mirror of
https://github.com/go-gitea/gitea
synced 2025-07-22 18:28:37 +00:00
Move user related model into models/user (#17781)
* Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
This commit is contained in:
Lunny Xiao
GitHub
@@ -12,8 +12,8 @@ import (
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
@@ -105,7 +105,7 @@ func isGitRawReleaseOrLFSPath(req *http.Request) bool {
|
||||
}
|
||||
|
||||
// handleSignIn clears existing session variables and stores new ones for the specified user object
|
||||
func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *models.User) {
|
||||
func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) {
|
||||
_ = sess.Delete("openid_verified_uri")
|
||||
_ = sess.Delete("openid_signin_remember")
|
||||
_ = sess.Delete("openid_determined_email")
|
||||
@@ -128,7 +128,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
|
||||
if len(user.Language) == 0 {
|
||||
lc := middleware.Locale(resp, req)
|
||||
user.Language = lc.Language()
|
||||
if err := models.UpdateUserCols(db.DefaultContext, user, "language"); err != nil {
|
||||
if err := user_model.UpdateUserCols(db.DefaultContext, user, "language"); err != nil {
|
||||
log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", user.ID, user.Language))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
@@ -41,7 +42,7 @@ func (b *Basic) Name() string {
|
||||
// "Authorization" header of the request and returns the corresponding user object for that
|
||||
// name/token on successful validation.
|
||||
// Returns nil if header is empty or validation fails.
|
||||
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
// Basic authentication should only fire on API, Download or on Git or LFSPaths
|
||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
|
||||
return nil
|
||||
@@ -75,7 +76,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
if uid != 0 {
|
||||
log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
|
||||
|
||||
u, err := models.GetUserByID(uid)
|
||||
u, err := user_model.GetUserByID(uid)
|
||||
if err != nil {
|
||||
log.Error("GetUserByID: %v", err)
|
||||
return nil
|
||||
@@ -88,7 +89,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
token, err := models.GetAccessTokenBySHA(authToken)
|
||||
if err == nil {
|
||||
log.Trace("Basic Authorization: Valid AccessToken for user[%d]", uid)
|
||||
u, err := models.GetUserByID(token.UID)
|
||||
u, err := user_model.GetUserByID(token.UID)
|
||||
if err != nil {
|
||||
log.Error("GetUserByID: %v", err)
|
||||
return nil
|
||||
@@ -112,7 +113,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
|
||||
log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
|
||||
u, source, err := UserSignIn(uname, passwd)
|
||||
if err != nil {
|
||||
if !models.IsErrUserNotExist(err) {
|
||||
if !user_model.IsErrUserNotExist(err) {
|
||||
log.Error("UserSignIn: %v", err)
|
||||
}
|
||||
return nil
|
||||
|
||||
@@ -7,8 +7,8 @@ package auth
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
)
|
||||
|
||||
// Ensure the struct implements the interface.
|
||||
@@ -60,7 +60,7 @@ func (b *Group) Free() error {
|
||||
}
|
||||
|
||||
// Verify extracts and validates
|
||||
func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
if !db.HasEngine {
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/session"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
)
|
||||
@@ -26,7 +26,7 @@ type Method interface {
|
||||
// or a new user object (with id = 0) populated with the information that was found
|
||||
// in the authentication data (username or email).
|
||||
// Returns nil if verification fails.
|
||||
Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User
|
||||
Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User
|
||||
}
|
||||
|
||||
// Initializable represents a structure that requires initialization
|
||||
@@ -51,7 +51,7 @@ type Freeable interface {
|
||||
|
||||
// PasswordAuthenticator represents a source of authentication
|
||||
type PasswordAuthenticator interface {
|
||||
Authenticate(user *models.User, login, password string) (*models.User, error)
|
||||
Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
|
||||
}
|
||||
|
||||
// LocalTwoFASkipper represents a source of authentication that can skip local 2fa
|
||||
|
||||
@@ -8,11 +8,12 @@ import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
)
|
||||
|
||||
// DeleteLoginSource deletes a LoginSource record in DB.
|
||||
func DeleteLoginSource(source *login.Source) error {
|
||||
count, err := db.GetEngine(db.DefaultContext).Count(&models.User{LoginSource: source.ID})
|
||||
count, err := db.GetEngine(db.DefaultContext).Count(&user_model.User{LoginSource: source.ID})
|
||||
if err != nil {
|
||||
return err
|
||||
} else if count > 0 {
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/timeutil"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
@@ -110,7 +111,7 @@ func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
|
||||
// or the "Authorization" header and returns the corresponding user object for that ID.
