Mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2024-08-02 16:05:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
064f05204c
gitea/modules
History
Jack Hay 4e879fed90
Deprecate query string auth tokens (#28390) 
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
..
actions
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs
auth
avatar
base
cache
charset
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Second part of refactor db.Find (#28194) 2023-12-11 16:56:48 +08:00
contexttest Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
csv
doctor Improve doctor cli behavior (#28422) 2023-12-11 15:55:10 +00:00
emoji
eventsource Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
generate
git Make gogit Repository.GetBranchNames consistent (#28348) 2023-12-07 12:08:17 -05:00
gitgraph
graceful Refactor graceful manager to use shared code (#28073) 2023-11-24 14:21:46 +00:00
hcaptcha
highlight Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html
httpcache
httplib
indexer Include public repos in doer's dashboard for issue search (#28304) 2023-12-07 13:26:18 +08:00
issue/template
json
label
lfs Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
log
markup Use restricted sanitizer for repository description (#28141) 2023-11-23 16:34:25 +00:00
mcaptcha
metrics
migration
nosql
options
packages Close all hashed buffers (#27787) 2023-10-25 21:24:24 +02:00
paginator
pprof
private
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy
proxyprotocol
public
queue Increase queue length (#27555) 2023-10-10 18:47:49 +08:00
recaptcha
references
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Second part of refactor db.Find (#28194) 2023-12-11 16:56:48 +08:00
secret
session
setting Deprecate query string auth tokens (#28390) 2023-12-12 03:48:53 +00:00
sitemap
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage Fix object storage path handling (#27024) 2023-09-13 01:18:52 +00:00
structs Fix package webhook (#27839) 2023-10-31 04:43:38 +00:00
svg
sync
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates Render PyPi long description as document (#28272) 2023-12-05 15:02:01 +00:00
test
testlogger
timeutil
translation
turnstile
typesniffer
updatechecker Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
upload
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user
util Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
validation
web Make CORS work for oauth2 handlers (#28184) 2023-11-23 21:19:26 +08:00
webhook