Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Organization removal confirmation using name not password #14738

Merged
merged 3 commits into from
Mar 1, 2021
Merged

Organization removal confirmation using name not password #14738

merged 3 commits into from
Mar 1, 2021

Conversation

pboguslawski
Copy link
Contributor

Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219

@pboguslawski
Organization removal confirmation using name not password
95ddcdd 
Gitea is asking for user password to confirm organization
removal so this operation cannot be done in systems with
SSO authentication (where no user passwords are used).

This mod changes the way gitea confirms organization
removal - user must enter organization name (not user
password) to confirm operation (similar to repository
removal confirmation).

Author-Change-Id: IB#1107219
@Kreyren
Copy link
Contributor

Kreyren commented Feb 18, 2021

FWIW i prefer the password way in scenarios where I might leave my system unattended (which rarely happens but i like safe-failure)

.. and i prefer the password over name as on GitHub it wastes time assuming password manager filling the password for me.

Proposing to implement this as a configuration per repository instead.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 18, 2021
@pboguslawski
Copy link
Contributor Author

pboguslawski commented Feb 19, 2021
edited
Loading

FWIW i prefer the password way in scenarios where I might leave my system unattended (which rarely happens but i like safe-failure)

This PR is not a nice to have feature but bugfix - without it gitea does not allow to remove organization when SSO is used without password (i.e. with reverse proxy auth only scenario).

If you feel afraid of org removal accidentally then use account without access to org settings - messing with passwords in SSO scenarios seems not practical.

@pboguslawski
Copy link
Contributor Author

Proposing to implement this as a configuration per repository instead

This PR does not apply to repo removal but org removal. Gitea confirms repo removal using its name so its compatible with both password and SSO auth.

@Kreyren
Copy link
Contributor

Kreyren commented Feb 19, 2021

This PR is not a nice to have feature but bugfix - without it gitea does not allow to remove organization when SSO is used without password (i.e. with reverse proxy auth only scenario).

Noted

This PR does not apply to repo removal but org removal. Gitea confirms repo removal using its name so its compatible with both password and SSO auth.

My fault then! I guess i confused it with the org removal, would still argue for this to be a configurable option for org and repo.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 28, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 28, 2021
@6543 6543 added this to the 1.14.0 milestone Feb 28, 2021
@6543 6543 added the type/enhancement An improvement of existing functionality label Feb 28, 2021
@pboguslawski
Translation removed
36a8157 
Translation removed from PR - will be restored using Crowdin
after pull got merged.

Fixes: 95ddcdd
Related: go-gitea#14738
Author-Change-Id: IB#1107219
@6543
Copy link
Member

6543 commented Mar 1, 2021
edited
Loading

@pboguslawski pleace merge master into?

Since your fork is within a org github, it do not allow us maintainer to keep your feature branch up to date to merge ...

@pboguslawski
Copy link
Contributor Author

pleace merge master into?

Just pressed "Update branch" on this PR page.

@lafriks lafriks merged commit 85e6e07 into go-gitea:master Mar 1, 2021
@pboguslawski pboguslawski deleted the master-IB#1107219 branch March 1, 2021 15:38
@go-gitea go-gitea locked and limited conversation to collaborators May 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@6543 6543 6543 left review comments

@techknowlogick techknowlogick techknowlogick approved these changes

@zeripath zeripath zeripath approved these changes

@noerw noerw noerw approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.14.0
Development

Successfully merging this pull request may close these issues.
8 participants
@pboguslawski @Kreyren @6543 @techknowlogick @zeripath @noerw @lafriks @GiteaBot