Adding users with the same name as an already existing organization fails

[plafue]

Component

server

Describe the bug

When adding a user, an organization with their name is stored. If an organization with the same name already exists (e.g. when one of the repos of the user-to-be has already been added to woodpecker) this operation fails.

The problematic code does not check if the organization already exists, it attempts to store the organization, which results in a unique constraint violation on the orgs table, which the user gets to see.

Steps to reproduce

1. Install and configure fogejo, with an admin user and an additional user
2. Create a repo in the main user's account and in the additional user's account
3. Install woodpecker and configure the integration with forgejo
4. Enable the secondary user's repo in woodpeckers ui
5. Attempt now to add the additional user as a woodpecker user

Expected behavior

The user can be added to woodpecker without problems

System Info

{"source":"https://github.com/woodpecker-ci/woodpecker","version":"2.8.2"}


```yaml
services:
  woodpecker-server:
    image: woodpeckerci/woodpecker-server:v2.8.2
    ports:
      - 8000:8000
    volumes:
      - /woodpecker/data:/var/lib/woodpecker:rw
    environment:
      - WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true
      - WOODPECKER_OPEN=false
      - WOODPECKER_ADMIN=admin
      - WOODPECKER_FORGEJO_CLIENT=__________________________
      - WOODPECKER_FORGEJO=true
      - WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0
      - WOODPECKER_HOST=https://woodpecker
      - WOODPECKER_FORGEJO_URL=https://forgejo
      - WOODPECKER_FORGEJO_SECRET=__________________________

  woodpecker-agent:
    image: woodpeckerci/woodpecker-agent:v2.8.2
    command: agent
    restart: always
    depends_on:
      - woodpecker-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - WOODPECKER_SERVER=woodpecker-server:9000
      - WOODPECKER_AGENT_SECRET=___________
      - WOODPECKER_AUTHENTICATE_PUBLIC_REPOS=true

### Additional context

_No response_

### Validations

- [X] Read the [docs](https://woodpecker-ci.org/docs/intro).
- [X] Check that there isn't [already an issue](https://github.com/woodpecker-ci/woodpecker/issues) that reports the same bug to avoid creating a duplicate.
- [X] Checked that the bug isn't fixed in the `next` version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]

[pat-s]

e.g. when one of the repos of the user-to-be has already been added to woodpecker

You mean when an instance admin or another user with repo access enabled he repo before the actual owning user has been registered as a user? Yes, that makes sense. This is indeed a bug then.

If there is a full match for a user and an existing org, I think we should just grant full permissions on the org.

Right now I can't think of an edge case where this would not be the right task. Also in terms of security this should not be exploitable as users/namespaces cannot easily be taken over?

[TibixDev]

I'm having the same issue after trying to setup Woodpecker with Gitea. I added a repo that the user-to-be owns, he tried to login afterwards to Woodpecker and got the same exact error. Deleting all repos by him on Woodpecker does not fix this problem.

[plafue]

You mean when an instance admin or another user with repo access enabled he repo before the actual owning user has been registered as a user? Yes, that makes sense. This is indeed a bug then.

@pat-s yes, that is correct. In my opinion, as long as the order of these two events (adding repos and adding users) is not somewhat enforced, I would say this is a bug.

Also it seems this error is non-recoverable, as also reported by @TibixDev (in my case I threw away the DB and started anew).