-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fill basic info for users auto-created using a reverse proxy #2498
Comments
Thanks your feedback! |
Also, it might be a good idea to be able to set a default identification provider for newly created users, in case the user that was auto created comes from an identification provider known to Gogs (a LDAP server, maybe). This way, you would be able to provision automatically all user details I think the best approach would be, in case a new user unknown to Gogs just authenticated using headers, to search for this user in the configured authentication providers, and if the user is not found fallback to what Gogs already does: create a local user with a randomly generated password and mail. The bonus point would be a setting to tell gogs if a user can not be found in the authentication backend, to refuse the login, but it's not really necessary in a first iteration |
Thanks for your comments! Just want to point out that the basic rule of this feature is: everything come from header is valid, no check process should be performed by Gogs. This is my understanding... |
We've started to use Gogs for our team's code archive, and this feature would be great! While we could use an LDAP source for the extra user identity data, getting the core fields from headers provided by the Auth proxy would be fine for us (and simpler). |
I'd greatly prefer to keep everything inside GOGS; it's nice that accounts are now autocreated but they are indeed missing the name and e-mail fields currently. It would be nice to have a "default provider" for that (i.e. a configured LDAP auth backend), and have it pull the user's data from that backend upon creation. I think we'll make do for now with an outside script that fills in missing data for e-mails ending in @localhost. |
having a setting to define the default created passwords would help
or
|
Gitea allows autocreation of account from external source after successful basic auth but not after successful reverse proxy auth. This mod adds such feature. Unfortunaltely gitea does not sync all user attributes from LDAP for existing users on login like cron.sync_external_users does so changes of first name, surname, e-mail are not updated from LDAP on login for exiting users - only after first login and after sync_external_users task. Related: gogs/gogs#2498 Author-Change-Id: IB#1104925
LDAP account synchronization added after reverse proxy authentication. Related: gogs/gogs#2498 Author-Change-Id: IB#1104925
Fixed LDAP account synchronization after reverse proxy authentication when user already exits. Related: gogs/gogs#2498 Author-Change-Id: IB#1104925
Gitea allows autocreation of account from external source after successful basic auth but not after successful reverse proxy auth. This mod adds such feature. Unfortunaltely gitea does not sync all user attributes from LDAP for existing users on login like cron.sync_external_users does so changes of first name, surname, e-mail are not updated from LDAP on login for exiting users - only after first login and after sync_external_users task. Related: gogs/gogs#2498 Author-Change-Id: IB#1104925
As quoted from #165 :
Greetings @unknwon !
I would also be interested in having a way to have a way to fill basic info about the user auto-created by ENABLE_REVERSE_PROXY_AUTO_REGISTRATION.
As said by previous commenters, it could either be passed using http headers, or if available using a configured LDAP provider (this is what others application usually do when applicable)
The use case is simple: I would love to at least have the correct mail for the user so he/she does not have to redefine profile info after initial login. (it is needed for mails to be sent in case of updates and having to redefine it is tedious especially when the info is actually already available somewhere)
The user first name / last name would be a bonus (if possible, but the mail is more important)
I'll be around if you need precisions :)
The text was updated successfully, but these errors were encountered: