forgejo/services
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
..
actions fix(actions): no edited event triggered when a title is changed 2024-07-22 11:25:20 +02:00
agit fix(hook): ignore unknown push options instead of failing 2024-07-02 21:39:01 +02:00
asymkey Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
attachment
auth allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
automerge Fix automerge will not work because of some events haven't been triggered (#30780) 2024-05-26 19:01:36 +02:00
context ui for adding following repos 2024-05-24 13:28:15 +02:00
contexttest Move database operations of merging a pull request to post receive hook and add a transaction (#30805) 2024-05-12 20:03:10 +02:00
convert Add tag protection via rest api #17862 (#31295) 2024-06-16 13:42:59 +02:00
cron Update checker setting updates 2024-03-31 10:52:24 +05:00
doctor Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
f3 Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
federation feat(federated-star) star repositories via ActivityPub (#1680) 2024-06-06 08:58:11 +02:00
feed
forgejo
forms Fix: Allow org team names of length 255 in create team form (#31564) 2024-07-14 11:16:34 +02:00
gitdiff chore(lint): make golangci-lint to v1.59.0 happy 2024-06-01 16:17:07 +02:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-12 20:03:10 +02:00
issue Performance improvements for pull request list API (#30490) 2024-06-02 16:26:54 +02:00
lfs Fix #31185 try fix lfs download from bitbucket failed (#31201) 2024-06-16 13:42:59 +02:00
mailer [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
markup Format code 2024-03-28 05:42:25 +01:00
migrations Add lint-go-gopls (#30729) 2024-06-09 11:13:39 +02:00
mirror test(mock): DeletePushMirrors & AddPushMirrorRemote 2024-06-02 16:31:41 +02:00
notify Clean up log messages (#30313) 2024-04-15 20:01:35 +02:00
org
packages Remove hardcoded filenames for better readability 2024-07-17 23:20:48 +02:00
pull Fix slow patch checking with commits that add or remove many files (#31548) 2024-07-07 07:33:01 +02:00
release Fix release published actions not triggering for releases created from existing tags 2024-04-15 22:53:53 +02:00
remote Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
repository Add YEAR, MONTH, MONTH_ENGLISH, DAY variables for template repos (#31584) 2024-07-14 11:14:11 +02:00
secrets
task Fix "force private" logic (#31012) 2024-05-26 18:20:33 +02:00
uinotification
user [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
webhook Use old behavior for telegram webhook (#31588) 2024-07-14 20:53:26 +02:00
wiki feat: wiki search using git-grep 2024-05-20 13:48:50 +00:00