Make SSPI auth mockable (#27036)

Before, the SSPI auth is only complied for Windows, it's difficult to
test and it breaks a lot.

Now, make the SSPI auth mockable and testable.

routers/api/v1/api.go

@@ -705,7 +705,10 @@ func buildAuthGroup() *auth.Group {
 	if setting.Service.EnableReverseProxyAuthAPI {
 		group.Add(&auth.ReverseProxy{})
 	}
-	specialAdd(group)
+
+	if setting.IsWindows && auth_model.IsSSPIEnabled() {
+		group.Add(&auth.SSPI{}) // it MUST be the last, see the comment of SSPI
+	}
 
 	return group
 }

routers/api/v1/auth.go

@@ -1,10 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build !windows
-
-package v1
-
-import auth_service "code.gitea.io/gitea/services/auth"
-
-func specialAdd(group *auth_service.Group) {}

routers/api/v1/auth_windows.go

@@ -1,19 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package v1
-
-import (
-	"code.gitea.io/gitea/models/auth"
-	auth_service "code.gitea.io/gitea/services/auth"
-)
-
-// specialAdd registers the SSPI auth method as the last method in the list.
-// The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation
-// fails (or if negotiation should continue), which would prevent other authentication methods
-// to execute at all.
-func specialAdd(group *auth_service.Group) {
-	if auth.IsSSPIEnabled() {
-		group.Add(&auth_service.SSPI{})
-	}
-}