Reduce usage of db.DefaultContext (#27073)

Part of #27065

This reduces the usage of `db.DefaultContext`. I think I've got enough
files for the first PR. When this is merged, I will continue working on
this.

Considering how many files this PR affect, I hope it won't take to long
to merge, so I don't end up in the merge conflict hell.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

services/auth/basic.go

@@ -123,7 +123,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	}
 
 	log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
-	u, source, err := UserSignIn(uname, passwd)
+	u, source, err := UserSignIn(req.Context(), uname, passwd)
 	if err != nil {
 		if !user_model.IsErrUserNotExist(err) {
 			log.Error("UserSignIn: %v", err)

services/auth/interface.go

@@ -33,7 +33,7 @@ type Method interface {
 
 // PasswordAuthenticator represents a source of authentication
 type PasswordAuthenticator interface {
-	Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
+	Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)
 }
 
 // LocalTwoFASkipper represents a source of authentication that can skip local 2fa

services/auth/reverseproxy.go

@@ -164,7 +164,7 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
 		IsActive: util.OptionalBoolTrue,
 	}
 
-	if err := user_model.CreateUser(user, &overwriteDefault); err != nil {
+	if err := user_model.CreateUser(req.Context(), user, &overwriteDefault); err != nil {
 		// FIXME: should I create a system notice?
 		log.Error("CreateUser: %v", err)
 		return nil

services/auth/signin.go

@@ -4,6 +4,7 @@
 package auth
 
 import (
+	"context"
 	"strings"
 
 	"code.gitea.io/gitea/models/auth"
@@ -20,14 +21,14 @@ import (
 )
 
 // UserSignIn validates user name and password.
-func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
+func UserSignIn(ctx context.Context, username, password string) (*user_model.User, *auth.Source, error) {
 	var user *user_model.User
 	isEmail := false
 	if strings.Contains(username, "@") {
 		isEmail = true
 		emailAddress := user_model.EmailAddress{LowerEmail: strings.ToLower(strings.TrimSpace(username))}
 		// check same email
-		has, err := db.GetEngine(db.DefaultContext).Get(&emailAddress)
+		has, err := db.GetEngine(ctx).Get(&emailAddress)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -49,7 +50,7 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro
 	}
 
 	if user != nil {
-		hasUser, err := user_model.GetUser(user)
+		hasUser, err := user_model.GetUser(ctx, user)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -69,7 +70,7 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro
 				return nil, nil, smtp.ErrUnsupportedLoginType
 			}
 
-			user, err := authenticator.Authenticate(user, user.LoginName, password)
+			user, err := authenticator.Authenticate(ctx, user, user.LoginName, password)
 			if err != nil {
 				return nil, nil, err
 			}
@@ -100,7 +101,7 @@ func UserSignIn(username, password string) (*user_model.User, *auth.Source, erro
 			continue
 		}
 
-		authUser, err := authenticator.Authenticate(nil, username, password)
+		authUser, err := authenticator.Authenticate(ctx, nil, username, password)
 
 		if err == nil {
 			if !authUser.ProhibitLogin {

services/auth/source/db/authenticate.go

@@ -4,9 +4,9 @@
 package db
 
 import (
+	"context"
 	"fmt"
 
-	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -43,7 +43,7 @@ func (err ErrUserPasswordInvalid) Unwrap() error {
 }
 
 // Authenticate authenticates the provided user against the DB
-func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
+func Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error) {
 	if user == nil {
 		return nil, user_model.ErrUserNotExist{Name: login}
 	}
@@ -61,7 +61,7 @@ func Authenticate(user *user_model.User, login, password string) (*user_model.Us
 		if err := user.SetPassword(password); err != nil {
 			return nil, err
 		}
-		if err := user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+		if err := user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 			return nil, err
 		}
 	}

services/auth/source/db/source.go

@@ -4,6 +4,8 @@
 package db
 
 import (
+	"context"
+
 	"code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 )
@@ -23,8 +25,8 @@ func (source *Source) ToDB() ([]byte, error) {
 
 // Authenticate queries if login/password is valid against the PAM,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
-	return Authenticate(user, login, password)
+func (source *Source) Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error) {
+	return Authenticate(ctx, user, login, password)
 }
 
 func init() {

services/auth/source/ldap/source_authenticate.go

@@ -4,12 +4,12 @@
 package ldap
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 	auth_module "code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/util"
@@ -19,7 +19,7 @@ import (
 
 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
+func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	loginName := userName
 	if user != nil {
 		loginName = user.LoginName
@@ -33,11 +33,11 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
 
 	// Update User admin flag if exist
-	if isExist, err := user_model.IsUserExist(db.DefaultContext, 0, sr.Username); err != nil {
+	if isExist, err := user_model.IsUserExist(ctx, 0, sr.Username); err != nil {
 		return nil, err
 	} else if isExist {
 		if user == nil {
-			user, err = user_model.GetUserByName(db.DefaultContext, sr.Username)
+			user, err = user_model.GetUserByName(ctx, sr.Username)
 			if err != nil {
 				return nil, err
 			}
@@ -55,7 +55,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 				cols = append(cols, "is_restricted")
 			}
 			if len(cols) > 0 {
-				err = user_model.UpdateUserCols(db.DefaultContext, user, cols...)
+				err = user_model.UpdateUserCols(ctx, user, cols...)
 				if err != nil {
 					return nil, err
 				}
@@ -94,7 +94,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 			IsActive:     util.OptionalBoolTrue,
 		}
 
