Refactor auth package (#17962)

routers/web/user/setting/applications.go

@@ -9,7 +9,7 @@ import (
 	"net/http"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
@@ -93,12 +93,12 @@ func loadApplicationsData(ctx *context.Context) {
 	ctx.Data["Tokens"] = tokens
 	ctx.Data["EnableOAuth2"] = setting.OAuth2.Enable
 	if setting.OAuth2.Enable {
-		ctx.Data["Applications"], err = login.GetOAuth2ApplicationsByUserID(ctx.User.ID)
+		ctx.Data["Applications"], err = auth.GetOAuth2ApplicationsByUserID(ctx.User.ID)
 		if err != nil {
 			ctx.ServerError("GetOAuth2ApplicationsByUserID", err)
 			return
 		}
-		ctx.Data["Grants"], err = login.GetOAuth2GrantsByUserID(ctx.User.ID)
+		ctx.Data["Grants"], err = auth.GetOAuth2GrantsByUserID(ctx.User.ID)
 		if err != nil {
 			ctx.ServerError("GetOAuth2GrantsByUserID", err)
 			return

routers/web/user/setting/keys.go

@@ -216,7 +216,6 @@ func KeysPost(ctx *context.Context) {
 
 // DeleteKey response for delete user's SSH/GPG key
 func DeleteKey(ctx *context.Context) {
-
 	switch ctx.FormString("type") {
 	case "gpg":
 		if err := asymkey_model.DeleteGPGKey(ctx.User, ctx.FormInt64("id")); err != nil {

routers/web/user/setting/oauth2.go

@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"net/http"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
@@ -34,7 +34,7 @@ func OAuthApplicationsPost(ctx *context.Context) {
 		return
 	}
 	// TODO validate redirect URI
-	app, err := login.CreateOAuth2Application(login.CreateOAuth2ApplicationOptions{
+	app, err := auth.CreateOAuth2Application(auth.CreateOAuth2ApplicationOptions{
 		Name:         form.Name,
 		RedirectURIs: []string{form.RedirectURI},
 		UserID:       ctx.User.ID,
@@ -67,7 +67,7 @@ func OAuthApplicationsEdit(ctx *context.Context) {
 	}
 	// TODO validate redirect URI
 	var err error
-	if ctx.Data["App"], err = login.UpdateOAuth2Application(login.UpdateOAuth2ApplicationOptions{
+	if ctx.Data["App"], err = auth.UpdateOAuth2Application(auth.UpdateOAuth2ApplicationOptions{
 		ID:           ctx.ParamsInt64("id"),
 		Name:         form.Name,
 		RedirectURIs: []string{form.RedirectURI},
@@ -85,9 +85,9 @@ func OAuthApplicationsRegenerateSecret(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsApplications"] = true
 
-	app, err := login.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
+	app, err := auth.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
 	if err != nil {
-		if login.IsErrOAuthApplicationNotFound(err) {
+		if auth.IsErrOAuthApplicationNotFound(err) {
 			ctx.NotFound("Application not found", err)
 			return
 		}
@@ -110,9 +110,9 @@ func OAuthApplicationsRegenerateSecret(ctx *context.Context) {
 
 // OAuth2ApplicationShow displays the given application
 func OAuth2ApplicationShow(ctx *context.Context) {
-	app, err := login.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
+	app, err := auth.GetOAuth2ApplicationByID(ctx.ParamsInt64("id"))
 	if err != nil {
-		if login.IsErrOAuthApplicationNotFound(err) {
+		if auth.IsErrOAuthApplicationNotFound(err) {
 			ctx.NotFound("Application not found", err)
 			return
 		}
@@ -129,7 +129,7 @@ func OAuth2ApplicationShow(ctx *context.Context) {
 
 // DeleteOAuth2Application deletes the given oauth2 application
 func DeleteOAuth2Application(ctx *context.Context) {
-	if err := login.DeleteOAuth2Application(ctx.FormInt64("id"), ctx.User.ID); err != nil {
+	if err := auth.DeleteOAuth2Application(ctx.FormInt64("id"), ctx.User.ID); err != nil {
 		ctx.ServerError("DeleteOAuth2Application", err)
 		return
 	}
@@ -147,7 +147,7 @@ func RevokeOAuth2Grant(ctx *context.Context) {
 		ctx.ServerError("RevokeOAuth2Grant", fmt.Errorf("user id or grant id is zero"))
 		return
 	}
-	if err := login.RevokeOAuth2Grant(ctx.FormInt64("id"), ctx.User.ID); err != nil {
+	if err := auth.RevokeOAuth2Grant(ctx.FormInt64("id"), ctx.User.ID); err != nil {
 		ctx.ServerError("RevokeOAuth2Grant", err)
 		return
 	}

routers/web/user/setting/security/2fa.go

@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package setting
+package security
 
 import (
 	"bytes"
@@ -13,7 +13,7 @@ import (
 	"net/http"
 	"strings"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -29,9 +29,9 @@ func RegenerateScratchTwoFactor(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsSecurity"] = true
 
