63 Commits

Author	SHA1	Message	Date
zeripath	e819da0837	WebAuthn CredentialID field needs to be increased in size (#20530) ... WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string to the bytes field before another migration drops the old CredentialID field. Another migration renames this field back. Fix #20457 Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-07-30 15:25:26 +02:00
Wim	cb50375e2b	Add more linters to improve code readability (#19989) ... Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)	2022-06-20 12:02:49 +02:00
Lunny Xiao	fd7d83ace6	Move almost all functions' parameter db.Engine to context.Context (#19748) ... * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions	2022-05-20 22:08:52 +08:00
6543	f41c2bec4c	Delete user related oauth stuff on user deletion too (#19677) ... * delete user related oauth stuff on user deletion too * extend doctor check-db-consistency	2022-05-11 13:16:35 +02:00
Lunny Xiao	772ad761eb	Fix some slice problems (incorrect slice length) (#19592)	2022-05-03 17:04:23 +08:00
Lunny Xiao	b8911fb456	Use a struct as test options (#19393) ... * Use a struct as test options * Fix name * Fix test	2022-04-14 21:58:21 +08:00
zeripath	3a29a23cdc	Attempt to fix the webauthn migration again - part 3 (#18770) ... v208.go is seriously broken as it misses an ID() check. We need to no-op and remigrate all of the u2f keys. See #18756 Signed-off-by: Andrew Thornton <art27@cantab.net>	2022-02-16 21:03:58 +00:00
Gusted	aa23f477b7	Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439) ... - Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc. - `CryptoRandomBytes` gives  `CryptoRandomString` gives  possible states. - Add a prefix, such that code scanners can easily grep these in source code. - 32 Bytes + prefix	2022-02-04 18:03:15 +01:00
wxiaoguang	49dd906753	Use base32 for 2FA scratch token (#18384) ... * Use base32 for 2FA scratch token * rename Secure* to Crypto*, add comments	2022-01-26 12:10:10 +08:00
6543	54e9ee37a7	format with gofumpt (#18184) ... * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt	2022-01-20 18:46:10 +01:00
zeripath	d7c2a2951c	Webauthn nits (#18284) ... This contains some additional fixes and small nits related to #17957 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-01-15 17:52:56 +01:00
Lunny Xiao	35c3553870	Support webauthn (#17957) ... Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-01-14 16:03:31 +01:00
Lunny Xiao	de8e3948a5	Refactor auth package (#17962)	2022-01-02 21:12:35 +08:00