Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth registration flow doesn't respect manual confirmation requirement #23392

Closed
Tracked by #23794
garymoon opened this issue Mar 9, 2023 · 0 comments · Fixed by #24035
Closed
Tracked by #23794

OAuth registration flow doesn't respect manual confirmation requirement #23392

garymoon opened this issue Mar 9, 2023 · 0 comments · Fixed by #24035
Labels
type/bug

Comments

@garymoon
Copy link
Contributor

garymoon commented Mar 9, 2023
edited
Loading

Description

Hi all,

The OAuth registration flow will log a newly registered user in regardless of the value of GITEA__service__REGISTER_MANUAL_CONFIRM.

Where the standard registration flow creates a user and lets handleUserCreated() activate it if appropriate, the OAuth flow will activate the user, conditional only on GITEA__service__REGISTER_EMAIL_CONFIRM, thereby bypassing the manual-approval check in handleUserCreated().

It's not clear to me whether or not the activation overwrite in oauth.go is actually necessary at all.

Gitea Version

1.17.4

Operating System

Linux

How are you running Gitea?

Docker

Database

PostgreSQL
@kdumontnu kdumontnu mentioned this issue Mar 29, 2023
Open
6 tasks
@garymoon garymoon mentioned this issue Apr 10, 2023
Merged
lunny pushed a commit that referenced this issue Apr 25, 2023
@garymoon
Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (
ab42c13 
…#24035)

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves #23392

Signed-off-by: Gary Moon <gary@garymoon.net>
@GiteaBot GiteaBot mentioned this issue Apr 25, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Apr 25, 2023
@garymoon @GiteaBot
Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (
0b95d94 
…go-gitea#24035)

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves go-gitea#23392

Signed-off-by: Gary Moon <gary@garymoon.net>
silverwind pushed a commit that referenced this issue Apr 25, 2023
@GiteaBot @garymoon
Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (
1bbbeb2 
…#24035) (#24333)

Backport #24035 by @garymoon

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves #23392

Signed-off-by: Gary Moon <gary@garymoon.net>
Co-authored-by: Gary Moon <garymoon@users.noreply.github.com>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC garymoon/gitea
1 participant
@garymoon