test.go Add repo_id for attachment (#16958) 2021-09-08 17:19:30 +02:00
v194.go Support unprotected file patterns (#16395) 2021-09-11 16:21:17 +02:00
v195.go Fix commit status index problem (#17061) 2021-09-23 18:50:06 +08:00
v195_test.go format with gofumpt (#18184) 2022-01-20 18:46:10 +01:00
v196.go Kanban colored boards (#16647) 2021-09-29 22:53:12 +02:00
v197.go Add a simple way to rename branch like gh (#15870) 2021-10-08 19:03:04 +02:00
v198.go Save and view issue/comment content history (#16909) 2021-10-10 18:40:03 -04:00
v199.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v200.go Sync gitea app path for git hooks and authorized keys when starting (#17335) 2021-10-21 17:22:43 +08:00
v201.go Refactor update checker to use AppState (#17387) 2021-10-21 17:10:49 +01:00
v202.go Add support for ssh commit signing (#17743) 2021-12-19 00:37:18 -05:00
v203.go Support sorting for project board issuses (#17152) 2021-12-08 14:57:18 +08:00
v204.go Migration 204 use Sync2 (#18044) 2021-12-20 18:58:38 +01:00
v205.go Fix order by parameter (#19849) 2022-06-04 20:18:50 +01:00
v206.go Team permission allow different unit has different permission (#17811) 2022-01-05 11:37:00 +08:00
v207.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v208.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v209.go Attempt to fix the webauthn migration again - part 3 (#18770) 2022-02-16 21:03:58 +00:00
v210.go Update the webauthn_credential_id_sequence in Postgres (#19048) 2022-03-10 23:04:55 +01:00
v210_test.go Lock gofumpt to v0.3.0 and run it (#18866) 2022-02-23 20:16:07 +00:00
v211.go Store the foreign ID of issues during migration (#18446) 2022-03-17 18:08:35 +01:00
v212.go Add Package Registry (#16510) 2022-03-30 16:42:47 +08:00
v213.go Add "Allow edits from maintainer" feature (#18002) 2022-04-28 17:45:33 +02:00
v214.go Auto merge pull requests when all checks succeeded via API (#9307) 2022-05-08 01:05:52 +08:00
v215.go Delete related PullAutoMerge and ReviewState on User/Repo Deletion (#19649) 2022-05-08 15:46:34 +02:00
v216.go Refix indices on actions table (#20158) 2022-07-01 17:04:01 +01:00
v217.go Alter hook_task TEXT fields to LONGTEXT (#20038) 2022-06-19 19:47:04 +01:00
v218.go Add another index for Action table on postgres (#21033) 2022-09-03 17:27:59 +01:00
v219.go Fix commit status icon when in subdirectory (#20285) 2022-07-15 14:01:32 +01:00
v220.go Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) 2022-08-08 02:16:22 +02:00
v221.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v221_test.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v222.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v223.go WebAuthn CredentialID field needs to be increased in size (#20530) 2022-07-30 15:25:26 +02:00
v224.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v225.go Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) 2022-08-22 14:32:28 +01:00
v226.go Set SemverCompatible to false for Conan packages (#21275) 2022-10-07 12:22:05 +08:00
v227.go Add system setting table with cache and also add cache supports for user setting (#18058) 2022-10-17 07:29:26 +08:00
v228.go Add team member invite by email (#20307) 2022-10-19 14:40:28 +02:00
v229.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v229_test.go Update milestone counters when issue is deleted (#21459) 2022-10-22 23:08:10 +08:00
v230.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00
v230_test.go Record OAuth client type at registration (#21316) 2022-10-24 15:59:24 +08:00