mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
92 Commits 1 Branch 0 Tags 231 KiB
Commit Graph

13 Commits

Author SHA1 Message Date
Matthew Knight 199642242f
Fix security vulnerabilities identified in pre-deployment audit 
- Regenerate session ID on login to prevent session fixation (H1)
- Add mutex to login lockout counters to fix race condition (H2)
- Validate issuer/audience claims on Apple ID tokens (M2)
- Verify comment belongs to ticket's issue to prevent attachment IDOR (M4)
- Stop SSO from re-approving admin-disapproved users (M3)
- Add Content-Security-Policy header (M1)
- Configure trusted proxies via TRUSTED_PROXIES env var (M6)
- Cap password length at 128 for bcrypt truncation (L1)
- Set Secure flag on flash cookies over HTTPS (L2)
- Rate-limit POST /reset-password (L3)
- Add authenticated password change at /account/password (L4)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 12:30:23 -08:00
Matthew Knight 8eaa27bb31
Remove dead code 2026-02-17 17:07:32 -08:00
Matthew Knight d9eede4c15
Merge branch 'main' into unify-ui 2026-02-17 16:46:48 -08:00
Matthew Knight e5be422854 Merge pull request 'Verify Apple ID token signature against JWKS' (#53) from fix/apple-token-verification into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/53
 2026-02-18 00:35:17 +00:00
Matthew Knight 2b2f7b84f0 Merge pull request 'Add account lockout after failed login attempts' (#48) from fix/account-lockout into main 
Reviewed-on: https://git.ts.mattnite.net/mattnite/forgejo-tickets/pulls/48
 2026-02-18 00:25:49 +00:00
Matthew Knight 9449b271f5
Add periodic cleanup for expired email tokens 
Fixes #34
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:20:24 -08:00
Matthew Knight f258429557
Add account lockout after failed login attempts 
Fixes #32

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:15:02 -08:00
Matthew Knight d780a3403a
Verify Apple ID token signature against JWKS 
Fixes #25

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:06:41 -08:00
Matthew Knight e6cd175c92
Set Secure flag on session cookie for HTTPS 
Fixes #9
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:50:18 -08:00
Matthew Knight 4d95fddb1b
Fix cached session bug 2026-02-17 12:14:34 -08:00
Matthew Knight 4d688ffc20
Unify UI 2026-02-17 11:01:34 -08:00
Matthew Knight 61e9f00b1c
Improvements 2026-02-14 00:19:49 -08:00
Matthew Knight 4fa62fc164
Init 2026-02-12 15:00:17 -08:00