github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 10:39:38 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[PR #5029] [CLOSED] UX Optional Password & Captcha for External Registration #17602

New Issue
Closed
opened 2025-11-02 14:22:22 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-02 14:22:22 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/5029
Author: @coolaj86
Created: 10/6/2018
Status: Closed

Base: masterHead: ux-no-password

📝 Commits (2)

  • 64971f8 make password and captcha optional for external registration
  • dd63dfc Merge branch 'master' into solderjs-ux-no-password

📊 Changes

5 files changed (+59 additions, -23 deletions)

View changed files

📝 modules/auth/user_form.go (+2 -1)
📝 modules/setting/service.go (+4 -0)
📝 routers/user/auth.go (+41 -14)
📝 templates/user/auth/signin_inner.tmpl (+2 -0)
📝 templates/user/auth/signup_inner.tmpl (+10 -8)

📄 Description

Re: https://github.com/go-gitea/gitea/issues/4226 and https://github.com/go-gitea/gitea/issues/3837

I see the primary purposes of external accounts as to increase security and convenience (which always go hand-in-hand).

If I have enabled external accounts, I should not require the user to weaken security by forcing them to create a (likely re-used) password.

Likewise, since I've already hand-picked the external account providers that I trust and want to allow, I should not reduce convenience by requiring a secondary captcha.

  • Do not require password for external accounts via REQUIRE_EXTERNAL_REGISTRATION_PASSWORD
  • Do not require password for external accounts via REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA
  • Only reject omitted passwords on forms that use a password
  • Do not provide the option for a password when ALLOW_ONLY_EXTERNAL_REGISTRATION

Some other fixes that I want to get in, but may deserve separate PRs:

If you'd like to test it out

My pull request is against master, but I run it as backport to v1.5.1 (includes https://github.com/go-gitea/gitea/pull/5006, https://github.com/go-gitea/gitea/pull/5029, https://github.com/go-gitea/gitea/pull/5033, https://github.com/go-gitea/gitea/pull/5034):

git clone https://github.com/coolaj86/gitea.git gitea.coolaj86 -b v1.5.1-coolaj86
pushd gitea.coolaj86
TAGS="bindata sqlite" make generate all

I would not recommend replacing your existing gitea, but rather creating a symlink so that you can easily switch back if you don't like it. For example, if you keep gitea in /opt/gitea/bin:

rsync -av ./gitea /opt/gitea/bin/gitea-v1.5.1-coolaj86
pushd /opt/gitea/bin
mv gitea gitea-v1.5.1
ln -s gitea-v1.5.1-coolaj86 gitea

I've run a couple of manual tests so far, so I feel comfortable with someone else trying it out. I won't be pushing any additional changes to that branch (such as the upcoming changes to address the empty checkboxes in the issue) until I've tested them in production for myself.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/5029 **Author:** [@coolaj86](https://github.com/coolaj86) **Created:** 10/6/2018 **Status:** ❌ Closed **Base:** `master` ← **Head:** `ux-no-password` --- ### 📝 Commits (2) - [`64971f8`](https://github.com/go-gitea/gitea/commit/64971f88e65934fe51f3b8a598aaee5aefecd634) make password and captcha optional for external registration - [`dd63dfc`](https://github.com/go-gitea/gitea/commit/dd63dfc0439abd06f6a10abb2125e39793f0b2a1) Merge branch 'master' into solderjs-ux-no-password ### 📊 Changes **5 files changed** (+59 additions, -23 deletions) <details> <summary>View changed files</summary> 📝 `modules/auth/user_form.go` (+2 -1) 📝 `modules/setting/service.go` (+4 -0) 📝 `routers/user/auth.go` (+41 -14) 📝 `templates/user/auth/signin_inner.tmpl` (+2 -0) 📝 `templates/user/auth/signup_inner.tmpl` (+10 -8) </details> ### 📄 Description Re: https://github.com/go-gitea/gitea/issues/4226 and https://github.com/go-gitea/gitea/issues/3837 I see the primary purposes of external accounts as to increase security and convenience (which always go hand-in-hand). If I have enabled external accounts, I should not require the user to weaken security by forcing them to create a (likely re-used) password. Likewise, since I've already hand-picked the external account providers that I trust and want to allow, I should not reduce convenience by requiring a secondary captcha. * [x] Do not require password for external accounts via `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD` * [x] Do not require password for external accounts via `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA` * [x] Only reject omitted passwords on forms that use a password * [x] Do not provide the option for a password when `ALLOW_ONLY_EXTERNAL_REGISTRATION` Some other fixes that I want to get in, but may deserve separate PRs: * [x] Do not require logging in twice when creating account (PR #5033) * [x] Allow resetting (creating) password via email, even when logged in (PR https://github.com/go-gitea/gitea/pull/5034, Issue https://github.com/go-gitea/gitea/issues/5008) If you'd like to test it out ==== My pull request is against `master`, but [I run it](https://git.coolaj86.com) as backport to v1.5.1 (includes https://github.com/go-gitea/gitea/pull/5006, https://github.com/go-gitea/gitea/pull/5029, https://github.com/go-gitea/gitea/pull/5033, https://github.com/go-gitea/gitea/pull/5034): ```bash git clone https://github.com/coolaj86/gitea.git gitea.coolaj86 -b v1.5.1-coolaj86 pushd gitea.coolaj86 TAGS="bindata sqlite" make generate all ``` I would not recommend replacing your existing gitea, but rather creating a symlink so that you can easily switch back if you don't like it. For example, if you keep `gitea` in `/opt/gitea/bin`: ```bash rsync -av ./gitea /opt/gitea/bin/gitea-v1.5.1-coolaj86 pushd /opt/gitea/bin mv gitea gitea-v1.5.1 ln -s gitea-v1.5.1-coolaj86 gitea ``` I've run a couple of manual tests so far, so I feel comfortable with someone else trying it out. I won't be pushing any additional changes to that branch (such as the upcoming changes to address the empty checkboxes in the issue) until I've tested them in production for myself. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-02 14:22:23 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#17602
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?