1
0
Fork 0
forgejo/models/user
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
..
fixtures Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
avatar.go
badge.go
block.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
block_test.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
email_address.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
email_address_test.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
error.go Remove unused KeyID. (#29167) 2024-02-16 15:20:52 +01:00
external_login_user.go allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
federated_user.go initial 2024-05-16 08:15:43 +02:00
federated_user_test.go initial 2024-05-16 08:15:43 +02:00
follow.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
follow_test.go
list.go
main_test.go
must_change_password.go
openid.go
openid_test.go
redirect.go
redirect_test.go
search.go Implement remote user login source and promotion to regular user 2024-04-25 13:03:49 +02:00
setting.go
setting_keys.go Add codespell support and fix a good number of typos with its help (#3270) 2024-05-09 13:49:37 +00:00
setting_test.go
user.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
user_repository.go initial 2024-05-16 08:15:43 +02:00
user_system.go [BRANDING] reserve forgejo-actions username 2024-02-05 16:05:01 +01:00
user_test.go [SECURITY] Notify users about account security changes 2024-07-23 18:31:47 +02:00
user_update.go