tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Refactor auth package (#17962)

Browse Source
This commit is contained in:
Lunny Xiao
2022-01-02 21:12:35 +08:00
committed by GitHub
parent e61b390d54
commit de8e3948a5
87 changed files with 2880 additions and 2770 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
services/asymkey/sign.go
View File

@@ -10,8 +10,8 @@ import (
"code.gitea.io/gitea/models"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
@@ -150,8 +150,8 @@ Loop:
return false, "", nil, &ErrWontSign{pubkey}
}
case twofa:
twofaModel, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
twofaModel, err := auth.GetTwoFactorByUID(u.ID)
if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
return false, "", nil, err
}
if twofaModel == nil {
@@ -186,8 +186,8 @@ Loop:
return false, "", nil, &ErrWontSign{pubkey}
}
case twofa:
twofaModel, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
twofaModel, err := auth.GetTwoFactorByUID(u.ID)
if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
return false, "", nil, err
}
if twofaModel == nil {
@@ -239,8 +239,8 @@ Loop:
return false, "", nil, &ErrWontSign{pubkey}
}
case twofa:
twofaModel, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
twofaModel, err := auth.GetTwoFactorByUID(u.ID)
if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
return false, "", nil, err
}
if twofaModel == nil {
@@ -301,8 +301,8 @@ Loop:
return false, "", nil, &ErrWontSign{pubkey}
}
case twofa:
twofaModel, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
twofaModel, err := auth.GetTwoFactorByUID(u.ID)
if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
return false, "", nil, err
}
if twofaModel == nil {

4
services/asymkey/ssh_key_test.go
View File

@@ -8,7 +8,7 @@ import (
"testing"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
@@ -19,7 +19,7 @@ func TestAddLdapSSHPublicKeys(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
s := &login.Source{ID: 1}
s := &auth.Source{ID: 1}
testCases := []struct {
keyString string

6
services/auth/oauth2.go
View File

@@ -11,8 +11,8 @@ import (
"time"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/timeutil"
@@ -37,8 +37,8 @@ func CheckOAuthAccessToken(accessToken string) int64 {
log.Trace("oauth2.ParseToken: %v", err)
return 0
}
var grant *login.OAuth2Grant
if grant, err = login.GetOAuth2GrantByID(token.GrantID); err != nil || grant == nil {
var grant *auth.OAuth2Grant
if grant, err = auth.GetOAuth2GrantByID(token.GrantID); err != nil || grant == nil {
return 0
}
if token.Type != oauth2.TypeAccessToken {

10
services/auth/signin.go
View File

@@ -7,8 +7,8 @@ package auth
import (
"strings"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/services/auth/source/oauth2"
@@ -21,7 +21,7 @@ import (
)
// UserSignIn validates user name and password.
func UserSignIn(username, password string) (*user_model.User, *login.Source, error) {
func UserSignIn(username, password string) (*user_model.User, *auth.Source, error) {
var user *user_model.User
if strings.Contains(username, "@") {
user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))}
@@ -50,13 +50,13 @@ func UserSignIn(username, password string) (*user_model.User, *login.Source, err
}
if hasUser {
source, err := login.GetSourceByID(user.LoginSource)
source, err := auth.GetSourceByID(user.LoginSource)
if err != nil {
return nil, nil, err
}
if !source.IsActive {
return nil, nil, oauth2.ErrLoginSourceNotActived
return nil, nil, oauth2.ErrAuthSourceNotActived
}
authenticator, ok := source.Cfg.(PasswordAuthenticator)
@@ -78,7 +78,7 @@ func UserSignIn(username, password string) (*user_model.User, *login.Source, err
return user, source, nil
}
sources, err := login.AllActiveSources()
sources, err := auth.AllActiveSources()
if err != nil {
return nil, nil, err
}