|
||||
// If verification is successful returns an existing user object.
|
||||
// Returns nil if verification fails.
|
||||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
if !db.HasEngine {
|
||||
return nil
|
||||
}
|
||||
@@ -125,9 +126,9 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
|
||||
}
|
||||
log.Trace("OAuth2 Authorization: Found token for user[%d]", id)
|
||||
|
||||
user, err := models.GetUserByID(id)
|
||||
user, err := user_model.GetUserByID(id)
|
||||
if err != nil {
|
||||
if !models.IsErrUserNotExist(err) {
|
||||
if !user_model.IsErrUserNotExist(err) {
|
||||
log.Error("GetUserByName: %v", err)
|
||||
}
|
||||
return nil
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
"code.gitea.io/gitea/modules/web/middleware"
|
||||
@@ -56,16 +56,16 @@ func (r *ReverseProxy) Name() string {
|
||||
// If a username is available in the "setting.ReverseProxyAuthUser" header an existing
|
||||
// user object is returned (populated with username or email found in header).
|
||||
// Returns nil if header is empty.
|
||||
func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
username := r.getUserName(req)
|
||||
if len(username) == 0 {
|
||||
return nil
|
||||
}
|
||||
log.Trace("ReverseProxy Authorization: Found username: %s", username)
|
||||
|
||||
user, err := models.GetUserByName(username)
|
||||
user, err := user_model.GetUserByName(username)
|
||||
if err != nil {
|
||||
if !models.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() {
|
||||
if !user_model.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() {
|
||||
log.Error("GetUserByName: %v", err)
|
||||
return nil
|
||||
}
|
||||
@@ -91,7 +91,7 @@ func (r *ReverseProxy) isAutoRegisterAllowed() bool {
|
||||
|
||||
// newUser creates a new user object for the purpose of automatic registration
|
||||
// and populates its name and email with the information present in request headers.
|
||||
func (r *ReverseProxy) newUser(req *http.Request) *models.User {
|
||||
func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
|
||||
username := r.getUserName(req)
|
||||
if len(username) == 0 {
|
||||
return nil
|
||||
@@ -105,12 +105,12 @@ func (r *ReverseProxy) newUser(req *http.Request) *models.User {
|
||||
}
|
||||
}
|
||||
|
||||
user := &models.User{
|
||||
user := &user_model.User{
|
||||
Name: username,
|
||||
Email: email,
|
||||
IsActive: true,
|
||||
}
|
||||
if err := models.CreateUser(user); err != nil {
|
||||
if err := user_model.CreateUser(user); err != nil {
|
||||
// FIXME: should I create a system notice?
|
||||
log.Error("CreateUser: %v", err)
|
||||
return nil
|
||||
|
||||
@@ -7,7 +7,7 @@ package auth
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
)
|
||||
|
||||
@@ -30,7 +30,7 @@ func (s *Session) Name() string {
|
||||
// Verify checks if there is a user uid stored in the session and returns the user
|
||||
// object for that uid.
|
||||
// Returns nil if there is no user uid stored in the session.
|
||||
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
user := SessionUser(sess)
|
||||
if user != nil {
|
||||
return user
|
||||
@@ -39,7 +39,7 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
|
||||
}
|
||||
|
||||
// SessionUser returns the user object corresponding to the "uid" session variable.
