Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC #24035

Merged
merged 9 commits into from
Apr 25, 2023
Merged

Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC #24035

merged 9 commits into from
Apr 25, 2023

Conversation

garymoon
Copy link
Contributor

This change prevents Gitea from bypassing the manual approval process for newly registered users when OIDC is used.

@yardenshoham yardenshoham added this to the 1.20.0 milestone Apr 10, 2023
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Apr 23, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 23, 2023
@silverwind silverwind added topic/authentication type/bug and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Apr 23, 2023
@silverwind
Copy link
Member

@kdumontnu care to review?

@garymoon
Copy link
Contributor Author

@kdumontnu care to review?

We try to avoid the conflict of interest since we work together at AllSpice.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 24, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Apr 24, 2023
@yardenshoham yardenshoham added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 24, 2023
@yp05327
Copy link
Contributor

yp05327 commented Apr 25, 2023

Maybe this PR also fixes #24138 ?
And it seems that there was a discussion about this issue before in #19310

@garymoon
Copy link
Contributor Author

I agree #24138 does sound like the same issue. The discussion in #19310 seems to be around addressing this type of issue more generally, which would be good, but will be quite an undertaking by the sounds of it.

@lunny lunny merged commit ab42c13 into go-gitea:main Apr 25, 2023
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 25, 2023
@wxiaoguang wxiaoguang added the outdated/backport/v1.19 This PR should be backported to Gitea 1.19 label Apr 25, 2023
@GiteaBot GiteaBot mentioned this pull request Apr 25, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Apr 25, 2023
@garymoon @GiteaBot
Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (
0b95d94 
…go-gitea#24035)

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves go-gitea#23392

Signed-off-by: Gary Moon <gary@garymoon.net>
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Apr 25, 2023
silverwind pushed a commit that referenced this pull request Apr 25, 2023
@GiteaBot @garymoon
Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (
1bbbeb2 
…#24035) (#24333)

Backport #24035 by @garymoon

This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.

- Resolves #23392

Signed-off-by: Gary Moon <gary@garymoon.net>
Co-authored-by: Gary Moon <garymoon@users.noreply.github.com>
zjjhot added a commit to zjjhot/gitea that referenced this pull request Apr 26, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
3be44b5 
* giteaofficial/main:
  Fix broken clone script on an empty archived repo (go-gitea#24339)
  Improve RSS (go-gitea#24335)
  Automatically select the org when click create repo from org dashboard (go-gitea#24325)
  on schedule
  on schedule
  switch to use Actions from drone for cron (go-gitea#24314)
  [skip ci] Updated translations via Crowdin
  Restore bold on repolist (go-gitea#24337)
  Fix template function DateTime (go-gitea#24317)
  Fix incorrect CORS response in Http Git handler (go-gitea#24303)
  Updated upgrade script that is informing user that Gitea service has to be running in order to upgrade it (go-gitea#24260)
  Add tags list for repos whose release setting is disabled (go-gitea#23465)
  Refactor config provider (go-gitea#24245)
  Add RSS Feeds for branches and files (go-gitea#22719)
  Make SVG in dropdown menu have the same margin-right as IMG (go-gitea#24316)
  Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (go-gitea#24035)
@adamu adamu mentioned this pull request Apr 29, 2023
Open
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jul 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silverwind silverwind silverwind approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. outdated/backport/v1.19 This PR should be backported to Gitea 1.19 size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. topic/authentication type/bug
Projects
None yet
Milestone
1.20.0
Development

Successfully merging this pull request may close these issues.

OAuth registration flow doesn't respect manual confirmation requirement
7 participants
@garymoon @silverwind @yp05327 @wxiaoguang @lunny @yardenshoham @GiteaBot