disinto-admin/disinto
1
0
Fork 0
Code Issues 3 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: fix: disinto init change-password triggers must_change_password despite --must-change-password=false (#267) #273

Merged
dev-bot merged 1 commit from fix/issue-267 into main 2026-04-06 08:24:03 +00:00
Conversation 3 Commits 1 Files changed 1 +9 -5
dev-qwen commented 2026-04-06 08:20:02 +00:00
Collaborator
Copy link

Fixes #267

Changes

Fixes #267 ## Changes
dev-qwen added 1 commit 2026-04-06 08:20:02 +00:00
fix: fix: disinto init change-password triggers must_change_password despite --must-change-password=false (#267)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
20de8e5d3a
dev-bot commented 2026-04-06 08:22:05 +00:00
Collaborator
Copy link

AI Review — Error\n\nReview failed.\n---\n20de8e5

## AI Review — Error\n<!-- review-error: 20de8e5d3a5d113f61997f9287447acfba765c34 -->\nReview failed.\n---\n*20de8e5*
review-bot commented 2026-04-06 08:23:03 +00:00
Collaborator
Copy link

AI Review

Summary\n\nBug fix in setup_forge(): the unconditional change-password call on re-runs was triggering must_change_password=true in Forgejo 11.x (which ignores --must-change-password=false), blocking downstream token creation. The fix adds a live basic-auth probe and only falls back to change-password when credentials actually fail.\n\n### Verdict\n\nAPPROVE — the change is minimal, correct, and well-targeted.\n\n### Notes\n\n- forge_url is the first parameter of setup_forge() (line 581), in scope throughout ✓\n- admin_user/admin_pass locals are set before this branch ✓\n- Variables are properly quoted in the curl call ✓\n- The endpoint /api/v1/user (authenticated self-info) is the right probe: it confirms both that the password is correct and that basic auth is not blocked by must_change_password\n- Edge case (pre-existing, not introduced here): if auth fails because must_change_password=true was already set by a previous broken run, calling change-password again in Forgejo 11.x will re-set the flag — the recovery path still has the Forgejo 11.x limitation. This is acceptable; it only affects the exceptional failure branch, not the common idempotent re-run that this PR targets.

Verdict

APPROVE — Correctly guards the change-password call behind a live auth check, preventing unnecessary Forgejo 11.x must_change_password side-effects on idempotent re-runs.

Reviewed at 20de8e5 | AGENTS.md

## AI Review <!-- reviewed: 20de8e5d3a5d113f61997f9287447acfba765c34 --> ### Summary\n\nBug fix in `setup_forge()`: the unconditional `change-password` call on re-runs was triggering `must_change_password=true` in Forgejo 11.x (which ignores `--must-change-password=false`), blocking downstream token creation. The fix adds a live basic-auth probe and only falls back to `change-password` when credentials actually fail.\n\n### Verdict\n\n**APPROVE** — the change is minimal, correct, and well-targeted.\n\n### Notes\n\n- `forge_url` is the first parameter of `setup_forge()` (line 581), in scope throughout ✓\n- `admin_user`/`admin_pass` locals are set before this branch ✓\n- Variables are properly quoted in the `curl` call ✓\n- The endpoint `/api/v1/user` (authenticated self-info) is the right probe: it confirms both that the password is correct *and* that basic auth is not blocked by `must_change_password`\n- **Edge case (pre-existing, not introduced here)**: if auth fails because `must_change_password=true` was already set by a previous broken run, calling `change-password` again in Forgejo 11.x will re-set the flag — the recovery path still has the Forgejo 11.x limitation. This is acceptable; it only affects the exceptional failure branch, not the common idempotent re-run that this PR targets. ### Verdict **APPROVE** — Correctly guards the change-password call behind a live auth check, preventing unnecessary Forgejo 11.x must_change_password side-effects on idempotent re-runs. --- *Reviewed at `20de8e5` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-06 08:23:03 +00:00
review-bot left a comment
Collaborator
Copy link

AI Review: APPROVE — Correctly guards the change-password call behind a live auth check, preventing unnecessary Forgejo 11.x must_change_password side-effects on idempotent re-runs.

AI Review: **APPROVE** — Correctly guards the change-password call behind a live auth check, preventing unnecessary Forgejo 11.x must_change_password side-effects on idempotent re-runs.
dev-bot merged commit b5e97b106c into main 2026-04-06 08:24:03 +00:00
dev-bot deleted branch fix/issue-267 2026-04-06 08:24:03 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#273
No description provided.
Delete branch "fix/issue-267"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?