github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

[PR #5456] [CLOSED] Prevent a prohibited user from logging in (from the login page) #17802

New Issue
Closed
opened 2025-11-02 15:54:02 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-02 15:54:02 -06:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/go-gitea/gitea/pull/5456
Author: @r-52
Created: 12/3/2018
Status: Closed

Base: masterHead: r-blocked-user-sign-in-prevention

📝 Commits (7)

  • 11c2df7 prevent a prohibited user from logging in (login)
  • 5f2dbe3 Update error message
  • d655d26 Merge branch 'master' into r-blocked-user-sign-in-prevention
  • d4098ab Fix tabs
  • 72d8ee0 Fix test as user3 is not active and should not be able to login
  • 8560ab1 Fix check for new users when authorizing using external source
  • bd30dfb user3 are not allowed to login as it is not active

📊 Changes

6 files changed (+29 additions, -2 deletions)

View changed files

📝 integrations/release_test.go (+1 -1)
📝 integrations/repo_test.go (+1 -1)
📝 models/error.go (+16 -0)
📝 models/login_source.go (+7 -0)
📝 options/locale/locale_en-US.ini (+1 -0)
📝 routers/user/auth.go (+3 -0)

📄 Description

right now, a user with the Prohibit can still log in which can cause some inconsistency. The user can click on stuff like Issues and now the issue's tab tells the user about the prohibit status.

The main problem (at least in my case) is, if you log in as a user with the Prohibit flag set to true, the Dashboard freezes the whole tab and it takes a long, long time till the website becomes responsive. In my case, it looked like the chrome tab hang up.

With this PR I've changed the regular login process to check the Prohibit flag and prevent the login right at the login process. This prevents the user from using the site.

It's just an idea to protect the instance at the login-level.

I'm not sure if it's the right way to include a new translation?

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/go-gitea/gitea/pull/5456 **Author:** [@r-52](https://github.com/r-52) **Created:** 12/3/2018 **Status:** ❌ Closed **Base:** `master` ← **Head:** `r-blocked-user-sign-in-prevention` --- ### 📝 Commits (7) - [`11c2df7`](https://github.com/go-gitea/gitea/commit/11c2df74b5818d7b48331259d622cc226eb1df9f) prevent a prohibited user from logging in (login) - [`5f2dbe3`](https://github.com/go-gitea/gitea/commit/5f2dbe3eaf39e480dddecb4b4ea4180ff6e86dd8) Update error message - [`d655d26`](https://github.com/go-gitea/gitea/commit/d655d266fa57b401bc7e312965d58b4c5f807801) Merge branch 'master' into r-blocked-user-sign-in-prevention - [`d4098ab`](https://github.com/go-gitea/gitea/commit/d4098aba5ef9e0a981e598b215db497859407ec7) Fix tabs - [`72d8ee0`](https://github.com/go-gitea/gitea/commit/72d8ee0999b83f860830cf1042db665753916773) Fix test as user3 is not active and should not be able to login - [`8560ab1`](https://github.com/go-gitea/gitea/commit/8560ab1c1d7d827607a3061dc3abaa8fca434e25) Fix check for new users when authorizing using external source - [`bd30dfb`](https://github.com/go-gitea/gitea/commit/bd30dfbe758f6bbf88092d0e21425f47c6163a64) user3 are not allowed to login as it is not active ### 📊 Changes **6 files changed** (+29 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `integrations/release_test.go` (+1 -1) 📝 `integrations/repo_test.go` (+1 -1) 📝 `models/error.go` (+16 -0) 📝 `models/login_source.go` (+7 -0) 📝 `options/locale/locale_en-US.ini` (+1 -0) 📝 `routers/user/auth.go` (+3 -0) </details> ### 📄 Description right now, a user with the `Prohibit` can still log in which can cause some inconsistency. The user can click on stuff like `Issues` and now the issue's tab tells the user about the prohibit status. The main problem (at least in my case) is, if you log in as a user with the `Prohibit` flag set to `true`, the Dashboard freezes the whole tab and it takes a long, long time till the website becomes responsive. In my case, it looked like the chrome tab hang up. With this PR I've changed the regular login process to check the `Prohibit` flag and prevent the login right at the login process. This prevents the user from using the site. It's just an idea to protect the instance at the login-level. I'm not sure if it's the right way to include a new translation? --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2025-11-02 15:54:06 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#17802
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?