|
||||
func SessionUser(sess SessionStore) *models.User {
|
||||
func SessionUser(sess SessionStore) *user_model.User {
|
||||
// Get user ID
|
||||
uid := sess.Get("uid")
|
||||
if uid == nil {
|
||||
@@ -53,9 +53,9 @@ func SessionUser(sess SessionStore) *models.User {
|
||||
}
|
||||
|
||||
// Get user object
|
||||
user, err := models.GetUserByID(id)
|
||||
user, err := user_model.GetUserByID(id)
|
||||
if err != nil {
|
||||
if !models.IsErrUserNotExist(err) {
|
||||
if !user_model.IsErrUserNotExist(err) {
|
||||
log.Error("GetUserById: %v", err)
|
||||
}
|
||||
return nil
|
||||
|
||||
@@ -7,25 +7,24 @@ package auth
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
|
||||
_ "code.gitea.io/gitea/services/auth/source/db" // register the sources (and below)
|
||||
_ "code.gitea.io/gitea/services/auth/source/ldap"
|
||||
_ "code.gitea.io/gitea/services/auth/source/oauth2"
|
||||
_ "code.gitea.io/gitea/services/auth/source/pam"
|
||||
_ "code.gitea.io/gitea/services/auth/source/smtp"
|
||||
_ "code.gitea.io/gitea/services/auth/source/sspi"
|
||||
_ "code.gitea.io/gitea/services/auth/source/db" // register the sources (and below)
|
||||
_ "code.gitea.io/gitea/services/auth/source/ldap" // register the ldap source
|
||||
"code.gitea.io/gitea/services/auth/source/oauth2"
|
||||
_ "code.gitea.io/gitea/services/auth/source/pam" // register the pam source
|
||||
"code.gitea.io/gitea/services/auth/source/smtp"
|
||||
_ "code.gitea.io/gitea/services/auth/source/sspi" // register the sspi source
|
||||
)
|
||||
|
||||
// UserSignIn validates user name and password.
|
||||
func UserSignIn(username, password string) (*models.User, *login.Source, error) {
|
||||
var user *models.User
|
||||
func UserSignIn(username, password string) (*user_model.User, *login.Source, error) {
|
||||
var user *user_model.User
|
||||
if strings.Contains(username, "@") {
|
||||
user = &models.User{Email: strings.ToLower(strings.TrimSpace(username))}
|
||||
user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))}
|
||||
// check same email
|
||||
cnt, err := db.Count(user)
|
||||
if err != nil {
|
||||
@@ -39,13 +38,13 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
|
||||
} else {
|
||||
trimmedUsername := strings.TrimSpace(username)
|
||||
if len(trimmedUsername) == 0 {
|
||||
return nil, nil, models.ErrUserNotExist{Name: username}
|
||||
return nil, nil, user_model.ErrUserNotExist{Name: username}
|
||||
}
|
||||
|
||||
user = &models.User{LowerName: strings.ToLower(trimmedUsername)}
|
||||
user = &user_model.User{LowerName: strings.ToLower(trimmedUsername)}
|
||||
}
|
||||
|
||||
hasUser, err := models.GetUser(user)
|
||||
hasUser, err := user_model.GetUser(user)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -57,12 +56,12 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
|
||||
}
|
||||
|
||||
if !source.IsActive {
|
||||
return nil, nil, models.ErrLoginSourceNotActived
|
||||
return nil, nil, oauth2.ErrLoginSourceNotActived
|
||||
}
|
||||
|
||||
authenticator, ok := source.Cfg.(PasswordAuthenticator)
|
||||
if !ok {
|
||||
return nil, nil, models.ErrUnsupportedLoginType
|
||||
return nil, nil, smtp.ErrUnsupportedLoginType
|
||||
}
|
||||
|
||||
user, err := authenticator.Authenticate(user, username, password)
|
||||
@@ -73,7 +72,7 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
|
||||
// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
|
||||
// user could be hint to resend confirm email.
|
||||
if user.ProhibitLogin {
|
||||
return nil, nil, models.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
|
||||
return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
|
||||
}
|
||||
|
||||
return user, source, nil
|
||||
@@ -101,15 +100,15 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
|
||||
if !authUser.ProhibitLogin {
|
||||
return authUser, source, nil
|
||||
}
|
||||
err = models.ErrUserProhibitLogin{UID: authUser.ID, Name: authUser.Name}
|
||||
err = user_model.ErrUserProhibitLogin{UID: authUser.ID, Name: authUser.Name}
|
||||
}
|
||||
|
||||
if models.IsErrUserNotExist(err) {
|
||||
if user_model.IsErrUserNotExist(err) {
|
||||
log.Debug("Failed to login '%s' via '%s': %v", username, source.Name, err)
|
||||
} else {
|
||||
log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
|
||||
}
|
||||
}
|
||||
|
||||
return nil, nil, models.ErrUserNotExist{Name: username}
|
||||
return nil, nil, user_model.ErrUserNotExist{Name: username}
|
||||
}
|
||||
|
||||
@@ -5,19 +5,19 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
)
|
||||
|
||||
// Authenticate authenticates the provided user against the DB
|
||||
func Authenticate(user *models.User, login, password string) (*models.User, error) {
|
||||
func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
|
||||
if user == nil {
|
||||
return nil, models.ErrUserNotExist{Name: login}
|
||||
return nil, user_model.ErrUserNotExist{Name: login}
|
||||
}
|
||||
|
||||
if !user.IsPasswordSet() || !user.ValidatePassword(password) {
|
||||
return nil, models.ErrUserNotExist{UID: user.ID, Name: user.Name}
|
||||
return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name}
|
||||
}
|
||||
|
||||
// Update password hash if server password hash algorithm have changed
|
||||
@@ -25,7 +25,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
|
||||
if err := user.SetPassword(password); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := models.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
|
||||
if err := user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
@@ -33,7 +33,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
|
||||
// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
|
||||
// user could be hint to resend confirm email.
