Gitea: Bug: Users authenticated via proxy-auth can change username

Created on 27 Aug 2017  路  5Comments  路  Source: go-gitea/gitea

In the current version of gitea, it is possible for users authenticated via proxy-auth to edit their username. I'm not able to find a config option to disable this. In cases where proxy authentication is being used, this allows users to change their username and orphan their repositories because a new userid will be immediately created with their correct user.

kinbug revieweconfirmed
Source
picture MTecknology

Most helpful comment

I think in the case of proxy auth (or oauth/openid) we should disallow username changes.

picture bkcsoft on 27 Aug 2017
👍2

All 5 comments

I think in the case of proxy auth (or oauth/openid) we should disallow username changes.

bkcsoft picture bkcsoft on 27 Aug 2017
👍2

Only local users are allowed to change username and I don't think that somehow affects linked openid etc authorization that is handled otherwise and just links to account and are not authorization source

lafriks picture lafriks on 28 Aug 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

stale[bot] picture stale[bot] on 13 Feb 2019

Yes, this is a problem

ptman picture ptman on 13 Feb 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

stale[bot] picture stale[bot] on 14 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lunny picture lunny  路  3Comments
flozz picture flozz  路  3Comments
haytona picture haytona  路  3Comments
internalfx picture internalfx  路  3Comments
Fastidious picture Fastidious  路  3Comments