Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup #16564
Labels
No Label
backport/done
backport/v1.0
backport/v1.1
backport/v1.10
backport/v1.11
backport/v1.12
backport/v1.13
backport/v1.14
backport/v1.15
backport/v1.2
backport/v1.3
backport/v1.4
backport/v1.5
backport/v1.6
backport/v1.7
backport/v1.8
backport/v1.9
bounty
changelog
dependencies
frontport/done
frontport/main
good first issue
Hacktoberfest
hacktoberfest-accepted
in progress
kind/api
kind/breaking
kind/bug
kind/build
kind/deployment
kind/deprecated
kind/docs
kind/enhancement
kind/feature
kind/lint
kind/misc
kind/moderation
kind/package
kind/proposal
kind/question
kind/refactor
kind/regression
kind/security
kind/summary
kind/testing
kind/translation
kind/ui
kind/upstream-related
kind/usability
kind/ux
lgtm/done
lgtm/need 1
lgtm/need 2
performance/bigrepo
performance/cpu
performance/memory
performance/speed
priority/critical
priority/low
priority/maybe
priority/medium
proposal/rejected
reviewed/confirmed
reviewed/duplicate
reviewed/fixed
reviewed/invalid
reviewed/not-a-bug
reviewed/wontfix
skip-changelog
stale
status/blocked
status/needs-feedback
status/wip
theme/2fa
theme/authentication
theme/avatar
theme/backup-restore
theme/docker
theme/federation
theme/issues
theme/kanban
theme/markdown
theme/migration
theme/mobile
theme/pr
theme/signing
theme/sqlite
theme/timetracker
theme/webhook
theme/wiki
No Milestone
No project
No Assignees
2 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: lunny/gitea#16564
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "fix-16096-re-attempt-oauth2-registration-and-lock"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR has two parts:
The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races
If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
Fix #16096
These codes added here to allow Gitea start up when some auth sources take down temporarily.
Yes.
The proposed changes in the Auth and Callback handlers allow us to stop auto disabling and reattempt to register at login time if registration failed at startup.
(But you've reminded me I need to recheck GetProviders once we have the hard lock to prevent double registration.)
If that "second" attempt at registration fails again then the user will be presented with a 500 page - but it genuinely is an internal server error at that point - although I fully expect that there will be complaints about that too.
(Hopefully such complaints would actually come with logs so we could at least attempt to present a nicer error page.)
Actually we're ok from the double register PoV but the issue is that RegisterSource could be somewhat slow so users may double/triple attempt to login. Will have a think.
Hmm... looking at routers/web/user/auth.go:582 and the changes made by #14116 resetting is actually already handled.
So I'll let #14116 handle the re-registration attempt.