Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide the ability to set password hash algorithm parameters (#22942) #22943

Merged
merged 9 commits into from
Feb 19, 2023
Merged

Provide the ability to set password hash algorithm parameters (#22942) #22943

merged 9 commits into from
Feb 19, 2023

Commits on Feb 16, 2023

  1. Provide the ability to set password hash algorithm parameters (go-git… 

    …ea#22942)

Backport go-gitea#22942

This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters

In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.

The majority of this work was inspired by PR go-gitea#14751 and I would like to
thank @boppy for their work on this.

Thanks to @Gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.

Close go-gitea#14751

Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 16, 2023
    Configuration menu
    Copy the full SHA
    96e5698 View commit details
    Browse the repository at this point in the history

  2. fix misimport 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 16, 2023
    Configuration menu
    Copy the full SHA
    09fef1d View commit details
    Browse the repository at this point in the history

  3. placate the linter 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 16, 2023
    Configuration menu
    Copy the full SHA
    651571f View commit details
    Browse the repository at this point in the history

  4. as per delvh 

    Co-authored-by: delvh <dev.lh@web.de>
    @zeripath @delvh
    zeripath and delvh committed Feb 16, 2023
    Configuration menu
    Copy the full SHA
    cd46b78 View commit details
    Browse the repository at this point in the history

  5. stop-using-argon2 in test hashes 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 16, 2023
    Configuration menu
    Copy the full SHA
    e634ee8 View commit details
    Browse the repository at this point in the history

Commits on Feb 18, 2023

  1. Try a slightly weaker version of the pbkdf2 algorithm 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 18, 2023
    Configuration menu
    Copy the full SHA
    f9f6677 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'origin/release/v1.18' into backport-229… 

    …42-v1.18
    @zeripath
    zeripath committed Feb 18, 2023
    Configuration menu
    Copy the full SHA
    1b23ebd View commit details
    Browse the repository at this point in the history

  3. oops 

    Signed-off-by: Andrew Thornton <art27@cantab.net>
    @zeripath
    zeripath committed Feb 18, 2023
    Configuration menu
    Copy the full SHA
    0f5e962 View commit details
    Browse the repository at this point in the history

Commits on Feb 19, 2023

  1. Merge branch 'release/v1.18' into backport-22942-v1.18

    @lunny
    lunny committed Feb 19, 2023
    Configuration menu
    Copy the full SHA
    4a0ff66 View commit details
    Browse the repository at this point in the history