14
services/auth/login_source.go → services/auth/source.go
View File

@@ -5,18 +5,18 @@
package auth
import (
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
)
// DeleteLoginSource deletes a LoginSource record in DB.
func DeleteLoginSource(source *login.Source) error {
// DeleteSource deletes a AuthSource record in DB.
func DeleteSource(source *auth.Source) error {
count, err := db.GetEngine(db.DefaultContext).Count(&user_model.User{LoginSource: source.ID})
if err != nil {
return err
} else if count > 0 {
return login.ErrSourceInUse{
return auth.ErrSourceInUse{
ID: source.ID,
}
}
@@ -25,17 +25,17 @@ func DeleteLoginSource(source *login.Source) error {
if err != nil {
return err
} else if count > 0 {
return login.ErrSourceInUse{
return auth.ErrSourceInUse{
ID: source.ID,
}
}
if registerableSource, ok := source.Cfg.(login.RegisterableSource); ok {
if registerableSource, ok := source.Cfg.(auth.RegisterableSource); ok {
if err := registerableSource.UnregisterSource(); err != nil {
return err
}
}
_, err = db.GetEngine(db.DefaultContext).ID(source.ID).Delete(new(login.Source))
_, err = db.GetEngine(db.DefaultContext).ID(source.ID).Delete(new(auth.Source))
return err
}

4
services/auth/source/db/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package db_test
import (
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/db"
)
@@ -15,7 +15,7 @@ import (
type sourceInterface interface {
auth.PasswordAuthenticator
login.Config
auth_model.Config
}
var _ (sourceInterface) = &db.Source{}

6
services/auth/source/db/source.go
View File

@@ -5,7 +5,7 @@
package db
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
)
@@ -29,6 +29,6 @@ func (source *Source) Authenticate(user *user_model.User, login, password string
}
func init() {
login.RegisterTypeConfig(login.NoType, &Source{})
login.RegisterTypeConfig(login.Plain, &Source{})
auth.RegisterTypeConfig(auth.NoType, &Source{})
auth.RegisterTypeConfig(auth.Plain, &Source{})
}

14
services/auth/source/ldap/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package ldap_test
import (
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/ldap"
)
@@ -17,12 +17,12 @@ type sourceInterface interface {
auth.PasswordAuthenticator
auth.SynchronizableSource
auth.LocalTwoFASkipper
login.SSHKeyProvider
login.Config
login.SkipVerifiable
login.HasTLSer
login.UseTLSer
login.SourceSettable
auth_model.SSHKeyProvider
auth_model.Config
auth_model.SkipVerifiable
auth_model.HasTLSer
auth_model.UseTLSer
auth_model.SourceSettable
}
var _ (sourceInterface) = &ldap.Source{}

16
services/auth/source/ldap/source.go
View File

@@ -7,7 +7,7 @@ package ldap
import (
"strings"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/json"
"code.gitea.io/gitea/modules/secret"
"code.gitea.io/gitea/modules/setting"
@@ -55,8 +55,8 @@ type Source struct {
UserUID string // User Attribute listed in Group
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source
// reference to the authSource
authSource *auth.Source
}
// FromDB fills up a LDAPConfig from serialized format.
@@ -109,12 +109,12 @@ func (source *Source) ProvidesSSHKeys() bool {
return len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
}
// SetLoginSource sets the related LoginSource
func (source *Source) SetLoginSource(loginSource *login.Source) {
source.loginSource = loginSource
// SetAuthSource sets the related AuthSource
func (source *Source) SetAuthSource(authSource *auth.Source) {
source.authSource = authSource
}
func init() {
login.RegisterTypeConfig(login.LDAP, &Source{})
login.RegisterTypeConfig(login.DLDAP, &Source{})
auth.RegisterTypeConfig(auth.LDAP, &Source{})
auth.RegisterTypeConfig(auth.DLDAP, &Source{})
}

