Skip to content

Fix incorrect setting loading order#36735

Merged
wxiaoguang merged 1 commit intogo-gitea:mainfrom
wxiaoguang:fix-cfg-install-lock
Feb 24, 2026
Merged

Fix incorrect setting loading order#36735
wxiaoguang merged 1 commit intogo-gitea:mainfrom
wxiaoguang:fix-cfg-install-lock

Conversation

@wxiaoguang
Copy link
Copy Markdown
Contributor

@wxiaoguang wxiaoguang commented Feb 24, 2026

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 24, 2026
@github-actions github-actions bot added the modifies/go Pull requests that update Go code label Feb 24, 2026
This was referenced Feb 24, 2026
Open
Merged
@wxiaoguang wxiaoguang added type/bug skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Feb 24, 2026
@wxiaoguang wxiaoguang added this to the 1.26.0 milestone Feb 24, 2026
@silverwind silverwind requested a review from Copilot February 24, 2026 09:16
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a bug in the settings loading order where InstallLock was being loaded too late in the sequence. The loadOAuth2From function checks the InstallLock variable to determine whether to generate and save JWT secrets, but InstallLock was previously being set inside loadSecurityFrom, which runs AFTER loadOAuth2From. This meant that loadOAuth2From would always see InstallLock as false/uninitialized, causing incorrect behavior.

Changes:

  • Move InstallLock initialization to the beginning of loadCommonSettingsFrom before any other load functions
  • Remove duplicate InstallLock assignment from loadSecurityFrom
  • Update test to properly set INSTALL_LOCK in config and remove redundant direct assignment

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
modules/setting/setting.go Moved InstallLock initialization to the start of loadCommonSettingsFrom (line 112) with explanatory comment
modules/setting/security.go Removed duplicate InstallLock assignment that was causing the incorrect loading order
modules/base/tool_test.go Updated test to include INSTALL_LOCK in config and removed direct InstallLock assignment that was masking the bug

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wxiaoguang wxiaoguang mentioned this pull request Feb 24, 2026
Closed
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 24, 2026
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 24, 2026
@wxiaoguang wxiaoguang merged commit 75efc51 into go-gitea:main Feb 24, 2026
30 checks passed
@wxiaoguang wxiaoguang deleted the fix-cfg-install-lock branch February 24, 2026 15:46
zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 25, 2026
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
725a936 
* giteaofficial/main:
  Fix path resolving (go-gitea#36734)
  [skip ci] Updated translations via Crowdin
  Fix track time list permission check (go-gitea#36662)
  Fix incorrect setting loading order (go-gitea#36735)
  Use case-insensitive matching for Git error "Not a valid object name" (go-gitea#36728)
  feat: Add workflow dependencies visualization (go-gitea#36248)
silverwind added a commit to silverwind/gitea that referenced this pull request Feb 26, 2026
@silverwind
Merge branch 'main' into dropdowncss
0be7aea 
* main: (24 commits)
  Instance-wide (global) info banner and maintenance mode (go-gitea#36571)
  Add created_by filter to SearchIssues (go-gitea#36670)
  Inline and lazy-load EasyMDE CSS, fix border colors (go-gitea#36714)
  Fix release draft access check logic (go-gitea#36720)
  Change image transparency grid to CSS (go-gitea#36711)
  Avoid opening new tab when downloading actions logs (go-gitea#36740)
  Add validation constraints for repository creation fields (go-gitea#36671)
  Fix SVG height calculation in diff viewer (go-gitea#36748)
  Fix path resolving (go-gitea#36734)
  [skip ci] Updated translations via Crowdin
  Fix track time list permission check (go-gitea#36662)
  Fix incorrect setting loading order (go-gitea#36735)
  Use case-insensitive matching for Git error "Not a valid object name" (go-gitea#36728)
  feat: Add workflow dependencies visualization (go-gitea#36248)
  Add keyboard shortcuts for repository file and code search (go-gitea#36416)
  Refactor text utility classes to Tailwind CSS (go-gitea#36703)
  Prevent redirect bypasses via backslash-encoded paths (go-gitea#36660)
  Fix force push time-line commit comments of pull request (go-gitea#36653)
  Fix get release draft permission check (go-gitea#36659)
  Move `X_FRAME_OPTIONS` setting from `cors` to `security` section (go-gitea#30256)
  ...

# Conflicts:
#	web_src/css/base.css
#	web_src/css/index.css
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lunny lunny lunny approved these changes

@silverwind silverwind silverwind approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. type/bug

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

5 participants

@wxiaoguang @lunny @silverwind @GiteaBot