github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-26 08:41:08 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

unable to delete user that was created by "login with github" #4132

New Issue
Closed
opened 2025-11-02 05:39:43 -06:00 by GiteaMirror · 11 comments
GiteaMirror commented 2025-11-02 05:39:43 -06:00
Owner
Copy Link

Originally created by @ashimokawa on GitHub (Oct 17, 2019).

  • Gitea version (or commit ref): 1.10-rc1
  • Git version: 2.20.1
  • Operating system: Debian 10
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

  1. Go to try.gitea.io
  2. go to sign-in
  3. click "login with github"
  4. create a new account (left tab)
  5. after logging in with github go to settings/account
  6. click on delete user, enter password, confirm

A white page with the following error appears:
template: user/settings/account:62:48: executing "user/settings/account" at <eq .EmailNotificationsPreference "enabled">: error calling eq: invalid type for comparison
User Workaround:

  1. log out
  2. go to sign-in
  3. click forgot passwort
  4. click on the email link, specify a new password

Now it is possible to delete your user

What I also noticed:

  1. When creating a new user with "login with github", there is no complexity check for the password, a simple one seemed to be accepted (no error visible at least)
  2. the initial password does not work for login without gihub, but after clicking forgot password and creating a new one it does work.
Originally created by @ashimokawa on GitHub (Oct 17, 2019). - Gitea version (or commit ref): 1.10-rc1 - Git version: 2.20.1 - Operating system: Debian 10 - Database (use `[x]`): - [ ] PostgreSQL - [X] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [X] Yes (provide example URL) - [ ] No - [ ] Not relevant - Log gist: ## Description 1. Go to try.gitea.io 2. go to sign-in 3. click "login with github" 4. create a new account (left tab) 5. after logging in with github go to settings/account 6. click on delete user, enter password, confirm A white page with the following error appears: ` template: user/settings/account:62:48: executing "user/settings/account" at <eq .EmailNotificationsPreference "enabled">: error calling eq: invalid type for comparison ` User Workaround: 1. log out 2. go to sign-in 3. click forgot passwort 4. click on the email link, specify a new password Now it is possible to delete your user What I also noticed: 1. When creating a new user with "login with github", there is no complexity check for the password, a simple one seemed to be accepted (no error visible at least) 2. the initial password does not work for login without gihub, but after clicking forgot password and creating a new one it does work.
GiteaMirror added the type/bug label 2025-11-02 05:39:43 -06:00
GiteaMirror commented 2025-11-02 05:39:43 -06:00
Author
Owner
Copy Link

@ashimokawa commented on GitHub (Oct 17, 2019):

Just a random thought...
Could be worth to check if the complexity check somehow rejects the password silently when creating a new user with "login with github" and if that leads to all the problems (cant login without github, cant delete user)

@ashimokawa commented on GitHub (Oct 17, 2019): Just a random thought... Could be worth to check if the complexity check somehow rejects the password silently when creating a new user with "login with github" and if that leads to all the problems (cant login without github, cant delete user)
GiteaMirror commented 2025-11-02 05:39:44 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (Nov 4, 2019):

Please retest, https://github.com/go-gitea/gitea/pull/8826 might have fixed it.

@silverwind commented on GitHub (Nov 4, 2019): ~~Please retest, https://github.com/go-gitea/gitea/pull/8826 might have fixed it.~~
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@lafriks commented on GitHub (Nov 4, 2019):

@silverwind I don't think my PR fixed this as there was bug also in LDAP sources but when I tested deleting user with ldap source it was working just fine so it must be something else

@lafriks commented on GitHub (Nov 4, 2019): @silverwind I don't think my PR fixed this as there was bug also in LDAP sources but when I tested deleting user with ldap source it was working just fine so it must be something else
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 8, 2019):

Well, I finally had the time to investigate how to setup OAuth2 app in Github (it was pretty easy, I was just over-complicating things myself).

The good (bad?) thing is that I couldn't reproduce the bug with master, so this must have been fixed sometime along the way? I need to check with 1.10.0.

Here's my tests (sorry, forgot to capture the Github login screen, but it's not important):

image

(Insert missing Github login capture here 😉)

image

image

image

image

image

image

@guillep2k commented on GitHub (Nov 8, 2019): Well, I finally had the time to investigate how to setup OAuth2 app in Github (it was pretty easy, I was just over-complicating things myself). The good (bad?) thing is that I couldn't reproduce the bug **with `master`**, so this must have been fixed sometime along the way? **I need to check with 1.10.0**. Here's my tests (sorry, forgot to capture the Github login screen, but it's not important): ![image](https://user-images.githubusercontent.com/18600385/68497266-ea417480-0232-11ea-889c-978b71a59c9e.png) (Insert missing Github login capture here 😉) ![image](https://user-images.githubusercontent.com/18600385/68497289-f9282700-0232-11ea-96e4-eb65a6e13807.png) ![image](https://user-images.githubusercontent.com/18600385/68497320-0ba26080-0233-11ea-8067-3f3c0a0b99b9.png) ![image](https://user-images.githubusercontent.com/18600385/68497339-16f58c00-0233-11ea-964c-5d2a1ffd939c.png) ![image](https://user-images.githubusercontent.com/18600385/68497352-1ceb6d00-0233-11ea-953c-6f2846c87f9c.png) ![image](https://user-images.githubusercontent.com/18600385/68497360-21b02100-0233-11ea-8581-0245cd0d614f.png) ![image](https://user-images.githubusercontent.com/18600385/68497367-24ab1180-0233-11ea-80fd-218c040757d6.png)
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 8, 2019):

It seems to have been fixed in v1.10.0-rc2 too. Unable to reproduce.

