Users Never Signed-In, yet have repos published #4898

New Issue

GiteaMirror · 2025-11-02T06:06:29-06:00

GiteaMirror commented

2025-11-02 06:06:29 -06:00

Originally created by @sefsh on GitHub (Feb 20, 2020).

Gitea version (or commit ref):
Git version: 1.11.1
Operating system: ubuntu:bionic-20180821
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:
N/A

Description

When I check for users with the Last Sign-In status Never Signed-In, I find users that have published repos on the platform. This shouldn't be possible.

Screenshots

Originally created by @sefsh on GitHub (Feb 20, 2020). - Gitea version (or commit ref): - Git version: 1.11.1 - Operating system: ubuntu:bionic-20180821 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [x] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: N/A ## Description When I check for users with the Last Sign-In status `Never Signed-In`, I find users that have published repos on the platform. This shouldn't be possible. ## Screenshots <img width="764" alt="bild" src="https://user-images.githubusercontent.com/346211/74914376-a1b55d80-53c2-11ea-9830-a7fc2e0c5680.png">

GiteaMirror added the issue/confirmed type/bug labels 2025-11-02 06:06:29 -06:00

GiteaMirror closed this issue

2025-11-02 06:06:29 -06:00

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@jolheiser commented on GitHub (Feb 20, 2020):

Is there a chance someone transferred a repo to this account?
Or that the user created the repo via push-create if enabled before logging in?

@jolheiser commented on GitHub (Feb 20, 2020): Is there a chance someone transferred a repo to this account? Or that the user created the repo via push-create if enabled before logging in?

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@lunny commented on GitHub (Feb 21, 2020):

There is a known issue that if user only push/pull via git, the Last Sign-In didn't update.

@lunny commented on GitHub (Feb 21, 2020): There is a known issue that if user only push/pull via git, the `Last Sign-In` didn't update.

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@rnowak commented on GitHub (Feb 22, 2020):

Chiming in to add that this is also the case if the user authenticates via a header set in REVERSE_PROXY_AUTHENTICATION_USER both for the web interface as well as git interactions over https.

@rnowak commented on GitHub (Feb 22, 2020): Chiming in to add that this is also the case if the user authenticates via a header set in REVERSE_PROXY_AUTHENTICATION_USER both for the web interface as well as git interactions over https. ![2020-02-22 14_26_46-User Accounts](https://user-images.githubusercontent.com/1057534/75093187-f5b97100-557f-11ea-9ff5-3f8e553694cc.png)

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@stale[bot] commented on GitHub (Apr 23, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (Apr 23, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@fnetX commented on GitHub (Apr 7, 2021):

AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone).

@fnetX commented on GitHub (Apr 7, 2021): AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone).

GiteaMirror commented

2025-11-02 06:06:30 -06:00

@zeripath commented on GitHub (Apr 8, 2021):

Ok that's a much simpler bug to fix!

@zeripath commented on GitHub (Apr 8, 2021): Ok that's a much simpler bug to fix!

GiteaMirror commented

2025-11-02 06:06:31 -06:00

@furai commented on GitHub (Apr 10, 2021):

I get the same issue - I have gitea behind reverse proxy and last sign-in doesn't update.
(Also for some reason when I log-in, I get presented with a blank screen until I refresh, and I don't know why.)

@furai commented on GitHub (Apr 10, 2021): I get the same issue - I have gitea behind reverse proxy and last sign-in doesn't update. (Also for some reason when I log-in, I get presented with a blank screen until I refresh, and I don't know why.)

GiteaMirror commented

2025-11-02 06:06:31 -06:00

@zeripath commented on GitHub (Apr 10, 2021):

AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone).

I think that that this has been patrially fixed already in 1.14+ probably earlier (excepting potentially ReverseProxy)

SetLastLogin() does not appear to be called on API logins. Is it possible therefore that these are creations from the API?

@zeripath commented on GitHub (Apr 10, 2021): > AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone). I think that that this has been patrially fixed already in 1.14+ probably earlier (excepting potentially ReverseProxy) `SetLastLogin()` does not appear to be called on API logins. Is it possible therefore that these are creations from the API?

GiteaMirror commented

2025-11-02 06:06:31 -06:00

@zeripath commented on GitHub (Apr 10, 2021):

I get the same issue - I have gitea behind reverse proxy and last sign-in doesn't update.
(Also for some reason when I log-in, I get presented with a blank screen until I refresh, and I don't know why.)

This should be fixed by #15304

@zeripath commented on GitHub (Apr 10, 2021): > I get the same issue - I have gitea behind reverse proxy and last sign-in doesn't update. > (Also for some reason when I log-in, I get presented with a blank screen until I refresh, and I don't know why.) This should be fixed by #15304

GiteaMirror commented

2025-11-02 06:06:31 -06:00

@wolfogre commented on GitHub (Nov 9, 2022):

AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone).

The case should be fixed by #21731.

@wolfogre commented on GitHub (Nov 9, 2022): > AFAICT this is also the case if a user registers and does actions within pers first session (this also explains how a user could create a repo which is not possible with push / pull alone). The case should be fixed by #21731.

GiteaMirror referenced this issue

2025-11-02 07:10:40 -06:00

Code review feature #6903

GiteaMirror referenced this issue

2025-11-02 09:09:11 -06:00

[usability] In Pull Request view, commenting on changed lines is confusing #10489

GiteaMirror referenced this issue

2025-11-02 09:09:12 -06:00

[usability] In Pull Request view, commenting on changed lines is confusing #10489

GiteaMirror referenced this issue

2025-11-02 09:36:22 -06:00

Feature: Add Comments for Commit #11390