You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
…#24035)
This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.
- Resolves#23392
Signed-off-by: Gary Moon <[email protected]>
…go-gitea#24035)
This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.
- Resolvesgo-gitea#23392
Signed-off-by: Gary Moon <[email protected]>
Description
Hi all,
The OAuth registration flow will log a newly registered user in regardless of the value of
GITEA__service__REGISTER_MANUAL_CONFIRM
.Where the standard registration flow creates a user and lets
handleUserCreated()
activate it if appropriate, the OAuth flow will activate the user, conditional only onGITEA__service__REGISTER_EMAIL_CONFIRM
, thereby bypassing the manual-approval check inhandleUserCreated()
.It's not clear to me whether or not the activation overwrite in oauth.go is actually necessary at all.
Gitea Version
1.17.4
Operating System
Linux
How are you running Gitea?
Docker
Database
PostgreSQL
The text was updated successfully, but these errors were encountered: