forgejo/models/user
forgejo-backport-action 932afb2036
Some checks failed
/ release (push) Has been cancelled
testing / backend-checks (push) Has been cancelled
testing / frontend-checks (push) Has been cancelled
testing / test-unit (push) Has been cancelled
testing / test-e2e (push) Has been cancelled
testing / test-remote-cacher (redis) (push) Has been cancelled
testing / test-remote-cacher (valkey) (push) Has been cancelled
testing / test-remote-cacher (garnet) (push) Has been cancelled
testing / test-remote-cacher (redict) (push) Has been cancelled
testing / test-mysql (push) Has been cancelled
testing / test-pgsql (push) Has been cancelled
testing / test-sqlite (push) Has been cancelled
testing / security-check (push) Has been cancelled
[v10.0/forgejo] fix: delay deleting authorization token (#6976)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/6937

- 1ce33aa38d extended the LTA table with a purpose column so it could be extended to other tokens. However some are single-use tokens and should be deleted after use.
- This did not result in a good UX for activating user as they needed to also fill in their passwords and in the case that the password was incorrect the token would no longer be usable.
- This patch modifies the code to allow for a little delay before deleting authorization tokens to do additional verification such as the password check. This cannot be done before the authorization token check as that the authorization token determines who the user is.
- Resolves forgejo/forgejo#6912
- Adjusted existing unit test.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6976
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-02-19 07:06:01 +00:00
..
fixtures Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
avatar.go Replace -1 with GhostUserID (#27703) 2023-10-20 14:43:08 +00:00
badge.go Remove most path-based golangci exclusions (#24214) 2023-04-19 22:08:01 -04:00
block.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
block_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
email_address.go fix: Allow Organisations to remove the Email Address (#5517) 2024-11-20 12:31:34 +00:00
email_address_test.go fix: Allow Organisations to remove the Email Address (#5517) 2024-11-20 12:31:34 +00:00
error.go Remove unused KeyID. (#29167) 2024-02-16 15:20:52 +01:00
external_login_user.go fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)" 2024-12-12 05:59:06 +01:00
federated_user.go initial 2024-05-16 08:15:43 +02:00
federated_user_test.go initial 2024-05-16 08:15:43 +02:00
follow.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
follow_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
list.go Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
must_change_password.go Add command to bulk set must-change-password (#22823) 2023-02-14 16:12:19 -06:00
openid.go More refactoring of db.DefaultContext (#27083) 2023-09-15 06:13:19 +00:00
openid_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
redirect.go Another round of db.DefaultContext refactor (#27103) 2023-09-25 13:17:37 +00:00
redirect_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
search.go [v10.0/forgejo] fix: check for webauthn in 2fa user search (#6730) 2025-01-29 19:28:12 +00:00
setting.go More refactoring of db.DefaultContext (#27083) 2023-09-15 06:13:19 +00:00
setting_keys.go Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
setting_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user.go [v10.0/forgejo] fix: delay deleting authorization token (#6976) 2025-02-19 07:06:01 +00:00
user_repository.go initial 2024-05-16 08:15:43 +02:00
user_system.go activitypub: Implement an instance-wide actor 2024-08-05 10:50:26 +02:00
user_test.go [v10.0/forgejo] fix: delay deleting authorization token (#6976) 2025-02-19 07:06:01 +00:00
user_update.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00