@guillep2k commented on GitHub (Nov 8, 2019): It seems to have been fixed in v1.10.0-rc2 too. Unable to reproduce.
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 8, 2019):

It seems that other users are still hitting this issue, so my findings should at least help isolate the problem. For context, my test instance is configured with:

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = true
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
@guillep2k commented on GitHub (Nov 8, 2019): It seems that other users are still hitting this issue, so my findings should at least help isolate the problem. For context, my test instance is configured with: ``` [service] REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = true DISABLE_REGISTRATION = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false ```
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 8, 2019):

Well, I've tested with all of these combinations and I still can't reproduce:

  • REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true (after #8885), PASSWORD_COMPLEXITY = off during the whole test.
  • REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true (after #8885), PASSWORD_COMPLEXITY = off at the moment of registration; * PASSWORD_COMPLEXITY = (default) when attempting to delete the account (to attempt triggering an invalid complexity for the preexisting password).
  • Create the user from the Github OAuth2, adding a password later.
  • Register as a normal user with password; add OAuth2 later.

In any case, the code for password complexity check (IsComplexEnough()) was never reached during the delete operation (at least in my case).

I'm aware that try.gitea.io shows this problem, but being unable to reproduce... it's a tough task!

In a side note, I'm still bugged by @ashimokawa 's error description:

A white page with the following error appears:
template: user/settings/account:62:48: executing "user/settings/account" at <eq .EmailNotificationsPreference "enabled">: error calling eq: invalid type for comparison

I think that some users at try.gitea.com might have an invalid value in their email_notifications_preference column, although it's unclear how could that be related to this issue.

@guillep2k commented on GitHub (Nov 8, 2019): Well, I've tested with all of these combinations and I still can't reproduce: * `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true` (after #8885), `PASSWORD_COMPLEXITY = off` during the whole test. * `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true` (after #8885), `PASSWORD_COMPLEXITY = off` at the moment of registration; * `PASSWORD_COMPLEXITY = (default)` when attempting to delete the account (to attempt triggering an invalid complexity for the preexisting password). * Create the user from the Github OAuth2, adding a password later. * Register as a normal user with password; add OAuth2 later. In any case, the code for password complexity check (`IsComplexEnough()`) was never reached during the delete operation (at least in my case). I'm aware that [try.gitea.io](try.gitea.io) shows this problem, but being unable to reproduce... it's a tough task! ~~In a side note, I'm still bugged by @ashimokawa 's error description:~~ > ~~A white page with the following error appears:~~ > ~~`template: user/settings/account:62:48: executing "user/settings/account" at <eq .EmailNotificationsPreference "enabled">: error calling eq: invalid type for comparison`~~ ~~I think that some users at try.gitea.com might have an invalid value in their `email_notifications_preference` column, although it's unclear how could that be related to this issue.~~
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 8, 2019):

New development! I've unlinked my previous try account (guillep2k) from Github. Then I created a new try account (guillep3k) using Github; I gave it a password to complete the registration. Now I can log in using Github as expected (it brings me to the guillep3k user), but I can't log in with my password, which connects to this issue. But here's the Strangest Thing™ of all:

image

Where is my Github linked account?? I've just used it to log in!!

Am I crazy? 😵

I did what any of you would: I've logged off and attempted a new login with Github. I was able to log in. And the linked account is still missing from my settings.

Talk about reproducibility!

@guillep2k commented on GitHub (Nov 8, 2019): New development! I've unlinked my previous _try_ account (guillep2k) from Github. Then I created a new _try_ account (guillep3k) using Github; I gave it a password to complete the registration. Now I can log in using Github as expected (it brings me to the guillep3k user), but **I can't log in with my password**, which connects to this issue. But here's the Strangest Thing™ of all: ![image](https://user-images.githubusercontent.com/18600385/68516090-d4977380-0261-11ea-8e71-b4feff36463a.png) ### Where is my Github linked account?? I've just used it to log in!! Am I crazy? 😵 I did what any of you would: I've logged off and attempted a new login with Github. **I was able to log in**. And the linked account **is still missing from my settings**. Talk about reproducibility!
GiteaMirror commented 2025-11-02 05:39:45 -06:00
Author
Owner
Copy Link

@jolheiser commented on GitHub (Nov 8, 2019):

The email_notifications_preference bug was fixed by #8562

@jolheiser commented on GitHub (Nov 8, 2019): The `email_notifications_preference` bug was fixed by #8562
GiteaMirror commented 2025-11-02 05:39:46 -06:00
Author
Owner
Copy Link

@guillep2k commented on GitHub (Nov 9, 2019):

The email_notifications_preference bug was fixed by #8562

Oh, yes, now I remember.

@guillep2k commented on GitHub (Nov 9, 2019): > > > The `email_notifications_preference` bug was fixed by #8562 Oh, yes, now I remember.
GiteaMirror commented 2025-11-02 05:39:46 -06:00
Author
Owner
Copy Link

@liszca commented on GitHub (Sep 10, 2020):

Just a random thought...
Could be worth to check if the complexity check somehow rejects the password silently when creating a new user with "login with github" and if that leads to all the problems (cant login without github, cant delete user)

Are you sure this can be done when passwords are not in Plain-Text?

@liszca commented on GitHub (Sep 10, 2020): > Just a random thought... > Could be worth to check if the complexity check somehow rejects the password silently when creating a new user with "login with github" and if that leads to all the problems (cant login without github, cant delete user) Are you sure this can be done when passwords are not in Plain-Text?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4132
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?