|
||||
if user.ProhibitLogin {
|
||||
return nil, models.ErrUserProhibitLogin{
|
||||
return nil, user_model.ErrUserProhibitLogin{
|
||||
UID: user.ID,
|
||||
Name: user.Name,
|
||||
}
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
package db
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
)
|
||||
|
||||
// Source is a password authentication service
|
||||
@@ -24,7 +24,7 @@ func (source *Source) ToDB() ([]byte, error) {
|
||||
|
||||
// Authenticate queries if login/password is valid against the PAM,
|
||||
// and create a local user if success when enabled.
|
||||
func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
|
||||
func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
|
||||
return Authenticate(user, login, password)
|
||||
}
|
||||
|
||||
|
||||
@@ -11,27 +11,28 @@ import (
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/services/mailer"
|
||||
user_service "code.gitea.io/gitea/services/user"
|
||||
)
|
||||
|
||||
// Authenticate queries if login/password is valid against the LDAP directory pool,
|
||||
// and create a local user if success when enabled.
|
||||
func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
|
||||
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
|
||||
sr := source.SearchEntry(userName, password, source.loginSource.Type == login.DLDAP)
|
||||
if sr == nil {
|
||||
// User not in LDAP, do nothing
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
|
||||
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
|
||||
|
||||
// Update User admin flag if exist
|
||||
if isExist, err := models.IsUserExist(0, sr.Username); err != nil {
|
||||
if isExist, err := user_model.IsUserExist(0, sr.Username); err != nil {
|
||||
return nil, err
|
||||
} else if isExist {
|
||||
if user == nil {
|
||||
user, err = models.GetUserByName(sr.Username)
|
||||
user, err = user_model.GetUserByName(sr.Username)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -49,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
cols = append(cols, "is_restricted")
|
||||
}
|
||||
if len(cols) > 0 {
|
||||
err = models.UpdateUserCols(db.DefaultContext, user, cols...)
|
||||
err = user_model.UpdateUserCols(db.DefaultContext, user, cols...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -74,7 +75,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
|
||||
}
|
||||
|
||||
user = &models.User{
|
||||
user = &user_model.User{
|
||||
LowerName: strings.ToLower(sr.Username),
|
||||
Name: sr.Username,
|
||||
FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
|
||||
@@ -87,7 +88,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
IsRestricted: sr.IsRestricted,
|
||||
}
|
||||
|
||||
err := models.CreateUser(user)
|
||||
err := user_model.CreateUser(user)
|
||||
if err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
user_service "code.gitea.io/gitea/services/user"
|
||||
)
|
||||
@@ -25,7 +26,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
var sshKeysNeedUpdate bool
|
||||
|
||||
// Find all users with this login type - FIXME: Should this be an iterator?
