Login page does not redirect if already authenticated #12589

New Issue

GiteaMirror · 2025-11-02T10:15:23-06:00

GiteaMirror commented

2025-11-02 10:15:23 -06:00

Originally created by @Abyss777 on GitHub (Mar 4, 2024).

Description

In some major release, behavior after successful login was changed.

I have kerberos authorization in apache reverse proxy

    <Location /user/login>
        AuthType Kerberos
        AuthName "Kerberos Login"
        KrbAuthRealms AD.LOCAL
        KrbMethodNegotiate on
        KrbServiceName Any
        KrbLocalUserMapping On
        Krb5Keytab /etc/apache2/keytabs/gitea.keytab
        Require valid-user

        RewriteEngine On
        RewriteCond %{LA-U:REMOTE_USER} (.+)
        RewriteRule . - [E=RU:%1]
        RequestHeader set X-WEBAUTH-USER %{RU}e
        RequestHeader unset Authorization
    </Location>

That sets X-WEBAUTH-USER header only for /user/login location because I need unauthorized access to some gitea pages.

And proxy authorization enabled

ENABLE_REVERSE_PROXY_AUTHENTICATION = true

I'm not sure, but before 1.21 or even 1.20 after user click on Login button in right upper corner, he will be redirected to login page, get successful authentication via proxy header and then just redirected to default / page.

But in the latest releases redirect does not happen, user gets authenticated (sees his avatar in right upper corner) but still on the login page.

User usually doesn't understand that he is authenticated and complains that SSO don't works.

Could you please revert behavior and redirect from login page if proxy authentication was successful.

Gitea Version

1.21.7

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Official docker image

Database

MySQL/MariaDB

Originally created by @Abyss777 on GitHub (Mar 4, 2024). ### Description In some major release, behavior after successful login was changed. I have kerberos authorization in apache reverse proxy ``` <Location /user/login> AuthType Kerberos AuthName "Kerberos Login" KrbAuthRealms AD.LOCAL KrbMethodNegotiate on KrbServiceName Any KrbLocalUserMapping On Krb5Keytab /etc/apache2/keytabs/gitea.keytab Require valid-user RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set X-WEBAUTH-USER %{RU}e RequestHeader unset Authorization </Location> ``` That sets `X-WEBAUTH-USER` header only for `/user/login` location because I need unauthorized access to some gitea pages. And proxy authorization enabled ``` ENABLE_REVERSE_PROXY_AUTHENTICATION = true ``` I'm not sure, but before 1.21 or even 1.20 after user click on Login button in right upper corner, he will be redirected to login page, get successful authentication via proxy header and then just redirected to default `/` page. But in the latest releases redirect does not happen, user gets authenticated (sees his avatar in right upper corner) but still on the login page. User usually doesn't understand that he is authenticated and complains that SSO don't works. Could you please revert behavior and redirect from login page if proxy authentication was successful. ### Gitea Version 1.21.7 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? Official docker image ### Database MySQL/MariaDB

GiteaMirror added the type/bug label 2025-11-02 10:15:23 -06:00

GiteaMirror closed this issue

2025-11-02 10:15:24 -06:00

GiteaMirror commented

2025-11-02 10:15:25 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2024):

It is a regression of #26105.

TBH, I regret that I approved it too quickly at that time .... it needs some more complicated designs to satisfy various cases now .....

@wxiaoguang commented on GitHub (Mar 4, 2024): It is a regression of #26105. TBH, I regret that I approved it too quickly at that time .... it needs some more complicated designs to satisfy various cases now .....

GiteaMirror commented

2025-11-02 10:15:25 -06:00

@wxiaoguang commented on GitHub (Mar 4, 2024):

-> Make "/user/login" page redirect if the current user has signed in #29583

@wxiaoguang commented on GitHub (Mar 4, 2024): -> Make "/user/login" page redirect if the current user has signed in #29583

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#12589