Allow admins to rename non-local users (#35970)

Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user results in an error, even if the requester is an administrator. As far as I can tell, this is a security feature, not architectural in nature, as automatic account linking could be used to take control of another user's account. This is not a concern for an administrator, who we should trust to know what they are doing. This patch allows admins, and only admins, to rename non-local users. Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of) --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-07 13:28:25 +00:00 · 2025-11-23 13:59:55 -07:00
parent 87d5a8507d
commit 688430e3ce
8 changed files with 32 additions and 25 deletions
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -31,17 +31,15 @@ import (
 )

 // RenameUser renames a user
-func RenameUser(ctx context.Context, u *user_model.User, newUserName string) error {
+func RenameUser(ctx context.Context, u *user_model.User, newUserName string, doer *user_model.User) error {
 	if newUserName == u.Name {
 		return nil
 	}

-	// Non-local users are not allowed to change their username.
-	if !u.IsOrganization() && !u.IsLocal() {
-		return user_model.ErrUserIsNotLocal{
-			UID:  u.ID,
-			Name: u.Name,
-		}
+	// Non-local users are not allowed to change their own username, but admins are
+	isExternalUser := !u.IsOrganization() && !u.IsLocal()
+	if isExternalUser && !doer.IsAdmin {
+		return user_model.ErrUserIsNotLocal{UID: u.ID, Name: u.Name}
 	}

 	if err := user_model.IsUsableUsername(newUserName); err != nil {