Make SSPI auth mockable (#27036)

Before, the SSPI auth is only complied for Windows, it's difficult to test and it breaks a lot. Now, make the SSPI auth mockable and testable.
2023-09-18 07:32:56 +08:00 · 2023-09-18 07:32:56 +08:00 · 8531ca0837
commit 8531ca0837
parent 47b878858a
9 changed files with 72 additions and 76 deletions
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -705,7 +705,10 @@ func buildAuthGroup() *auth.Group {
 	if setting.Service.EnableReverseProxyAuthAPI {
 		group.Add(&auth.ReverseProxy{})
 	}
-	specialAdd(group)
+
+	if setting.IsWindows && auth_model.IsSSPIEnabled() {
+		group.Add(&auth.SSPI{}) // it MUST be the last, see the comment of SSPI
+	}

 	return group
 }
--- a/routers/api/v1/auth.go
+++ b/routers/api/v1/auth.go
@ -1,10 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build !windows
-
-package v1
-
-import auth_service "code.gitea.io/gitea/services/auth"
-
-func specialAdd(group *auth_service.Group) {}
--- a/routers/api/v1/auth_windows.go
+++ b/routers/api/v1/auth_windows.go
@ -1,19 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package v1
-
-import (
-	"code.gitea.io/gitea/models/auth"
-	auth_service "code.gitea.io/gitea/services/auth"
-)
-
-// specialAdd registers the SSPI auth method as the last method in the list.
-// The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation
-// fails (or if negotiation should continue), which would prevent other authentication methods
-// to execute at all.
-func specialAdd(group *auth_service.Group) {
-	if auth.IsSSPIEnabled() {
-		group.Add(&auth_service.SSPI{})
-	}
-}
--- a/routers/web/auth.go
+++ b/routers/web/auth.go
@ -1,10 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build !windows
-
-package web
-
-import auth_service "code.gitea.io/gitea/services/auth"
-
-func specialAdd(group *auth_service.Group) {}
--- a/routers/web/auth_windows.go
+++ b/routers/web/auth_windows.go
@ -1,19 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package web
-
-import (
-	"code.gitea.io/gitea/models/auth"
-	auth_service "code.gitea.io/gitea/services/auth"
-)
-
-// specialAdd registers the SSPI auth method as the last method in the list.
-// The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation
-// fails (or if negotiation should continue), which would prevent other authentication methods
-// to execute at all.
-func specialAdd(group *auth_service.Group) {
-	if auth.IsSSPIEnabled() {
-		group.Add(&auth_service.SSPI{})
-	}
-}
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -8,6 +8,7 @@ import (
 	"net/http"
 	"strings"

+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/models/unit"
 	"code.gitea.io/gitea/modules/context"
@ -92,7 +93,10 @@ func buildAuthGroup() *auth_service.Group {
 	if setting.Service.EnableReverseProxyAuth {
 		group.Add(&auth_service.ReverseProxy{})
 	}
-	specialAdd(group)
+
+	if setting.IsWindows && auth_model.IsSSPIEnabled() {
+		group.Add(&auth_service.SSPI{}) // it MUST be the last, see the comment of SSPI
+	}

 	return group
 }