12
services/auth/source/ldap/source_authenticate.go
View File

@@ -9,8 +9,8 @@ import (
"strings"
asymkey_model "code.gitea.io/gitea/models/asymkey"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/services/mailer"
user_service "code.gitea.io/gitea/services/user"
@@ -19,7 +19,7 @@ import (
// Authenticate queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled.
func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
sr := source.SearchEntry(userName, password, source.loginSource.Type == login.DLDAP)
sr := source.SearchEntry(userName, password, source.authSource.Type == auth.DLDAP)
if sr == nil {
// User not in LDAP, do nothing
return nil, user_model.ErrUserNotExist{Name: userName}
@@ -59,7 +59,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
}
if user != nil {
if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(user, source.authSource, sr.SSHPublicKey) {
return user, asymkey_model.RewriteAllPublicKeys()
}
@@ -80,8 +80,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
Name: sr.Username,
FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
Email: sr.Mail,
LoginType: source.loginSource.Type,
LoginSource: source.loginSource.ID,
LoginType: source.authSource.Type,
LoginSource: source.authSource.ID,
LoginName: userName,
IsActive: true,
IsAdmin: sr.IsAdmin,
@@ -95,7 +95,7 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
mailer.SendRegisterNotifyMail(user)
if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(user, source.loginSource, sr.SSHPublicKey) {
if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(user, source.authSource, sr.SSHPublicKey) {
err = asymkey_model.RewriteAllPublicKeys()
}

