Gusted b0c5165145 [SECURITY] Rework long-term authentication ... - This is a 'front-port' of the already existing patch on v1.21 and v1.20, but applied on top of what Gitea has done to rework the LTA mechanism. Forgejo will stick with the reworked mechanism by the Forgejo Security team for the time being. The removal of legacy code (AES-GCM) has been left out. - The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry picked from commit e3d6622a63) (cherry picked from commit fef1a6dac5)		2023-12-04 12:47:02 +01:00
..
actions
activitypub
analyze
assetfs
auth
avatar
base
cache
charset
container
context	[SECURITY] Rework long-term authentication	2023-12-04 12:47:02 +01:00
contexttest
csv
doctor
emoji
eventsource
generate
git
gitgraph
graceful
hcaptcha
highlight
hostmatcher
html
httpcache
httplib
indexer
issue/template
json
label
lfs
log
markup
mcaptcha
metrics
migration
nosql
options
packages
paginator
pprof
private
process
proxy
proxyprotocol
public
queue
recaptcha
references
regexplru
repository
secret
session
setting
sitemap
ssh
storage
structs
svg
sync
system
templates
test
testlogger
timeutil
translation
turnstile
typesniffer
updatechecker
upload
uri
user
util	[LINT] Add deadcode linter	2023-12-04 12:47:02 +01:00
validation
web
webhook