davrot/forgejo-aneksajo
1
0
Fork 0
mirror of https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo.git synced 2025-10-04 11:00:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
forgejo-aneksajo/services/user
History
forgejo-backport-action 48505123c7 [v12.0/forgejo] fix: delete old auth token upon replacing primary email (#9087) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9076

When the primary email is changed before it is validated, the URL sent for validation purposes must be invalidated. It was previously possible use to delay use of the URL to validate the primary email and modify the primary email in the meantime. It allowed to validate the newer primary email using the older primary email, effectively bypassing validation.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9076): <!--number 9076 --><!--line 0 --><!--description ZGVsZXRlIG9sZCBhdXRoIHRva2VuIHVwb24gcmVwbGFjaW5nIHByaW1hcnkgZW1haWw=-->delete old auth token upon replacing primary email<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9087
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-08-30 18:44:17 +02:00
..
TestPurgeUser Do not rewrite ssh keys files when deleting a user without one (#6097) 2024-12-05 21:32:09 +00:00
TestReplaceInactivePrimaryEmail [v12.0/forgejo] fix: delete old auth token upon replacing primary email (#9087) 2025-08-30 18:44:17 +02:00
avatar.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
avatar_test.go Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v2 (forgejo) (#7367) 2025-03-28 22:22:21 +00:00
block.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
block_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
delete.go [v12.0/forgejo] fix: make sure to use unaltered fields when saving a shadow copy for updated profiles or comments (#8584) 2025-07-22 03:08:12 +02:00
email.go [v12.0/forgejo] fix: delete old auth token upon replacing primary email (#9087) 2025-08-30 18:44:17 +02:00
email_test.go [v12.0/forgejo] fix: delete old auth token upon replacing primary email (#9087) 2025-08-30 18:44:17 +02:00
update.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
update_test.go chore: branding import path (#7337) 2025-03-27 19:40:14 +00:00
user.go [v12.0/forgejo] fix: allow admins to always rename users (#8719) 2025-07-29 10:48:51 +02:00
user_test.go [v12.0/forgejo] fix: only redirect to a new owner (organization or user) if the user has permissions to view the new owner (#9091) 2025-08-30 18:42:11 +02:00