-	t, err := login.GetTwoFactorByUID(ctx.User.ID)
+	t, err := auth.GetTwoFactorByUID(ctx.User.ID)
 	if err != nil {
-		if login.IsErrTwoFactorNotEnrolled(err) {
+		if auth.IsErrTwoFactorNotEnrolled(err) {
 			ctx.Flash.Error(ctx.Tr("settings.twofa_not_enrolled"))
 			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		}
@@ -45,7 +45,7 @@ func RegenerateScratchTwoFactor(ctx *context.Context) {
 		return
 	}
 
-	if err = login.UpdateTwoFactor(t); err != nil {
+	if err = auth.UpdateTwoFactor(t); err != nil {
 		ctx.ServerError("SettingsTwoFactor: Failed to UpdateTwoFactor", err)
 		return
 	}
@@ -59,9 +59,9 @@ func DisableTwoFactor(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsSecurity"] = true
 
-	t, err := login.GetTwoFactorByUID(ctx.User.ID)
+	t, err := auth.GetTwoFactorByUID(ctx.User.ID)
 	if err != nil {
-		if login.IsErrTwoFactorNotEnrolled(err) {
+		if auth.IsErrTwoFactorNotEnrolled(err) {
 			ctx.Flash.Error(ctx.Tr("settings.twofa_not_enrolled"))
 			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		}
@@ -69,8 +69,8 @@ func DisableTwoFactor(ctx *context.Context) {
 		return
 	}
 
-	if err = login.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {
-		if login.IsErrTwoFactorNotEnrolled(err) {
+	if err = auth.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {
+		if auth.IsErrTwoFactorNotEnrolled(err) {
 			// There is a potential DB race here - we must have been disabled by another request in the intervening period
 			ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))
 			ctx.Redirect(setting.AppSubURL + "/user/settings/security")
@@ -146,7 +146,7 @@ func EnrollTwoFactor(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsSecurity"] = true
 
-	t, err := login.GetTwoFactorByUID(ctx.User.ID)
+	t, err := auth.GetTwoFactorByUID(ctx.User.ID)
 	if t != nil {
 		// already enrolled - we should redirect back!
 		log.Warn("Trying to re-enroll %-v in twofa when already enrolled", ctx.User)
@@ -154,7 +154,7 @@ func EnrollTwoFactor(ctx *context.Context) {
 		ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		return
 	}
-	if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
+	if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
 		ctx.ServerError("SettingsTwoFactor: GetTwoFactorByUID", err)
 		return
 	}
@@ -172,14 +172,14 @@ func EnrollTwoFactorPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsSecurity"] = true
 
-	t, err := login.GetTwoFactorByUID(ctx.User.ID)
+	t, err := auth.GetTwoFactorByUID(ctx.User.ID)
 	if t != nil {
 		// already enrolled
 		ctx.Flash.Error(ctx.Tr("settings.twofa_is_enrolled"))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/security")
 		return
 	}
-	if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
+	if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
 		ctx.ServerError("SettingsTwoFactor: Failed to check if already enrolled with GetTwoFactorByUID", err)
 		return
 	}
@@ -209,7 +209,7 @@ func EnrollTwoFactorPost(ctx *context.Context) {
 		return
 	}
 
-	t = &login.TwoFactor{
+	t = &auth.TwoFactor{
 		UID: ctx.User.ID,
 	}
 	err = t.SetSecret(secret)
@@ -238,7 +238,7 @@ func EnrollTwoFactorPost(ctx *context.Context) {
 		log.Error("Unable to save changes to the session: %v", err)
 	}
 
-	if err = login.NewTwoFactor(t); err != nil {
+	if err = auth.NewTwoFactor(t); err != nil {
 		// FIXME: We need to handle a unique constraint fail here it's entirely possible that another request has beaten us.
 		// If there is a unique constraint fail we should just tolerate the error
 		ctx.ServerError("SettingsTwoFactor: Failed to save two factor", err)

routers/web/user/setting/security/openid.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package setting
+package security
 
 import (
 	"net/http"

routers/web/user/setting/security/security.go

@@ -3,13 +3,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package setting
+package security
 
 import (
 	"net/http"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
@@ -17,8 +17,8 @@ import (
 )
 
 const (
-	tplSettingsSecurity    base.TplName = "user/settings/security"
-	tplSettingsTwofaEnroll base.TplName = "user/settings/twofa_enroll"
+	tplSettingsSecurity    base.TplName = "user/settings/security/security"
+	tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
 )
 