40
services/auth/source/ldap/source_sync.go
View File

@@ -19,22 +19,22 @@ import (
// Sync causes this ldap source to synchronize its users with the db
func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Trace("Doing: SyncExternalUsers[%s]", source.loginSource.Name)
log.Trace("Doing: SyncExternalUsers[%s]", source.authSource.Name)
var existingUsers []int
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
var sshKeysNeedUpdate bool
// Find all users with this login type - FIXME: Should this be an iterator?
users, err := user_model.GetUsersBySource(source.loginSource)
users, err := user_model.GetUsersBySource(source.authSource)
if err != nil {
log.Error("SyncExternalUsers: %v", err)
return err
}
select {
case <-ctx.Done():
log.Warn("SyncExternalUsers: Cancelled before update of %s", source.loginSource.Name)
return db.ErrCancelledf("Before update of %s", source.loginSource.Name)
log.Warn("SyncExternalUsers: Cancelled before update of %s", source.authSource.Name)
return db.ErrCancelledf("Before update of %s", source.authSource.Name)
default:
}
@@ -44,7 +44,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
sr, err := source.SearchEntries()
if err != nil {
log.Error("SyncExternalUsers LDAP source failure [%s], skipped", source.loginSource.Name)
log.Error("SyncExternalUsers LDAP source failure [%s], skipped", source.authSource.Name)
return nil
}
@@ -65,7 +65,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
for _, su := range sr {
select {
case <-ctx.Done():
log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.loginSource.Name)
log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.authSource.Name)
// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed
if sshKeysNeedUpdate {
err = asymkey_model.RewriteAllPublicKeys()
@@ -73,7 +73,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Error("RewriteAllPublicKeys: %v", err)
}
}
return db.ErrCancelledf("During update of %s before completed update of users", source.loginSource.Name)
return db.ErrCancelledf("During update of %s before completed update of users", source.authSource.Name)
default:
}
if len(su.Username) == 0 {
@@ -96,14 +96,14 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
fullName := composeFullName(su.Name, su.Surname, su.Username)
// If no existing user found, create one
if usr == nil {
log.Trace("SyncExternalUsers[%s]: Creating user %s", source.loginSource.Name, su.Username)
log.Trace("SyncExternalUsers[%s]: Creating user %s", source.authSource.Name, su.Username)
usr = &user_model.User{
LowerName: su.LowerName,
Name: su.Username,
FullName: fullName,
LoginType: source.loginSource.Type,
LoginSource: source.loginSource.ID,
LoginType: source.authSource.Type,
LoginSource: source.authSource.ID,
LoginName: su.Username,
Email: su.Mail,
IsAdmin: su.IsAdmin,
@@ -114,12 +114,12 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
err = user_model.CreateUser(usr)
if err != nil {
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.loginSource.Name, su.Username, err)
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.authSource.Name, su.Username, err)
}
if err == nil && isAttributeSSHPublicKeySet {
log.Trace("SyncExternalUsers[%s]: Adding LDAP Public SSH Keys for user %s", source.loginSource.Name, usr.Name)
if asymkey_model.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
log.Trace("SyncExternalUsers[%s]: Adding LDAP Public SSH Keys for user %s", source.authSource.Name, usr.Name)
if asymkey_model.AddPublicKeysBySource(usr, source.authSource, su.SSHPublicKey) {
sshKeysNeedUpdate = true
}
}
@@ -129,7 +129,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
} else if updateExisting {
// Synchronize SSH Public Key if that attribute is set
if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(usr, source.authSource, su.SSHPublicKey) {
sshKeysNeedUpdate = true
}
@@ -140,7 +140,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
usr.FullName != fullName ||
!usr.IsActive {
log.Trace("SyncExternalUsers[%s]: Updating user %s", source.loginSource.Name, usr.Name)
log.Trace("SyncExternalUsers[%s]: Updating user %s", source.authSource.Name, usr.Name)
usr.FullName = fullName
usr.Email = su.Mail
@@ -156,7 +156,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
err = user_model.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
if err != nil {
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.loginSource.Name, usr.Name, err)
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.authSource.Name, usr.Name, err)
}
}
@@ -179,8 +179,8 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
select {
case <-ctx.Done():
log.Warn("SyncExternalUsers: Cancelled during update of %s before delete users", source.loginSource.Name)
return db.ErrCancelledf("During update of %s before delete users", source.loginSource.Name)
log.Warn("SyncExternalUsers: Cancelled during update of %s before delete users", source.authSource.Name)
return db.ErrCancelledf("During update of %s before delete users", source.authSource.Name)
default:
}
@@ -192,12 +192,12 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
existPos++
}
if usr.IsActive && (existPos >= len(existingUsers) || i < existingUsers[existPos]) {
log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.loginSource.Name, usr.Name)
log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.authSource.Name, usr.Name)
usr.IsActive = false
err = user_model.UpdateUserCols(db.DefaultContext, usr, "is_active")
if err != nil {
log.Error("SyncExternalUsers[%s]: Error deactivating user %s: %v", source.loginSource.Name, usr.Name, err)
log.Error("SyncExternalUsers[%s]: Error deactivating user %s: %v", source.authSource.Name, usr.Name, err)
}
}
}

8
services/auth/source/oauth2/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package oauth2_test
import (
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/oauth2"
)
@@ -14,9 +14,9 @@ import (
// It tightly binds the interfaces and implementation without breaking go import cycles
type sourceInterface interface {
login.Config
login.SourceSettable
login.RegisterableSource
auth_model.Config
auth_model.SourceSettable
auth_model.RegisterableSource
auth.PasswordAuthenticator
}

14
services/auth/source/oauth2/init.go
View File

@@ -9,7 +9,7 @@ import (
"net/http"
"sync"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@@ -52,19 +52,19 @@ func Init() error {
// Unlock our mutex
gothRWMutex.Unlock()
return initOAuth2LoginSources()
return initOAuth2Sources()
}
// ResetOAuth2 clears existing OAuth2 providers and loads them from DB
func ResetOAuth2() error {
ClearProviders()
return initOAuth2LoginSources()
return initOAuth2Sources()
}
// initOAuth2LoginSources is used to load and register all active OAuth2 providers
func initOAuth2LoginSources() error {
loginSources, _ := login.GetActiveOAuth2ProviderLoginSources()
for _, source := range loginSources {
// initOAuth2Sources is used to load and register all active OAuth2 providers
func initOAuth2Sources() error {
authSources, _ := auth.GetActiveOAuth2ProviderSources()
for _, source := range authSources {
oauth2Source, ok := source.Cfg.(*Source)
if !ok {
continue

