Skip to content

🐛 Bug: OAuth provider toggles (GitHub, Google, GitLab) silently fail because IS_*_ENABLED rows are never seeded #8739

New issue
New issue
Open
#8740
Open
🐛 Bug: OAuth provider toggles (GitHub, Google, GitLab) silently fail because IS_*_ENABLED rows are never seeded#8739
#8740
@rucoder

Description

@rucoder
rucoder
opened on Mar 9, 2026

Description

The configure_instance management command uses an all-or-nothing check when seeding OAuth IS_*_ENABLED flags. Because IS_GITEA_ENABLED is already seeded by instance_config_variables in the first loop of the command, the exists() check on line 44 always returns True, and IS_GITHUB_ENABLED, IS_GOOGLE_ENABLED, and IS_GITLAB_ENABLED are never created in the database.

Root cause

keys = ["IS_GOOGLE_ENABLED", "IS_GITHUB_ENABLED", "IS_GITLAB_ENABLED", "IS_GITEA_ENABLED"]
if not InstanceConfiguration.objects.filter(key__in=keys).exists():
    # create all four ...
else:
    for key in keys:
        self.stdout.write(self.style.WARNING(f"{key} configuration already exists"))

IS_GITEA_ENABLED is defined in gitea_config_variables (in instance_config_variables) and gets seeded by the get_or_create loop earlier in handle(). So filter(key__in=keys).exists() is always True, and the else branch runs — printing "already exists" for all four keys even though three of them don't exist.

Consequence

When an admin configures GitHub/Google/GitLab OAuth in God Mode and toggles the provider on:

  1. The frontend PATCHes /api/instances/configurations/ with {"IS_GITHUB_ENABLED": "1"}
  2. The backend does InstanceConfiguration.objects.filter(key__in=request.data.keys()) which returns an empty queryset (the row doesn't exist)
  3. bulk_update updates zero rows
  4. The endpoint returns 200 OK with an empty list — no error
  5. The toggle appears to succeed but reverts on page reload
  6. The provider never shows up on the login page

Steps to reproduce

  1. Self-host Plane v1.2.3 (fresh install, no OAuth env vars)
  2. Go to God Mode → Authentication → GitHub → Configure
  3. Enter valid GitHub OAuth Client ID and Client Secret, save
  4. Go back to Authentication page, toggle GitHub on
  5. Toggle appears to enable but reverts on refresh
  6. GitHub login button never appears on the login page

Expected behavior

Each IS_*_ENABLED flag should be seeded independently so that the existence of one doesn't prevent creation of the others.

Environment

  • Plane version: v1.2.3 (also present on current preview branch)
  • Deployment: Self-hosted Docker Compose

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions