Gitea-John71/Gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-06-18 16:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6fb96fcfdf1cdc1f89d5f410c2a0dd9d3ddc04dc
Gitea/models/user
History
Lunny Xiao f6e2ca4388 fix(auth): ignore stale OIDC external login links to organizations (#37875) (#38141) 
Backport #37875

This fixes an OIDC sign-in edge case where a stale `external_login_user`
record can still point to an organization or a deleted user.

In that situation, Gitea may keep resolving the external login to the
wrong account during sign-in. For affected instances, this matches the
behavior reported in #36439 and #37812, where a user signing in with
OIDC/Entra ID could appear as an organization, or hit a 404 after that
organization was removed.

- validate the user resolved from `external_login_user` during
OAuth2/OIDC login
- ignore stale links when the linked user no longer exists
- ignore stale links when the linked user is not an individual user
- remove the stale external login row so the sign-in flow can relink the
external account to the correct user

- Fixes #37812
- Related to #36439

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com>
Co-authored-by: bircni <bircni@icloud.com>
2026-06-17 20:19:24 +00:00
..
avatar_test.go
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
avatar.go
Refactor avatar package, support default avatar fallback (#36788)
2026-03-01 13:32:35 +00:00
badge_test.go
Add user badges (#36752)
2026-03-22 15:49:45 +00:00
badge.go
Fix bug when accessing user badges (#37321) (#37329)
2026-04-20 20:11:56 -07:00
block.go
Enable nilnil linter for new code (#36591)
2026-02-16 09:57:18 +00:00
email_address_test.go
Fix a bug user could change another user's primary email (#36586)
2026-02-12 21:34:38 +01:00
email_address.go
Enable nilnil linter for new code (#36591)
2026-02-16 09:57:18 +00:00
error.go
Remove unused KeyID. (#29167)
2024-02-14 12:50:10 -05:00
external_login_user.go
fix(auth): ignore stale OIDC external login links to organizations (#37875) (#38141)
2026-06-17 20:19:24 +00:00
follow_test.go
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
follow.go
Use db.WithTx/WithTx2 instead of TxContext when possible (#35130)
2025-07-22 10:02:01 -07:00
list.go
Correct spelling (#36783)
2026-02-28 11:23:20 -08:00
main_test.go
make writing main test easier (#27270)
2023-09-28 01:38:53 +00:00
must_change_password.go
Refactor error system (#33771)
2025-03-03 05:36:10 +00:00
openid_test.go
Fix openid setting check (#36346)
2026-01-13 12:44:29 +00:00
openid.go
Fix openid setting check (#36346)
2026-01-13 12:44:29 +00:00
redirect_test.go
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
redirect.go
Another round of db.DefaultContext refactor (#27103)
2023-09-25 13:17:37 +00:00
search.go
fix: Unify public-only token filtering in API queries and repo access checks (#37118) (#37773)
2026-05-19 15:38:51 +00:00
setting_options.go
feat: Add configurable permissions for Actions automatic tokens (#36173)
2026-03-21 15:39:47 -07:00
setting_test.go
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
setting.go
feat: Add configurable permissions for Actions automatic tokens (#36173)
2026-03-21 15:39:47 -07:00
user_list.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
user_system_test.go
Make GetPossibleUserByID can handle deleted user (#37430) (#37431)
2026-04-27 00:33:09 +08:00
user_system.go
Refactor ActionsTaskID (#36503)
2026-01-31 22:01:08 -08:00
user_test.go
use proper subaddress (#36639)
2026-02-16 01:42:22 +00:00
user_update.go
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
user.go
fix(packages): Add label for private and internal package and fix composor package source permission check (#37610) (#37643)
2026-05-11 10:36:07 -07:00