Handle remote federated users in the Gitea database #2
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Feature Description
We have to store federated users in the database somehow. One logical way to do this is to reuse the user table. This is what lunny said about this in the Gitea chat:
@zeripath Any thoughts? Are we going to go ahead and try implementing it that way?
Screenshots
No response
OK, I've finally had some time to think about this.
First thoughts:
User table
As you can see there are a huge number of fields in here which are not associated with Orgs or Federated users.
However, using the User table is probably the only option.
So we need to think about the mapping:
ExternalLoginUser
But we need to remember that too much use of a lot of RawData here may be bad idea as it needs to be unmarshalled. I guess the question is what kind of data we need?
The simpler option would be to create "staged" users when needed, as Discourse does when importing mails authored by people who do not (yet) have account in the forum. A staged user in Gitea could have a special UserType that used to display it differently or be handled in a special way at login / password recoverty. The minimum information it has is either:
so that the account can be retrieved at a later time by the legitimate user. In discourse most of the code associated with those special users revolve around the logic that allows them to retrieve their account in a safe way.
The less complicated problem is to pick a username when staging a user. If the username is already taken, adding a trailing number until there is no conflict works. When the user reclaims their account, they can then pick a username that is available and that is more to their liking.
The other nice thing Discourse does is to transparently turn a "staged" user to a normal user when someone creates an account using the same email. Most people are not aware that data is waiting for them in the forum and they will not think to recover their password on a service that they never used.
Is there a reason why a user would want to retrieve an account on a different instance? I understand why Discourse does this, because Discourse is not federated, but ideally Gitea users will just have one account on a single instance that they use across the federation.
One way to guarentee that the username is unique could be to include the instance as part of the username.
When the user decides that they want to move from one forge to another. Say I'm a happy user of https://gitea.hostea.org which is federated with https://gitea.com. But then, for some reason, I'm no longer interested and I want to use https://gitea.com instead: I retrieve my account there and that's all I have to do.
Does that use case answer your question?
Yes, that sounds like a valid use case. However, the ActivityPub protocol does not allow users to easily move instances, since users are referenced in federation using their username@instance.com. If you move instances, all the other instances will still think you are located at the original instance.
I believe Mastodon implements moving instances using a special
Move
activity that adds a key on the user's Actor object that points to the account on the new instance so other instances know where to look for the moved user.Even if there is no way to move a user, as implemented by Mastodon, it is still very handy for a user to just stop using an account on a given instance and start using another account on another instance. The account on the other instance has been updated continuously, it already has everything and work can resume. There is a lot to do before that actually works as I describe it, but that's what I'd like and it is also a natural side effect of federation.
xy referenced this issue2022-06-14 21:49:03 +00:00