mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-16 04:42:51 -05:00
Allow to disable local login #6334
Closed
opened 2025-11-02 06:52:53 -06:00 by GiteaMirror
·
29 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#6334
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @n0emis on GitHub (Nov 17, 2020).
Description
When using gitea in an environent (e.g. corporate deployment) when SSO login is required, it would be nice to have a way to disable local login, to not have a confusing login-page, which can't be used.
A nice extra would be that, when only one authentication-source is configured, clicking on the "Sign in" button on the header automatically redirects to the IdP/SSO.
@darkguy2008 commented on GitHub (Oct 20, 2021):
+1. 1 year and still no response from the Gitea team. For how long we'll be waiting? This request is pretty valid.
@jolheiser commented on GitHub (Oct 20, 2021):
Unfortunately none of us are paid to work on Gitea, we are all volunteers.
You are more than welcome to send in a PR for us to review. 🙂
Alternatively, putting a bounty on an issue has worked to get things done more quickly in the past.
@darkguy2008 commented on GitHub (Oct 20, 2021):
Oh, fair enough. I'll try to give it a shot, I'm starting to move from GitLab and I'm in the process of securing everything first.
I think a bounty could be useful for this too, it's a good idea to disable local logins once you've set up another authentication mechanism. If something fails you still have
gitea adminjust in case :)@wxiaoguang commented on GitHub (Oct 20, 2021):
@darkguy2008 we are facing the same problem I think. Just share some background here:
The login module of Gitea is quite complex, and it is more complex now because more options are introduced like
skip local 2fa.I just proposed a PR about Enforce 2FA (https://github.com/go-gitea/gitea/pull/16880) but it seems difficult to be merged into main branch, so I just use my patch for my private server.
To resolve the login problems fundamentally, I think we should make a global plan and design first, otherwise many features may conflict or may bring security risks.
Maybe we also need a leader for login related features. 😊
@mrmelon54 commented on GitHub (Dec 9, 2021):
This sounds very useful maybe I'll work on it in the near future?
@ranomier commented on GitHub (Jan 16, 2022):
Maybe just add a option to hide it and put it on a different URL.
So its still available but most users wont see it.
@dodedodo commented on GitHub (Feb 7, 2023):
In the meantime, you could use an http redirect from
/user/login*to gitea's sso login url. In my case (traefik, authentik and gitea) the redirect rule looks like this:/Authentik-oidis the name i've assigned to gitea's authentication provider.I imagine this would work for other webservers and reverse proxies as well.
@techknowlogick commented on GitHub (Feb 7, 2023):
@dodedodo For authentik are you using the oidc connector for gitea logins ?
@dodedodo commented on GitHub (Feb 8, 2023):
@techknowlogick Yes I am. There's a very detailed guide in the authentik documentation.
@techknowlogick commented on GitHub (Feb 8, 2023):
@dodedodo oh wow. Thanks for linking that <3
@mrmelon54 commented on GitHub (Feb 8, 2023):
Really surprised I didn't think of using a redirect on my reverse proxy. Thanks 👍
@mcrapts commented on GitHub (Feb 22, 2023):
Thank you, this works. For anyone using Caddy, I did it like this:
Authelia is the name of the authentication provider I configured in Gitea, change it accordingly.
@nrdev88 commented on GitHub (May 16, 2023):
For anyone using NGINX as a proxy, use this:
Or at
serverlevel of course.@grachevko commented on GitHub (May 17, 2023):
Sign Out -> Homepage -> Login -> Again Logged In )
@nrdev88 commented on GitHub (May 17, 2023):
What's your point? Be clear please.
@grachevko commented on GitHub (May 17, 2023):
Can't sign out, instant redirect by chain above
@lukaslangrock commented on GitHub (May 18, 2023):
If you mean that, when you manually click on login, you are automatically logged in without needing to do anything, then that's normal. You are still logged in with your oauth2 provider and thus, when you go to the login page and are getting redirected to
/user/oauth2/<configname>, gitea will send you off to the corresponding oauth2 provider, who will then (most likely) authenticate you without requiring interaction, since you are logged in there and have previously authenticated to gitea before.So by the process of logging out of gitea and then clicking login, you will most likely, unless your auth provider is set up to always ask you for permission, be logged in without needing to do anything.
If you wish that logging out of gitea will require entering a password etc. to log back in, you need to log out of your oauth2 provider too. oauth2 can do this automatically, but it seems like gitea does not fully support that yet. See #14270.
I am still a noob when it comes to oauth2 and that whole realm, so I might be totally wrong here. The way I described it is the way it works on my server.
@tuxmainy commented on GitHub (Jun 11, 2023):
Works like a charm. Might not be an option if you use multiple OAuth2/OpenID providers.
@rodude123 commented on GitHub (Jul 5, 2023):
How would you do this for apache2, can't seem to figure it out
I've got is this
@pat-s commented on GitHub (Aug 3, 2023):
Here's a resource definition for k8s
@joestump commented on GitHub (Nov 13, 2023):
For anyone using Nginx Proxy Manager you can add the following in the Advanced tab of your Proxy Host:
@zc-devs commented on GitHub (Feb 23, 2024):
Gitea 1.21.5, Keycloak 23.0.7, Traefik 2.10.5, Kubernetes.
Gitea is configured with Authentication Source:
@codejanovic commented on GitHub (Jun 12, 2024):
@tuxmainy Theres a tiny typo in your second label, the dot is missing. Got confused because it did not work properly in my project
@flotpg commented on GitHub (Jul 6, 2024):
Hi and thanks for all your suggestions.

I opened #31573 and try to use your @nrdev88 solution with nginx but I get a 500 when clicking on sing-in button in the upper right corner:
Any idea?
Much appreciated :)
Thanks and best regards, Flo.
@flotpg commented on GitHub (Jul 6, 2024):
Looks like it works with redirect instead of last (don't know what last does).
rewrite ^/user/login*$ /user/oauth2/TPG%20Account redirect;Regards, Flo.
@kdumontnu commented on GitHub (Jul 9, 2024):
Closed by https://github.com/go-gitea/gitea/pull/31535
@kdumontnu commented on GitHub (Jul 9, 2024):
I was mistaken - this isn't fully closed, but there should now be enough supporting code that implementing this would not be too difficult if someone wants to take this on.
@AleXoundOS commented on GitHub (Aug 7, 2024):
@flotpg, I faced the same issue with
rewrite ^/user/login.*$ /user/oauth2/configname last;literally (notice obviously incorrectconfigname). But once I changed the line torewrite ^/user/login.*$ /user/oauth2/OAUTH last;it began to work as intended. In my caseOAUTHis the name used ingitea admin auth add-oauth --name OAUTH... So, maybe your login provider name was incorrect.@wxiaoguang commented on GitHub (Dec 1, 2024):
Let's do this: Allow to disable the password-based login form #32687