feat: add option to allow non-local users to change usernames (#8714)

Add a new config option for OAuth2 authentication sources: allow users to change their username. In the case where OAuth2 is more like a social OAuth2 login there's no need to not allow users to change their username. The information how the user is linked to the authentication source is stored in different fields. Resolves forgejo/forgejo#687 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8714 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-08-20 01:11:10 +00:00 · 2025-08-06 20:25:13 +02:00 · 2025-08-06 20:25:13 +02:00 · b51f97e97d
commit b51f97e97d
parent 16a0c97fbf
13 changed files with 119 additions and 17 deletions
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -125,6 +125,10 @@ func oauthCLIFlags() []cli.Flag {
 			Name:  "group-team-map-removal",
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
+		&cli.BoolFlag{
+			Name:  "allow-username-change",
+			Usage: "Allow users to change their username",
+		},
 	}
 }

@ -176,6 +180,7 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source {
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
+		AllowUsernameChange:           c.Bool("allow-username-change"),
 	}
 }

@ -277,6 +282,10 @@ func (a *authService) updateOauth(ctx context.Context, c *cli.Command) error {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}

+	if c.IsSet("allow-username-change") {
+		oAuth2Config.AllowUsernameChange = c.Bool("allow-username-change")
+	}
+
 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}