Gusted 06556abb6d fix: delay deleting authorization token (#6937) ... - 1ce33aa38d extended the LTA table with a purpose column so it could be extended to other tokens. However some are single-use tokens and should be deleted after use. - This did not result in a good UX for activating user as they needed to also fill in their passwords and in the case that the password was incorrect the token would no longer be usable. - This patch modifies the code to allow for a little delay before deleting authorization tokens to do additional verification such as the password check. This cannot be done before the authorization token check as that the authorization token determines who the user is. - Resolves forgejo/forgejo#6912 - Adjusted existing unit test. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6937 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>		2025-02-17 11:09:33 +00:00
..
2fa.go	Move context from modules to services (#29440)	2024-03-06 12:10:43 +08:00
auth.go	fix: delay deleting authorization token (#6937)	2025-02-17 11:09:33 +00:00
auth_test.go	Make "/user/login" page redirect if the current user has signed in (#29583)	2024-03-11 23:36:58 +07:00
linkaccount.go	fix: show internal login prompt for account linking (#6920)	2025-02-14 12:45:15 +00:00
main_test.go	make writing main test easier (#27270)	2023-09-28 01:38:53 +00:00
oauth.go	fix: return empty slice if AttributeSSHPublicKey is missing in RawData	2024-12-27 11:17:27 +03:00
oauth_test.go	Use user.FullName in Oauth2 id_token response (#6071)	2024-11-27 07:48:32 +00:00
openid.go	add CfTurnstileSitekey context data to all captcha templates (#31874)	2024-08-25 10:47:02 +02:00
password.go	fix: delay deleting authorization token (#6937)	2025-02-17 11:09:33 +00:00
webauthn.go	[FEAT] Add support for webauthn credential level 3	2024-08-29 10:05:03 +02:00