14
services/auth/source/oauth2/providers.go
View File

@@ -9,7 +9,7 @@ import (
"net/url"
"sort"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@@ -55,7 +55,7 @@ func NewImagedProvider(image string, provider GothProvider) *ImagedProvider {
}
// Providers contains the map of registered OAuth2 providers in Gitea (based on goth)
// key is used to map the OAuth2Provider with the goth provider type (also in LoginSource.OAuth2Config.Provider)
// key is used to map the OAuth2Provider with the goth provider type (also in AuthSource.OAuth2Config.Provider)
// value is used to store display data
var gothProviders = map[string]GothProvider{}
@@ -88,14 +88,14 @@ func GetOAuth2Providers() []Provider {
func GetActiveOAuth2Providers() ([]string, map[string]Provider, error) {
// Maybe also separate used and unused providers so we can force the registration of only 1 active provider for each type
loginSources, err := login.GetActiveOAuth2ProviderLoginSources()
authSources, err := auth.GetActiveOAuth2ProviderSources()
if err != nil {
return nil, nil, err
}
var orderedKeys []string
providers := make(map[string]Provider)
for _, source := range loginSources {
for _, source := range authSources {
prov := gothProviders[source.Cfg.(*Source).Provider]
if source.Cfg.(*Source).IconURL != "" {
prov = &ImagedProvider{prov, source.Cfg.(*Source).IconURL}
@@ -140,8 +140,8 @@ func ClearProviders() {
}
var (
// ErrLoginSourceNotActived login source is not actived error
ErrLoginSourceNotActived = errors.New("Login source is not actived")
// ErrAuthSourceNotActived login source is not actived error
ErrAuthSourceNotActived = errors.New("auth source is not actived")
)
// used to create different types of goth providers
@@ -153,7 +153,7 @@ func createProvider(providerName string, source *Source) (goth.Provider, error)
p, ok := gothProviders[source.Provider]
if !ok {
return nil, ErrLoginSourceNotActived
return nil, ErrAuthSourceNotActived
}
provider, err = p.CreateGothProvider(providerName, callbackURL, source)

14
services/auth/source/oauth2/source.go
View File

@@ -5,7 +5,7 @@
package oauth2
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/json"
)
@@ -33,8 +33,8 @@ type Source struct {
RestrictedGroup string
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source
// reference to the authSource
authSource *auth.Source
}
// FromDB fills up an OAuth2Config from serialized format.
@@ -47,11 +47,11 @@ func (source *Source) ToDB() ([]byte, error) {
return json.Marshal(source)
}
// SetLoginSource sets the related LoginSource
func (source *Source) SetLoginSource(loginSource *login.Source) {
source.loginSource = loginSource
// SetAuthSource sets the related AuthSource
func (source *Source) SetAuthSource(authSource *auth.Source) {
source.authSource = authSource
}
func init() {
login.RegisterTypeConfig(login.OAuth2, &Source{})
auth.RegisterTypeConfig(auth.OAuth2, &Source{})
}

4
services/auth/source/oauth2/source_callout.go
View File

@@ -14,7 +14,7 @@ import (
// Callout redirects request/response pair to authenticate against the provider
func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error {
// not sure if goth is thread safe (?) when using multiple providers
request.Header.Set(ProviderHeaderKey, source.loginSource.Name)
request.Header.Set(ProviderHeaderKey, source.authSource.Name)
// don't use the default gothic begin handler to prevent issues when some error occurs
// normally the gothic library will write some custom stuff to the response instead of our own nice error page
@@ -34,7 +34,7 @@ func (source *Source) Callout(request *http.Request, response http.ResponseWrite
// this will trigger a new authentication request, but because we save it in the session we can use that
func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error) {
// not sure if goth is thread safe (?) when using multiple providers
request.Header.Set(ProviderHeaderKey, source.loginSource.Name)
request.Header.Set(ProviderHeaderKey, source.authSource.Name)
gothRWMutex.RLock()
defer gothRWMutex.RUnlock()

