Lauris BH

> What's the expectation? Should it be allowed to redirect to the real repository or should it return the 404? Previously it allowed to push to old remote url and...

I hope the public does not mean unauthenticated for private instances? 🤔

> Or maybe I misunderstood your question? I mean it should be still inaccessible if gitea instance is set to always require authentication (`REQUIRE_SIGNIN_VIEW=true`)

PR title should be fixed that as it is quite misleading "unauthenticated access"

I can't really replicate this problem, even with multiple auth sources using MS AD I have no such behavior. Could be that this is because username field is not set?...

probably should also review/fix current warnings before merging this?