|
||||
users, err := models.GetUsersBySource(source.loginSource)
|
||||
users, err := user_model.GetUsersBySource(source.loginSource)
|
||||
if err != nil {
|
||||
log.Error("SyncExternalUsers: %v", err)
|
||||
return err
|
||||
@@ -83,7 +84,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
su.Mail = fmt.Sprintf("%s@localhost", su.Username)
|
||||
}
|
||||
|
||||
var usr *models.User
|
||||
var usr *user_model.User
|
||||
for userPos < len(users) && users[userPos].LowerName < su.LowerName {
|
||||
userPos++
|
||||
}
|
||||
@@ -97,7 +98,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
if usr == nil {
|
||||
log.Trace("SyncExternalUsers[%s]: Creating user %s", source.loginSource.Name, su.Username)
|
||||
|
||||
usr = &models.User{
|
||||
usr = &user_model.User{
|
||||
LowerName: su.LowerName,
|
||||
Name: su.Username,
|
||||
FullName: fullName,
|
||||
@@ -110,7 +111,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
IsActive: true,
|
||||
}
|
||||
|
||||
err = models.CreateUser(usr)
|
||||
err = user_model.CreateUser(usr)
|
||||
|
||||
if err != nil {
|
||||
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.loginSource.Name, su.Username, err)
|
||||
@@ -153,7 +154,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
}
|
||||
usr.IsActive = true
|
||||
|
||||
err = models.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
|
||||
err = user_model.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
|
||||
if err != nil {
|
||||
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.loginSource.Name, usr.Name, err)
|
||||
}
|
||||
@@ -194,7 +195,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
|
||||
log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.loginSource.Name, usr.Name)
|
||||
|
||||
usr.IsActive = false
|
||||
err = models.UpdateUserCols(db.DefaultContext, usr, "is_active")
|
||||
err = user_model.UpdateUserCols(db.DefaultContext, usr, "is_active")
|
||||
if err != nil {
|
||||
log.Error("SyncExternalUsers[%s]: Error deactivating user %s: %v", source.loginSource.Name, usr.Name, err)
|
||||
}
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
package oauth2
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"net/url"
|
||||
"sort"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
@@ -139,6 +139,11 @@ func ClearProviders() {
|
||||
goth.ClearProviders()
|
||||
}
|
||||
|
||||
var (
|
||||
// ErrLoginSourceNotActived login source is not actived error
|
||||
ErrLoginSourceNotActived = errors.New("Login source is not actived")
|
||||
)
|
||||
|
||||
// used to create different types of goth providers
|
||||
func createProvider(providerName string, source *Source) (goth.Provider, error) {
|
||||
callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback"
|
||||
@@ -148,7 +153,7 @@ func createProvider(providerName string, source *Source) (goth.Provider, error)
|
||||
|
||||
p, ok := gothProviders[source.Provider]
|
||||
if !ok {
|
||||
return nil, models.ErrLoginSourceNotActived
|
||||
return nil, ErrLoginSourceNotActived
|
||||
}
|
||||
|
||||
provider, err = p.CreateGothProvider(providerName, callbackURL, source)
|
||||
|
||||
@@ -5,12 +5,12 @@
|
||||
package oauth2
|
||||
|
||||
import (
|
||||
"code.gitea.io/gitea/models"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/services/auth/source/db"
|
||||
)
|
||||
|
||||
// Authenticate falls back to the db authenticator
|
||||
func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
|
||||
func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
|
||||
return db.Authenticate(user, login, password)
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/auth/pam"
|
||||
@@ -20,11 +19,11 @@ import (
|
||||
|
||||
// Authenticate queries if login/password is valid against the PAM,
|
||||
// and create a local user if success when enabled.
|
||||
func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
|
||||
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
|
||||
pamLogin, err := pam.Auth(source.ServiceName, userName, password)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "Authentication failure") {
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
@@ -51,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
}
|
||||
}
|
||||
|
||||
user = &models.User{
|
||||
user = &user_model.User{
|
||||
LowerName: strings.ToLower(username),
|
||||
Name: username,
|
||||
Email: email,
|
||||
@@ -62,7 +61,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
IsActive: true,
|
||||
}
|
||||
|
||||
if err := models.CreateUser(user); err != nil {
|
||||
if err := user_model.CreateUser(user); err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
||||
|
||||
@@ -6,13 +6,12 @@ package smtp
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/smtp"
|
||||
"os"
|
||||
"strconv"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
)
|
||||
|
||||
// _________ __________________________
|
||||
@@ -52,6 +51,11 @@ const (
|
||||
// Authenticators contains available SMTP authentication type names.
|
||||
var Authenticators = []string{PlainAuthentication, LoginAuthentication, CRAMMD5Authentication}
|
||||
|
||||
var (
|
||||
// ErrUnsupportedLoginType login source is unknown error
|
||||
ErrUnsupportedLoginType = errors.New("Login source is unknown")
|
||||
)
|
||||
|
||||
// Authenticate performs an SMTP authentication.