6
services/auth/source/oauth2/source_register.go
View File

@@ -10,13 +10,13 @@ import (
// RegisterSource causes an OAuth2 configuration to be registered
func (source *Source) RegisterSource() error {
err := RegisterProviderWithGothic(source.loginSource.Name, source)
return wrapOpenIDConnectInitializeError(err, source.loginSource.Name, source)
err := RegisterProviderWithGothic(source.authSource.Name, source)
return wrapOpenIDConnectInitializeError(err, source.authSource.Name, source)
}
// UnregisterSource causes an OAuth2 configuration to be unregistered
func (source *Source) UnregisterSource() error {
RemoveProviderFromGothic(source.loginSource.Name)
RemoveProviderFromGothic(source.authSource.Name)
return nil
}

6
services/auth/source/pam/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package pam_test
import (
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/pam"
)
@@ -15,8 +15,8 @@ import (
type sourceInterface interface {
auth.PasswordAuthenticator
login.Config
login.SourceSettable
auth_model.Config
auth_model.SourceSettable
}
var _ (sourceInterface) = &pam.Source{}

14
services/auth/source/pam/source.go
View File

@@ -5,7 +5,7 @@
package pam
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/json"
)
@@ -22,8 +22,8 @@ type Source struct {
EmailDomain string
SkipLocalTwoFA bool `json:",omitempty"` // Skip Local 2fa for users authenticated with this source
// reference to the loginSource
loginSource *login.Source
// reference to the authSource
authSource *auth.Source
}
// FromDB fills up a PAMConfig from serialized format.
@@ -36,11 +36,11 @@ func (source *Source) ToDB() ([]byte, error) {
return json.Marshal(source)
}
// SetLoginSource sets the related LoginSource
func (source *Source) SetLoginSource(loginSource *login.Source) {
source.loginSource = loginSource
// SetAuthSource sets the related AuthSource
func (source *Source) SetAuthSource(authSource *auth.Source) {
source.authSource = authSource
}
func init() {
login.RegisterTypeConfig(login.PAM, &Source{})
auth.RegisterTypeConfig(auth.PAM, &Source{})
}

6
services/auth/source/pam/source_authenticate.go
View File

@@ -8,7 +8,7 @@ import (
"fmt"
"strings"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/auth/pam"
"code.gitea.io/gitea/modules/setting"
@@ -55,8 +55,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
Name: username,
Email: email,
Passwd: password,
LoginType: login.PAM,
LoginSource: source.loginSource.ID,
LoginType: auth.PAM,
LoginSource: source.authSource.ID,
LoginName: userName, // This is what the user typed in
IsActive: true,
}

12
services/auth/source/smtp/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package smtp_test
import (
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth"
"code.gitea.io/gitea/services/auth/source/smtp"
)
@@ -15,11 +15,11 @@ import (
type sourceInterface interface {
auth.PasswordAuthenticator
login.Config
login.SkipVerifiable
login.HasTLSer
login.UseTLSer
login.SourceSettable
auth_model.Config
auth_model.SkipVerifiable
auth_model.HasTLSer
auth_model.UseTLSer
auth_model.SourceSettable
}
var _ (sourceInterface) = &smtp.Source{}

