Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth registration flow doesn't respect manual confirmation requirement #23392

Closed
Tracked by #23794
garymoon opened this issue Mar 9, 2023 · 0 comments · Fixed by #24035
Closed
Tracked by #23794

OAuth registration flow doesn't respect manual confirmation requirement #23392

garymoon opened this issue Mar 9, 2023 · 0 comments · Fixed by #24035
Labels

Comments

@garymoon
Copy link
Contributor

garymoon commented Mar 9, 2023

Description

Hi all,

The OAuth registration flow will log a newly registered user in regardless of the value of GITEA__service__REGISTER_MANUAL_CONFIRM.

Where the standard registration flow creates a user and lets handleUserCreated() activate it if appropriate, the OAuth flow will activate the user, conditional only on GITEA__service__REGISTER_EMAIL_CONFIRM, thereby bypassing the manual-approval check in handleUserCreated().

It's not clear to me whether or not the activation overwrite in oauth.go is actually necessary at all.

Gitea Version

1.17.4

Operating System

Linux

How are you running Gitea?

Docker

Database

PostgreSQL

lunny pushed a commit that referenced this issue Apr 25, 2023
…#24035)

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves #23392

Signed-off-by: Gary Moon <[email protected]>
GiteaBot pushed a commit to GiteaBot/gitea that referenced this issue Apr 25, 2023
…go-gitea#24035)

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves go-gitea#23392

Signed-off-by: Gary Moon <[email protected]>
silverwind pushed a commit that referenced this issue Apr 25, 2023
…#24035) (#24333)

Backport #24035 by @garymoon

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves #23392

Signed-off-by: Gary Moon <[email protected]>
Co-authored-by: Gary Moon <[email protected]>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant