Member in "Owners" Team of priv. Org. "unauthorized" to clone repository

[theAkito]

• Gitea version (or commit ref): ef798d4b8
• Git version: 2.20.1
• Operating system:

Component	Version
Kernel	4.19.0-8-amd64 x86_64
Distro	Debian GNU/Linux 10 (buster)

• Database (use [x]):
  • [x] PostgreSQL
  • [ ] MySQL
  • [ ] MSSQL
  • [ ] SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • [ ] Yes (provide example URL)
  • [ ] No
  • [x] Not relevant
• Log gist:

  [Macaron] 2020-02-28 11:49:36: Completed GET /PrivOrg/private-repository.git/info/refs?service=git-upload-pack 401 Unauthorized in 3.725303ms
  [Macaron] 2020-02-28 11:49:44: Started GET /PrivOrg/private-repository.git/info/refs?service=git-upload-pack for 127.0.0.1
  [Macaron] 2020-02-28 11:49:44: Completed GET /PrivOrg/private-repository.git/info/refs?service=git-upload-pack 401 Unauthorized in 4.753956ms
  [Macaron] 2020-02-28 11:49:45: Started GET /PrivOrg/private-repository.git/info/refs?service=git-upload-pack for 127.0.0.1
  [Macaron] 2020-02-28 11:49:45: Completed GET /PrivOrg/private-repository.git/info/refs?service=git-upload-pack 302 Found in 82.21435ms

Description

Step by step:

1. Create new user.
2. Create private Organisation.
3. Create private repository within private Organisation.
4. Add new user from step 1 to Owners Team of Organisation (does not matter which Team, it never works).
5. Try to clone or pull private repository of private organisation with credentials of user from step 1.

6. git clone https://
   Cloning into ''...
   Username for ''
   Password for ''
   fatal: https://domain.tld/PrivOrg/private-repository.git/info/refs not valid: is this a git repository?

7. Will always fail, even if new user is Admin of everything.
8. See log for unauthorized entries...

Note

• Tried with very old, current and very new Git clients. All show the same error.
• Everything works when using original Gitea Admin account.

[theAkito]

User has to sign into Web UI and manually change password himself, to let it be "valid". Then everything works again.

It would be nice, if there was a better error message or if there was a possibility to disable forced manual change of user's password (maybe if sign-in is disabled? I don't know).