forgejo/services/auth
Gusted 16419b6fc3
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.

(cherry picked from commit e6bbecb02d)
2024-11-15 12:02:14 +01:00
..
source fix: Fix to delete cookie when AppSubURL is non-empty (#30375) (#30469) 2024-04-21 17:39:14 +02:00
auth.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
auth_test.go Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
basic.go fix: disallow basic authorization when security keys are enrolled 2024-11-15 12:02:14 +01:00
group.go Remove Named interface (#26913) 2023-09-05 15:58:30 +00:00
httpsign.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
interface.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
main_test.go Enhanced auth token / remember me (#27606) 2023-10-14 00:56:41 +00:00
oauth2.go Fix tarball/zipball download bug (#29342) 2024-02-26 22:30:26 +01:00
reverseproxy.go Start to migrate from util.OptionalBool to optional.Option[bool] (#29329) 2024-02-26 22:30:26 +01:00
session.go Fix the bug that user may logout if he switch pages too fast (#29962) 2024-03-26 19:04:26 +01:00
signin.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
source.go Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
sspi.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
sspiauth_posix.go Make SSPI auth mockable (#27036) 2023-09-17 23:32:56 +00:00
sspiauth_windows.go Make SSPI auth mockable (#27036) 2023-09-17 23:32:56 +00:00
sync.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00