mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-18 08:08:31 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/routers/api
History
Gusted 85e839e21d
 fix: require password login for creation of new token 
- The creation of new API tokens for users via the API is guarded behind
a extra check. This extra makes sure the user is authorized via the
reverse proxy method (if enabled) or via basic authorization.
- For, what seems to me, historical reasons the basic authorization also
handles logging in via the API token.
- This results in a API token (with `write:user` scope) or OAuth2 token
being able to create a new API token with escalated privileges.
- Add a new condition to this check to ensure the user logged in via
password.
- Change error to better indicate what went wrong.
2025-08-30 09:27:28 +02:00
..
actions chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994) 2025-05-29 17:34:29 +02:00
forgejo/v1 chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
packages chore: replace gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 (#8956) 2025-08-20 15:31:12 +02:00
shared feat: Global 2FA enforcement (#8753) 2025-08-15 10:56:45 +02:00
v1 fix: require password login for creation of new token 2025-08-30 09:27:28 +02:00