 // Security render change user's password page and 2FA
@@ -56,14 +56,14 @@ func DeleteAccountLink(ctx *context.Context) {
 }
 
 func loadSecurityData(ctx *context.Context) {
-	enrolled, err := login.HasTwoFactorByUID(ctx.User.ID)
+	enrolled, err := auth.HasTwoFactorByUID(ctx.User.ID)
 	if err != nil {
 		ctx.ServerError("SettingsTwoFactor", err)
 		return
 	}
 	ctx.Data["TOTPEnrolled"] = enrolled
 
-	ctx.Data["U2FRegistrations"], err = login.GetU2FRegistrationsByUID(ctx.User.ID)
+	ctx.Data["U2FRegistrations"], err = auth.GetU2FRegistrationsByUID(ctx.User.ID)
 	if err != nil {
 		ctx.ServerError("GetU2FRegistrationsByUID", err)
 		return
@@ -82,10 +82,10 @@ func loadSecurityData(ctx *context.Context) {
 		return
 	}
 
-	// map the provider display name with the LoginSource
-	sources := make(map[*login.Source]string)
+	// map the provider display name with the AuthSource
+	sources := make(map[*auth.Source]string)
 	for _, externalAccount := range accountLinks {
-		if loginSource, err := login.GetSourceByID(externalAccount.LoginSourceID); err == nil {
+		if authSource, err := auth.GetSourceByID(externalAccount.LoginSourceID); err == nil {
 			var providerDisplayName string
 
 			type DisplayNamed interface {
@@ -96,14 +96,14 @@ func loadSecurityData(ctx *context.Context) {
 				Name() string
 			}
 
-			if displayNamed, ok := loginSource.Cfg.(DisplayNamed); ok {
+			if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
 				providerDisplayName = displayNamed.DisplayName()
-			} else if named, ok := loginSource.Cfg.(Named); ok {
+			} else if named, ok := authSource.Cfg.(Named); ok {
 				providerDisplayName = named.Name()
 			} else {
-				providerDisplayName = loginSource.Name
+				providerDisplayName = authSource.Name
 			}
-			sources[loginSource] = providerDisplayName
+			sources[authSource] = providerDisplayName
 		}
 	}
 	ctx.Data["AccountLinks"] = sources

routers/web/user/setting/security/u2f.go

@@ -2,13 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package setting
+package security
 
 import (
 	"errors"
 	"net/http"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -34,7 +34,7 @@ func U2FRegister(ctx *context.Context) {
 		ctx.ServerError("Unable to set session key for u2fChallenge", err)
 		return
 	}
-	regs, err := login.GetU2FRegistrationsByUID(ctx.User.ID)
+	regs, err := auth.GetU2FRegistrationsByUID(ctx.User.ID)
 	if err != nil {
 		ctx.ServerError("GetU2FRegistrationsByUID", err)
 		return
@@ -78,7 +78,7 @@ func U2FRegisterPost(ctx *context.Context) {
 		ctx.ServerError("u2f.Register", err)
 		return
 	}
-	if _, err = login.CreateRegistration(ctx.User.ID, name, reg); err != nil {
+	if _, err = auth.CreateRegistration(ctx.User.ID, name, reg); err != nil {
 		ctx.ServerError("u2f.Register", err)
 		return
 	}
@@ -88,9 +88,9 @@ func U2FRegisterPost(ctx *context.Context) {
 // U2FDelete deletes an security key by id
 func U2FDelete(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.U2FDeleteForm)
-	reg, err := login.GetU2FRegistrationByID(form.ID)
+	reg, err := auth.GetU2FRegistrationByID(form.ID)
 	if err != nil {
-		if login.IsErrU2FRegistrationNotExist(err) {
+		if auth.IsErrU2FRegistrationNotExist(err) {
 			ctx.Status(200)
 			return
 		}
@@ -101,7 +101,7 @@ func U2FDelete(ctx *context.Context) {
 		ctx.Status(401)
 		return
 	}
-	if err := login.DeleteRegistration(reg); err != nil {
+	if err := auth.DeleteRegistration(reg); err != nil {
 		ctx.ServerError("DeleteRegistration", err)
 		return
 	}