1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-22 12:54:53 -05:00
forgejo/models/auth
Gusted 29a0b0131e fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)"
This commit has a fundamental flaw, in order to syncronize if external
users are still active the commit checks if the refresh token is
accepted by the OAuth provider, if that is not the case it sees that as
the user is disabled and sets the is active field to `false` to signal
that. Because it might be possible (this commit makes this a highly
likelyhood) that the OAuth provider still recognizes this user the
commit introduces code to allow users to re-active themselves via the
oauth flow if they were disabled because of this. However this code
makes no distinction in why the user was disabled and always re-actives
the user.

Thus the reactivation via the OAuth flow allows users to bypass the
manually activation setting (`[service].REGISTER_MANUAL_CONFIRM`) or if
the admin for other reasons disabled the user.

This reverts commit 21fdd28f08.

(cherry picked from commit 7f8f9b878f)
2024-12-12 05:43:20 +00:00
..
TestOrphanedOAuth2Applications test: Global OAuth should not be deleted 2024-11-23 22:48:41 +00:00
access_token.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
access_token_scope.go [GITEA] silently ignore obsolete sudo scope 2024-02-05 16:05:50 +01:00
access_token_scope_test.go [GITEA] silently ignore obsolete sudo scope 2024-02-05 16:05:50 +01:00
access_token_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth_token.go fix: extend forgejo_auth_token table 2024-11-15 11:33:17 +01:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
oauth2.go fix: Do not delete global Oauth2 applications 2024-11-23 22:48:42 +00:00
oauth2_list.go Use db.Find instead of writing methods for every object (#28084) 2023-11-24 03:49:41 +00:00
oauth2_test.go test: Global OAuth should not be deleted 2024-11-23 22:48:41 +00:00
session.go Fix session key conflict with database keyword (#28613) 2023-12-27 15:24:23 +08:00
session_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
source.go fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)" 2024-12-12 05:43:20 +00:00
source_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
twofactor.go [GITEA] Drop sha256-simd in favor of stdlib 2024-02-05 16:09:40 +01:00
webauthn.go [FEAT] Add support for webauthn credential level 3 2024-08-29 10:05:03 +02:00
webauthn_test.go [FEAT] Add support for webauthn credential level 3 2024-08-29 10:05:03 +02:00