-		err := user_model.CreateUser(user, overwriteDefault)
+		err := user_model.CreateUser(ctx, user, overwriteDefault)
 		if err != nil {
 			return user, err
 		}
@@ -116,7 +116,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 		if err != nil {
 			return user, err
 		}
-		if err := source_service.SyncGroupsToTeams(db.DefaultContext, user, sr.Groups, groupTeamMapping, source.GroupTeamMapRemoval); err != nil {
+		if err := source_service.SyncGroupsToTeams(ctx, user, sr.Groups, groupTeamMapping, source.GroupTeamMapRemoval); err != nil {
 			return user, err
 		}
 	}

services/auth/source/ldap/source_sync.go

@@ -28,7 +28,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 	var sshKeysNeedUpdate bool
 
 	// Find all users with this login type - FIXME: Should this be an iterator?
-	users, err := user_model.GetUsersBySource(source.authSource)
+	users, err := user_model.GetUsersBySource(ctx, source.authSource)
 	if err != nil {
 		log.Error("SyncExternalUsers: %v", err)
 		return err
@@ -128,7 +128,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				IsActive:     util.OptionalBoolTrue,
 			}
 
-			err = user_model.CreateUser(usr, overwriteDefault)
+			err = user_model.CreateUser(ctx, usr, overwriteDefault)
 			if err != nil {
 				log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.authSource.Name, su.Username, err)
 			}

services/auth/source/oauth2/source_authenticate.go

@@ -4,13 +4,15 @@
 package oauth2
 
 import (
+	"context"
+
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/services/auth/source/db"
 )
 
 // Authenticate falls back to the db authenticator
-func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
-	return db.Authenticate(user, login, password)
+func (source *Source) Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error) {
+	return db.Authenticate(ctx, user, login, password)
 }
 
 // NB: Oauth2 does not implement LocalTwoFASkipper for password authentication

services/auth/source/pam/source_authenticate.go

@@ -4,6 +4,7 @@
 package pam
 
 import (
+	"context"
 	"fmt"
 	"strings"
 
@@ -18,7 +19,7 @@ import (
 
 // Authenticate queries if login/password is valid against the PAM,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
+func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	pamLogin, err := pam.Auth(source.ServiceName, userName, password)
 	if err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
@@ -62,7 +63,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 		IsActive: util.OptionalBoolTrue,
 	}
 
-	if err := user_model.CreateUser(user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
 		return user, err
 	}
 

services/auth/source/smtp/source_authenticate.go

@@ -4,6 +4,7 @@
 package smtp
 
 import (
+	"context"
 	"errors"
 	"net/smtp"
 	"net/textproto"
@@ -16,7 +17,7 @@ import (
 
 // Authenticate queries if the provided login/password is authenticates against the SMTP server
 // Users will be autoregistered as required
-func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
+func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	// Verify allowed domains.
 	if len(source.AllowedDomains) > 0 {
 		idx := strings.Index(userName, "@")
@@ -77,7 +78,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 		IsActive: util.OptionalBoolTrue,
 	}
 
-	if err := user_model.CreateUser(user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
 		return user, err
 	}
 

services/auth/source/source_group_sync.go

@@ -100,12 +100,12 @@ func syncGroupsToTeamsCached(ctx context.Context, user *user_model.User, orgTeam
 			}
 
 			if action == syncAdd && !isMember {
-				if err := models.AddTeamMember(team, user.ID); err != nil {
+				if err := models.AddTeamMember(ctx, team, user.ID); err != nil {
 					log.Error("group sync: Could not add user to team: %v", err)
 					return err
 				}
 			} else if action == syncRemove && isMember {
-				if err := models.RemoveTeamMember(team, user.ID); err != nil {
+				if err := models.RemoveTeamMember(ctx, team, user.ID); err != nil {
 					log.Error("group sync: Could not remove user from team: %v", err)
 					return err
 				}

services/auth/sspi_windows.go

@@ -4,6 +4,7 @@
 package auth
 
 import (
+	"context"
 	"errors"
 	"net/http"
 	"strings"
@@ -113,7 +114,7 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore,
 			log.Error("User '%s' not found", username)
 			return nil, nil
 		}
-		user, err = s.newUser(username, cfg)
+		user, err = s.newUser(req.Context(), username, cfg)
 		if err != nil {
 			log.Error("CreateUser: %v", err)
 			return nil, err
@@ -161,7 +162,7 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) {
 
 // newUser creates a new user object for the purpose of automatic registration
 // and populates its name and email with the information present in request headers.
-func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, error) {
+func (s *SSPI) newUser(ctx context.Context, username string, cfg *sspi.Source) (*user_model.User, error) {
 	email := gouuid.New().String() + "@localhost.localdomain"
 	user := &user_model.User{
 		Name:            username,
@@ -177,7 +178,7 @@ func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, err
 		KeepEmailPrivate:             util.OptionalBoolTrue,
 		EmailNotificationsPreference: &emailNotificationPreference,
 	}
-	if err := user_model.CreateUser(user, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(ctx, user, overwriteDefault); err != nil {
 		return nil, err
 	}