Deactivated administrators are not deactivated? #2955

New Issue

Closed

opened 2025-11-02 04:55:13 -06:00 by GiteaMirror · 7 comments

GiteaMirror commented 2025-11-02 04:55:13 -06:00

Owner

Copy Link

Originally created by @michelvosje on GitHub (Feb 21, 2019).

• Gitea version (or commit ref): 3b612ce built with go1.11.5 : bindata, sqlite, sqlite_unlock_notify
• Git version: 2.18.1
• Operating system: Docker
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Log gist:

Description

A week ago we deactivated a user account which was marked as an administrator account. The person assigned to the user account has left the organisation. We assumed that the user would not be able to login again into Gitea.

Today we found out he was able to create a new non-administrator account for somebody else (no worries it's contract related). I just tried it out and i see that deactivated administrator accounts still administrator rights. For us this is unexpected behaviour of Gitea which i wanted to report.
...

Screenshots

Originally created by @michelvosje on GitHub (Feb 21, 2019). - Gitea version (or commit ref): 3b612ce built with go1.11.5 : bindata, sqlite, sqlite_unlock_notify - Git version: 2.18.1 - Operating system: Docker - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [X] SQLite - Log gist: ## Description A week ago we deactivated a user account which was marked as an administrator account. The person assigned to the user account has left the organisation. We assumed that the user would not be able to login again into Gitea. Today we found out he was able to create a new non-administrator account for somebody else (no worries it's contract related). I just tried it out and i see that deactivated administrator accounts still administrator rights. For us this is unexpected behaviour of Gitea which i wanted to report. ... ## Screenshots 

GiteaMirror added the type/questionissue/stale labels 2025-11-02 04:55:13 -06:00

GiteaMirror closed this issue 2025-11-02 04:55:13 -06:00

GiteaMirror commented 2025-11-02 04:55:14 -06:00

Author

Owner

Copy Link

@jolheiser commented on GitHub (Feb 21, 2019):

One thing to note, Activated is referring to email activation when you have enabled REGISTER_EMAIL_CONFIRM in settings.
To stop someone from signing in, you would need to check Disable Sign-In when editing them.

@jolheiser commented on GitHub (Feb 21, 2019): One thing to note, `Activated` is referring to email activation when you have enabled `REGISTER_EMAIL_CONFIRM` in settings. To stop someone from signing in, you would need to check `Disable Sign-In` when editing them.

GiteaMirror commented 2025-11-02 04:55:14 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 23, 2019):

@michelvosje @jolheiser I think I have sent https://github.com/go-gitea/gitea/pull/6115 merged in v1.7.3 should fix this problem. An unactived user should also be deny login except he clicked the activation link on the confirm email.

@lunny commented on GitHub (Feb 23, 2019): @michelvosje @jolheiser I think I have sent https://github.com/go-gitea/gitea/pull/6115 merged in v1.7.3 should fix this problem. An unactived user should also be deny login except he clicked the activation link on the confirm email.

GiteaMirror commented 2025-11-02 04:55:14 -06:00

Author

Owner

Copy Link

@michelvosje commented on GitHub (Feb 25, 2019):

So am i correct that it is not possible to see from the overview of User Accounts which account is marked as enabled/disabled? I'd have to manually click all accounts 1 by 1 to see which one is and is not disabled?

From a security perspective i don't think that is correct. As an administrator i don't care who has and who has not clicked the email activation link.

@michelvosje commented on GitHub (Feb 25, 2019): So am i correct that it is not possible to see from the overview of User Accounts which account is marked as enabled/disabled? I'd have to manually click all accounts 1 by 1 to see which one is and is not disabled? From a security perspective i don't think that is correct. As an administrator i don't care who has and who has not clicked the email activation link.

GiteaMirror commented 2025-11-02 04:55:14 -06:00

Author

Owner

Copy Link

@lafriks commented on GitHub (Feb 25, 2019):

Most probably both options would be nice to see

@lafriks commented on GitHub (Feb 25, 2019): Most probably both options would be nice to see

GiteaMirror commented 2025-11-02 04:55:15 -06:00

Author

Owner

Copy Link

@adelowo commented on GitHub (Mar 3, 2019):

Might be a little confusing if both options are there. I think Activated can be swapped out for @michelvosje 's suggestion

@adelowo commented on GitHub (Mar 3, 2019): Might be a little confusing if both options are there. I think Activated can be swapped out for @michelvosje 's suggestion

GiteaMirror commented 2025-11-02 04:55:15 -06:00

Author

Owner

Copy Link

@stale[bot] commented on GitHub (May 2, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (May 2, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented 2025-11-02 04:55:15 -06:00

Author

Owner

Copy Link

@stale[bot] commented on GitHub (May 16, 2019):

This issue has been automatically closed because of inactivity. You can re-open it if needed.

@stale[bot] commented on GitHub (May 16, 2019): This issue has been automatically closed because of inactivity. You can re-open it if needed.

GiteaMirror referenced this issue 2025-11-02 12:16:15 -06:00

[PR #2955] [MERGED] Fix language names #16681

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/stale type/question

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#2955