closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4769 Commits
2 Branches
178 MiB
Tree: 327b1b7985
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '327b1b7985'
${ noResults }
gitea/vendor/github.com/dgrijalva/jwt-go/VERSION_HISTORY.md

104 lines
5.8 KiB
Raw Normal View History

Git LFS support v2 (#122) * Import github.com/git-lfs/lfs-test-server as lfs module base Imported commit is 3968aac269a77b73924649b9412ae03f7ccd3198 Removed: Dockerfile CONTRIBUTING.md mgmt* script/ vendor/ kvlogger.go .dockerignore .gitignore README.md * Remove config, add JWT support from github.com/mgit-at/lfs-test-server Imported commit f0cdcc5a01599c5a955dc1bbf683bb4acecdba83 * Add LFS settings * Add LFS meta object model * Add LFS routes and initialization * Import github.com/dgrijalva/jwt-go into vendor/ * Adapt LFS module: handlers, routing, meta store * Move LFS routes to /user/repo/info/lfs/* * Add request header checks to LFS BatchHandler / PostHandler * Implement LFS basic authentication * Rework JWT secret generation / load * Implement LFS SSH token authentication with JWT Specification: https://github.com/github/git-lfs/tree/master/docs/api * Integrate LFS settings into install process * Remove LFS objects when repository is deleted Only removes objects from content store when deleted repo is the only referencing repository * Make LFS module stateless Fixes bug where LFS would not work after installation without restarting Gitea * Change 500 'Internal Server Error' to 400 'Bad Request' * Change sql query to xorm call * Remove unneeded type from LFS module * Change internal imports to code.gitea.io/gitea/ * Add Gitea authors copyright * Change basic auth realm to "gitea-lfs" * Add unique indexes to LFS model * Use xorm count function in LFS check on repository delete * Return io.ReadCloser from content store and close after usage * Add LFS info to runWeb() * Export LFS content store base path * LFS file download from UI * Work around git-lfs client issue with unauthenticated requests Returning a dummy Authorization header for unauthenticated requests lets git-lfs client skip asking for auth credentials See: https://github.com/github/git-lfs/issues/1088 * Fix unauthenticated UI downloads from public repositories * Authentication check order, Finish LFS file view logic * Ignore LFS hooks if installed for current OS user Fixes Gitea UI actions for repositories tracking LFS files. Checks for minimum needed git version by parsing the semantic version string. * Hide LFS metafile diff from commit view, marking as binary * Show LFS notice if file in commit view is tracked * Add notbefore/nbf JWT claim * Correct lint suggestions - comments for structs and functions - Add comments to LFS model - Function comment for GetRandomBytesAsBase64 - LFS server function comments and lint variable suggestion * Move secret generation code out of conditional Ensures no LFS code may run with an empty secret * Do not hand out JWT tokens if LFS server support is disabled
8 years ago
 
  1. ## `jwt-go` Version History

  2. 

  3. #### 3.0.0

  4. 

  5. * **Compatibility Breaking Changes**: See MIGRATION_GUIDE.md for tips on updating your code
  6. 	* Dropped support for `[]byte` keys when using RSA signing methods.  This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods.
  7. 	* `ParseFromRequest` has been moved to `request` subpackage and usage has changed
  8. 	* The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`.  The default value is type `MapClaims`, which is an alias to `map[string]interface{}`.  This makes it possible to use a custom type when decoding claims.
  9. * Other Additions and Changes
  10. 	* Added `Claims` interface type to allow users to decode the claims into a custom type
  11. 	* Added `ParseWithClaims`, which takes a third argument of type `Claims`.  Use this function instead of `Parse` if you have a custom type you'd like to decode into.
  12. 	* Dramatically improved the functionality and flexibility of `ParseFromRequest`, which is now in the `request` subpackage
  13. 	* Added `ParseFromRequestWithClaims` which is the `FromRequest` equivalent of `ParseWithClaims`
  14. 	* Added new interface type `Extractor`, which is used for extracting JWT strings from http requests.  Used with `ParseFromRequest` and `ParseFromRequestWithClaims`.
  15. 	* Added several new, more specific, validation errors to error type bitmask
  16. 	* Moved examples from README to executable example files
  17. 	* Signing method registry is now thread safe
  18. 	* Added new property to `ValidationError`, which contains the raw error returned by calls made by parse/verify (such as those returned by keyfunc or json parser)
  19. 

