forgejo

19137 commits 24 branches 219 tags 612 MiB

Author SHA1 Message Date

Author	SHA1	Message	Date
Chongyi Zheng	781789e779	Replace deprecated `math/rand` functions (#30733 ) Suggested by logs in #30729 - Remove `math/rand.Seed` `rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed with a random value.` - Replace `math/rand.Read` `rand.Read is deprecated: For almost all use cases, [crypto/rand.Read] is more appropriate.` - Replace `math/rand` with `math/rand/v2`, which is available since Go 1.22 (cherry picked from commit 7b8e418da1e082786b844562a05864ec1177ce97)	2024-04-28 15:39:02 +02:00
KN4CK3R	f8b471ace1	Unify user update methods (#28733 ) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.	2024-02-04 13:29:09 +00:00
zeripath	61b89747ed	Provide the ability to set password hash algorithm parameters (#22942 ) This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters In addition it takes the opportunity to adjust the settings for `pbkdf2` in order to make the hashing a little stronger. The majority of this work was inspired by PR #14751 and I would like to thank @boppy for their work on this. Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing parameters. Close #14751 --------- Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-19 15:35:20 +08:00

Chongyi Zheng

781789e779

Replace deprecated math/rand functions (#30733 )

Suggested by logs in #30729

- Remove `math/rand.Seed`
`rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed
with a random value.`
- Replace `math/rand.Read`
`rand.Read is deprecated: For almost all use cases, [crypto/rand.Read]
is more appropriate.`
- Replace `math/rand` with `math/rand/v2`, which is available since Go
1.22

(cherry picked from commit 7b8e418da1e082786b844562a05864ec1177ce97)

2024-04-28 15:39:02 +02:00

KN4CK3R

f8b471ace1

Unify user update methods (#28733 )

Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.

2024-02-04 13:29:09 +00:00

zeripath

61b89747ed

Provide the ability to set password hash algorithm parameters (#22942 )

This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.

Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close #14751

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

2023-02-19 15:35:20 +08:00

Renamed from modules/password/pwn/pwn_test.go (Browse further)

3 commits