|
||||
func Authenticate(a smtp.Auth, source *Source) error {
|
||||
tlsConfig := &tls.Config{
|
||||
@@ -101,5 +105,5 @@ func Authenticate(a smtp.Auth, source *Source) error {
|
||||
return client.Auth(a)
|
||||
}
|
||||
|
||||
return models.ErrUnsupportedLoginType
|
||||
return ErrUnsupportedLoginType
|
||||
}
|
||||
|
||||
@@ -10,22 +10,22 @@ import (
|
||||
"net/textproto"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/util"
|
||||
"code.gitea.io/gitea/services/mailer"
|
||||
)
|
||||
|
||||
// Authenticate queries if the provided login/password is authenticates against the SMTP server
|
||||
// Users will be autoregistered as required
|
||||
func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
|
||||
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
|
||||
// Verify allowed domains.
|
||||
if len(source.AllowedDomains) > 0 {
|
||||
idx := strings.Index(userName, "@")
|
||||
if idx == -1 {
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
} else if !util.IsStringInSlice(userName[idx+1:], strings.Split(source.AllowedDomains, ","), true) {
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -47,11 +47,11 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
tperr, ok := err.(*textproto.Error)
|
||||
if (ok && tperr.Code == 535) ||
|
||||
strings.Contains(err.Error(), "Username and Password not accepted") {
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
if (ok && tperr.Code == 534) ||
|
||||
strings.Contains(err.Error(), "Application-specific password required") {
|
||||
return nil, models.ErrUserNotExist{Name: userName}
|
||||
return nil, user_model.ErrUserNotExist{Name: userName}
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
@@ -66,7 +66,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
username = userName[:idx]
|
||||
}
|
||||
|
||||
user = &models.User{
|
||||
user = &user_model.User{
|
||||
LowerName: strings.ToLower(username),
|
||||
Name: strings.ToLower(username),
|
||||
Email: userName,
|
||||
@@ -77,7 +77,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
|
||||
IsActive: true,
|
||||
}
|
||||
|
||||
if err := models.CreateUser(user); err != nil {
|
||||
if err := user_model.CreateUser(user); err != nil {
|
||||
return user, err
|
||||
}
|
||||
|
||||
|
||||
@@ -9,9 +9,9 @@ import (
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/models/avatars"
|
||||
"code.gitea.io/gitea/models/login"
|
||||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/base"
|
||||
"code.gitea.io/gitea/modules/log"
|
||||
"code.gitea.io/gitea/modules/setting"
|
||||
@@ -83,7 +83,7 @@ func (s *SSPI) Free() error {
|
||||
// If authentication is successful, returns the corresponding user object.
|
||||
// If negotiation should continue or authentication fails, immediately returns a 401 HTTP
|
||||
// response code, as required by the SPNEGO protocol.
|
||||
func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
|
||||
func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
|
||||
if !s.shouldAuthenticate(req) {
|
||||
return nil
|
||||
}
|
||||
@@ -126,9 +126,9 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore,
|
||||
}
|
||||
log.Info("Authenticated as %s\n", username)
|
||||
|
||||
user, err := models.GetUserByName(username)
|
||||
user, err := user_model.GetUserByName(username)
|
||||
if err != nil {
|
||||
if !models.IsErrUserNotExist(err) {
|
||||
if !user_model.IsErrUserNotExist(err) {
|
||||
log.Error("GetUserByName: %v", err)
|
||||
return nil
|
||||
}
|
||||
@@ -184,9 +184,9 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) {
|
||||
|
||||
// newUser creates a new user object for the purpose of automatic registration
|
||||
// and populates its name and email with the information present in request headers.
|
||||
func (s *SSPI) newUser(username string, cfg *sspi.Source) (*models.User, error) {
|
||||
func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, error) {
|
||||
email := gouuid.New().String() + "@localhost.localdomain"
|
||||
user := &models.User{
|
||||
user := &user_model.User{
|
||||
Name: username,
|
||||
Email: email,
|
||||
KeepEmailPrivate: true,
|
||||
@@ -195,9 +195,9 @@ func (s *SSPI) newUser(username string, cfg *sspi.Source) (*models.User, error)
|
||||
Language: cfg.DefaultLanguage,
|
||||
UseCustomAvatar: true,
|
||||
Avatar: avatars.DefaultAvatarLink(),
|
||||
EmailNotificationsPreference: models.EmailNotificationsDisabled,
|
||||
EmailNotificationsPreference: user_model.EmailNotificationsDisabled,
|
||||
}
|
||||
if err := models.CreateUser(user); err != nil {
|
||||
if err := user_model.CreateUser(user); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user