  20. #### 2.7.0

  21. 

  22. This will likely be the last backwards compatible release before 3.0.0, excluding essential bug fixes.
  23. 

  24. * Added new option `-show` to the `jwt` command that will just output the decoded token without verifying
  25. * Error text for expired tokens includes how long it's been expired
  26. * Fixed incorrect error returned from `ParseRSAPublicKeyFromPEM`
  27. * Documentation updates
  28. 

  29. #### 2.6.0

  30. 

  31. * Exposed inner error within ValidationError
  32. * Fixed validation errors when using UseJSONNumber flag
  33. * Added several unit tests
  34. 

  35. #### 2.5.0

  36. 

  37. * Added support for signing method none.  You shouldn't use this.  The API tries to make this clear.
  38. * Updated/fixed some documentation
  39. * Added more helpful error message when trying to parse tokens that begin with `BEARER `
  40. 

  41. #### 2.4.0

  42. 

  43. * Added new type, Parser, to allow for configuration of various parsing parameters
  44. 	* You can now specify a list of valid signing methods.  Anything outside this set will be rejected.
  45. 	* You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON
  46. * Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go)
  47. * Fixed some bugs with ECDSA parsing
  48. 

  49. #### 2.3.0

  50. 

  51. * Added support for ECDSA signing methods
  52. * Added support for RSA PSS signing methods (requires go v1.4)
  53. 

  54. #### 2.2.0

  55. 

  56. * Gracefully handle a `nil` `Keyfunc` being passed to `Parse`.  Result will now be the parsed token and an error, instead of a panic.
  57. 

  58. #### 2.1.0

  59. 

  60. Backwards compatible API change that was missed in 2.0.0.
  61. 

  62. * The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte`
  63. 

  64. #### 2.0.0

  65. 

  66. There were two major reasons for breaking backwards compatibility with this update.  The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations.  There will likely be no required code changes to support this change.
  67. 

  68. The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods.  Not all keys used for all signing methods have a single standard on-disk representation.  Requiring `[]byte` as the type for all keys proved too limiting.  Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys.  Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `*rsa.PublicKey` and `*rsa.PrivateKey`.
  69. 

  70. It is likely the only integration change required here will be to change `func(t *jwt.Token) ([]byte, error)` to `func(t *jwt.Token) (interface{}, error)` when calling `Parse`.
  71. 

  72. * **Compatibility Breaking Changes**
  73. 	* `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct`
  74. 	* `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct`
  75. 	* `KeyFunc` now returns `interface{}` instead of `[]byte`
  76. 	* `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key
  77. 	* `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key
  78. * Renamed type `SigningMethodHS256` to `SigningMethodHMAC`.  Specific sizes are now just instances of this type.
  79.     * Added public package global `SigningMethodHS256`
  80.     * Added public package global `SigningMethodHS384`
  81.     * Added public package global `SigningMethodHS512`
  82. * Renamed type `SigningMethodRS256` to `SigningMethodRSA`.  Specific sizes are now just instances of this type.
  83.     * Added public package global `SigningMethodRS256`
  84.     * Added public package global `SigningMethodRS384`
  85.     * Added public package global `SigningMethodRS512`
  86. * Moved sample private key for HMAC tests from an inline value to a file on disk.  Value is unchanged.
  87. * Refactored the RSA implementation to be easier to read
  88. * Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM`
  89. 

  90. #### 1.0.2

  91. 

  92. * Fixed bug in parsing public keys from certificates
  93. * Added more tests around the parsing of keys for RS256
  94. * Code refactoring in RS256 implementation.  No functional changes
  95. 

  96. #### 1.0.1

  97. 

  98. * Fixed panic if RS256 signing method was passed an invalid key
  99. 

  100. #### 1.0.0

  101. 

  102. * First versioned release
  103. * API stabilized
  104. * Supports creating, signing, parsing, and validating JWT tokens
  105. * Supports RS256 and HS256 signing methods