Skip to content

Add post-installation redirect based on admin account status #34493

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from

Conversation

kerwin612
Copy link
Member

This PR adds a feature to direct users to appropriate pages after system installation:

  • If no admin credentials were provided during installation, redirect to the registration page with a prominent notice about creating the first administrative account
  • If admin credentials were already set, redirect directly to the login page

4d396ad132d9b57fc4f45a62117177f1

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 17, 2025
@github-actions github-actions bot added modifies/translation modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files modifies/frontend labels May 17, 2025
@kerwin612 kerwin612 requested review from kemzeb and wxiaoguang May 22, 2025 08:52
@kerwin612 kerwin612 requested a review from a team June 1, 2025 05:29
Copy link
Member

@kemzeb kemzeb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't speak on frontend design, but otherwise this looks good to me.

Was iffy about the HasUsers() calls ignoring DB errors, but after further reading it seems the worst that can happen is:

  • User accesses sign up page (or completes the install config if they're on the install page)
  • A DB error occurs
  • Server sends sign up page + the sign_up_tip message to the user

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jun 7, 2025
Copy link
Member

@denyskon denyskon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 8, 2025
@denyskon denyskon added type/enhancement An improvement of existing functionality topic/ui-interaction Change the process how users use Gitea instead of the visual appearance labels Jun 8, 2025
@@ -421,6 +421,7 @@ remember_me.compromised = The login token is not valid anymore which may indicat
forgot_password_title= Forgot Password
forgot_password = Forgot password?
need_account = Need an account?
sign_up_tip = You are registering the first account in the system. Please carefully remember your username and password, as losing this information could cause significant inconvenience later.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is an unclear message. For example: why the "first account" is special? What "significant inconvenience" would happen? If it is not clean, it only confuses or frightens end users.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's see if the new tip is appropriate.

@wxiaoguang
Copy link
Contributor

And also please review admin related bug fix: Fix last admin check when syncing users #34649

@@ -421,6 +421,7 @@ remember_me.compromised = The login token is not valid anymore which may indicat
forgot_password_title= Forgot Password
forgot_password = Forgot password?
need_account = Need an account?
sign_up_tip = You are registering the first account in the system, which has administrator privileges. Please carefully remember your username and password, as forgetting these credentials may require system reset and reinitialization.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as forgetting these credentials may require system reset and reinitialization.

That's not true, site admin can use gitea CLI to reset user password

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are registering the first account in the system. Please remember your username and password, as this account typically has administrative privileges. How about this? Is it okay?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imo the wording is fine..? If the sysadmin and the first registered user are not the same person (e.g. as a SaaS platform without terminal access), the first registered user may not be able to access the gitea cli.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the first registered user may not be able to access the gitea cli.

  • Why they can't contact their site admin with CLI access?
  • If the "first" user doesn't have CLI access, then how could they do "system reset and reinitialization" as the message says if they forget password?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

e.g. as a SaaS platform without terminal access

As a SaaS platform, isn't there a separate instance management console to help to reset the password? For example, gitea cloud?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can require the account creation in the web installation UI? So that this PR could be closed. :(

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have a complete and feasible plan? For example: some users use the "install" page, while some others don't, they just prepare the app.ini manually and set INSTALL_LOCK=true?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. There are only two ways to install Gitea.
If we changed the rule that the first user is admin. Then for web installation, an admin account creation should be required. For command line installation, they have to create the first user from command line gitea admin instead of registering the first account from web UI.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does helmchart also work this way?

Copy link
Contributor

@ChristopherHX ChristopherHX Jun 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does helmchart also work this way?

You can make the helmchart skip admin user creation from CLI

Yes by default yes it follows the cli setup and admin creation from gitea admin, but it seems to be currently possible to change your values.yml to set the admin username/password to an empty string instead of using the preset admin username & password.

In that case you could indeed end up in a without admin user state in the helm chart and have to attach via kubectl to the gitea container for the admin account, but you can just update the admin password / create the admin later as well by redeploying/updating the helmchart.

Ref: https://gitea.com/gitea/helm-gitea/src/commit/0d532363ebef69e2baedbb8b9370519b373b5394/templates/gitea/init.yaml#L82, https://gitea.com/gitea/helm-gitea/src/commit/0d532363ebef69e2baedbb8b9370519b373b5394/values.yaml#L353

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/frontend modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files modifies/translation topic/ui-interaction Change the process how users use Gitea instead of the visual appearance type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants