Gitea: Username should be able to be an email address

Thought: perhaps this should be a boolean option, since it could break other things.

What would the users slug be in the URLs? gitea.com/[email protected]/<repo>? I think there are allowed characters in email addresses that are not allowed in URLs.

This will also be nice for multi forrest ad users.

@sbstp are you sure? I'm fairly certain that this could be done.

Mentions for these emails would also work, using @user@domain like Mastodon and other ActivityPub-based systems do.

Federation is currently being worked on (via a separate working group), and so this is something that will need to be evaluated in that context, as if emails are allowed, how would we mention across instances if an account on one instance is an email, especially if it contains a domain that doesn't match the domain of the git server.

I have reverse proxy authentication set up. My Apache uses OpenID Connect, and I use it as SSO for a bunch of personal things.

When I use a Google identity, the default for mod_auth_openidc is to use "sub" as the remote user, which is a long integer and domain: [email protected]

I've changed it to use the "email" claim instead, which means it still contains an @-sign.

Whenever I go to my profile page (for either of them) and try to change my username, it seems a new user is created. When I try to change anything else (and leaving username alone), it rejects it saying the username is invalid.

It would indeed be nice to make that work. Since I want auto-registration (and handle authorization in Apache), I can't guarantee user-ID uniqueness except if it includes the domain.

that should probably be handled in oauth instead by for example replacing @ sign with - or something like that

Maybe it would work to change just the sanitizeUserDN to replace all instances of %s instead of just using sprintf for the first. Then you could use an LDAP filter like:

(&(objectClass=user)(|(sAMAccountName=%s)(UserPrincipalName=%s)(mail=%s)))

I have a similar problem. My LDAP has Mail and userPrincipalName. I do like this:

User Filter: (|(userPrincipalName=%[1]s)(mail=%[1]s))
username: userPrincipalName

userPrincipalName like as name.[email protected]
mail like as [email protected]

After that, the user can log in by mail of the form: [email protected]
Username is userPrincipalName, i.e. Link to the profile is obtained as follows:
https://git.domain.ltd/[email protected]
And this works, but if I try to use userPrincipalName with login, I get:

2020/01/24 12:44:31 ...dels/login_source.go:717:UserSignIn() [W] Failed to login 'name.[email protected]' via 'LDAP': Invalid pattern for attribute 'username' [name.[email protected]]: must be valid alpha or numeric or dash(-_) or dot characters

Was this functionality lost again? I was able to use LDAP emails as user-ids in version 1.7.0, but when I upgraded to version 1.12.0+dev-171-g12960b9d1 it does not seem to work any more, and with the same error:

Error creating user @: User name is invalid [@]: must be valid alpha or numeric or dash(-_) or dot characters

Any news on this topic for version 1.12?

@voidbip yes unfortunately the functionality had to be lost due to a security issue with it.

What we need to do is allow LDAP to provide a mapping function from an email address to a username.