14
services/auth/source/smtp/source.go
View File

@@ -5,7 +5,7 @@
package smtp
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/json"
)
@@ -28,8 +28,8 @@ type Source struct {
DisableHelo bool
SkipLocalTwoFA bool `json:",omitempty"`
// reference to the loginSource
loginSource *login.Source
// reference to the authSource
authSource *auth.Source
}
// FromDB fills up an SMTPConfig from serialized format.
@@ -57,11 +57,11 @@ func (source *Source) UseTLS() bool {
return source.ForceSMTPS || source.Port == 465
}
// SetLoginSource sets the related LoginSource
func (source *Source) SetLoginSource(loginSource *login.Source) {
source.loginSource = loginSource
// SetAuthSource sets the related AuthSource
func (source *Source) SetAuthSource(authSource *auth.Source) {
source.authSource = authSource
}
func init() {
login.RegisterTypeConfig(login.SMTP, &Source{})
auth.RegisterTypeConfig(auth.SMTP, &Source{})
}

6
services/auth/source/smtp/source_authenticate.go
View File

@@ -10,7 +10,7 @@ import (
"net/textproto"
"strings"
"code.gitea.io/gitea/models/login"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/mailer"
@@ -71,8 +71,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
Name: strings.ToLower(username),
Email: userName,
Passwd: password,
LoginType: login.SMTP,
LoginSource: source.loginSource.ID,
LoginType: auth_model.SMTP,
LoginSource: source.authSource.ID,
LoginName: userName,
IsActive: true,
}

4
services/auth/source/sspi/assert_interface_test.go
View File

@@ -5,7 +5,7 @@
package sspi_test
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/services/auth/source/sspi"
)
@@ -13,7 +13,7 @@ import (
// It tightly binds the interfaces and implementation without breaking go import cycles
type sourceInterface interface {
login.Config
auth.Config
}
var _ (sourceInterface) = &sspi.Source{}

4
services/auth/source/sspi/source.go
View File

@@ -5,7 +5,7 @@
package sspi
import (
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/json"
)
@@ -36,5 +36,5 @@ func (cfg *Source) ToDB() ([]byte, error) {
}
func init() {
login.RegisterTypeConfig(login.SSPI, &Source{})
auth.RegisterTypeConfig(auth.SSPI, &Source{})
}

6
services/auth/sspi_windows.go
View File

@@ -9,8 +9,8 @@ import (
"net/http"
"strings"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/avatars"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/log"
@@ -154,7 +154,7 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore,
// getConfig retrieves the SSPI configuration from login sources
func (s *SSPI) getConfig() (*sspi.Source, error) {
sources, err := login.ActiveSources(login.SSPI)
sources, err := auth.ActiveSources(auth.SSPI)
if err != nil {
return nil, err
}
@@ -250,7 +250,7 @@ func sanitizeUsername(username string, cfg *sspi.Source) string {
// fails (or if negotiation should continue), which would prevent other authentication methods
// to execute at all.
func specialInit() {
if login.IsSSPIEnabled() {
if auth.IsSSPIEnabled() {
Register(&SSPI{})
}
}

4
services/auth/sync.go
View File

@@ -7,8 +7,8 @@ package auth
import (
"context"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/modules/log"
)
@@ -16,7 +16,7 @@ import (
func SyncExternalUsers(ctx context.Context, updateExisting bool) error {
log.Trace("Doing: SyncExternalUsers")
ls, err := login.Sources()
ls, err := auth.Sources()
if err != nil {
log.Error("SyncExternalUsers: %v", err)
return err

6
services/externalaccount/user.go
View File

@@ -8,7 +8,7 @@ import (
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/structs"
@@ -16,14 +16,14 @@ import (
)
func toExternalLoginUser(user *user_model.User, gothUser goth.User) (*user_model.ExternalLoginUser, error) {
loginSource, err := login.GetActiveOAuth2LoginSourceByName(gothUser.Provider)
authSource, err := auth.GetActiveOAuth2SourceByName(gothUser.Provider)
if err != nil {
return nil, err
}
return &user_model.ExternalLoginUser{
ExternalID: gothUser.UserID,
UserID: user.ID,
LoginSourceID: loginSource.ID,
LoginSourceID: authSource.ID,
RawData: gothUser.RawData,
Provider: gothUser.Provider,
Email: gothUser.Email,