Move user related model into models/user (#17781)

* Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
2021-11-24 17:49:20 +08:00 · 2021-11-24 17:49:20 +08:00 · a666829a37
commit a666829a37
parent 4e7ca946da
345 changed files with 4230 additions and 3813 deletions
--- a/services/agit/agit.go
+++ b/services/agit/agit.go
@ -11,6 +11,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
@ -124,7 +125,7 @@ func ProcRecive(ctx *context.PrivateContext, opts *private.HookOptions) []privat
 				description = opts.GitPushOptions["description"]
 			}

-			pusher, err := models.GetUserByID(opts.UserID)
+			pusher, err := user_model.GetUserByID(opts.UserID)
 			if err != nil {
 				log.Error("Failed to get user. Error: %v", err)
 				ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
@ -232,7 +233,7 @@ func ProcRecive(ctx *context.PrivateContext, opts *private.HookOptions) []privat
 		}

 		pull_service.AddToTaskQueue(pr)
-		pusher, err := models.GetUserByID(opts.UserID)
+		pusher, err := user_model.GetUserByID(opts.UserID)
 		if err != nil {
 			log.Error("Failed to get user. Error: %v", err)
 			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
@ -268,7 +269,7 @@ func ProcRecive(ctx *context.PrivateContext, opts *private.HookOptions) []privat
 }

 // UserNameChanged hanle user name change for agit flow pull
-func UserNameChanged(user *models.User, newName string) error {
+func UserNameChanged(user *user_model.User, newName string) error {
 	pulls, err := models.GetAllUnmergedAgitPullRequestByPoster(user.ID)
 	if err != nil {
 		return err
--- a/services/attachment/attachment_test.go
+++ b/services/attachment/attachment_test.go
@ -9,9 +9,9 @@ import (
 	"path/filepath"
 	"testing"

-	"code.gitea.io/gitea/models"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -23,7 +23,7 @@ func TestMain(m *testing.M) {
 func TestUploadAttachment(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

 	fPath := "./attachment_test.go"
 	f, err := os.Open(fPath)
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@ -12,8 +12,8 @@ import (
 	"regexp"
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
@ -105,7 +105,7 @@ func isGitRawReleaseOrLFSPath(req *http.Request) bool {
 }

 // handleSignIn clears existing session variables and stores new ones for the specified user object
-func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *models.User) {
+func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) {
 	_ = sess.Delete("openid_verified_uri")
 	_ = sess.Delete("openid_signin_remember")
 	_ = sess.Delete("openid_determined_email")
@ -128,7 +128,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
 	if len(user.Language) == 0 {
 		lc := middleware.Locale(resp, req)
 		user.Language = lc.Language()
-		if err := models.UpdateUserCols(db.DefaultContext, user, "language"); err != nil {
+		if err := user_model.UpdateUserCols(db.DefaultContext, user, "language"); err != nil {
 			log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", user.ID, user.Language))
 			return
 		}
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@ -10,6 +10,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -41,7 +42,7 @@ func (b *Basic) Name() string {
 // "Authorization" header of the request and returns the corresponding user object for that
 // name/token on successful validation.
 // Returns nil if header is empty or validation fails.
-func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	// Basic authentication should only fire on API, Download or on Git or LFSPaths
 	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawReleaseOrLFSPath(req) {
 		return nil
@ -75,7 +76,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	if uid != 0 {
 		log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)

-		u, err := models.GetUserByID(uid)
+		u, err := user_model.GetUserByID(uid)
 		if err != nil {
 			log.Error("GetUserByID:  %v", err)
 			return nil
@ -88,7 +89,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	token, err := models.GetAccessTokenBySHA(authToken)
 	if err == nil {
 		log.Trace("Basic Authorization: Valid AccessToken for user[%d]", uid)
-		u, err := models.GetUserByID(token.UID)
+		u, err := user_model.GetUserByID(token.UID)
 		if err != nil {
 			log.Error("GetUserByID:  %v", err)
 			return nil
@ -112,7 +113,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
 	u, source, err := UserSignIn(uname, passwd)
 	if err != nil {
-		if !models.IsErrUserNotExist(err) {
+		if !user_model.IsErrUserNotExist(err) {
 			log.Error("UserSignIn: %v", err)
 		}
 		return nil
--- a/services/auth/group.go
+++ b/services/auth/group.go
@ -7,8 +7,8 @@ package auth
 import (
 	"net/http"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 )

 // Ensure the struct implements the interface.
@ -60,7 +60,7 @@ func (b *Group) Free() error {
 }

 // Verify extracts and validates
-func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	if !db.HasEngine {
 		return nil
 	}
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@ -8,7 +8,7 @@ import (
 	"context"
 	"net/http"

-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/session"
 	"code.gitea.io/gitea/modules/web/middleware"
 )
@ -26,7 +26,7 @@ type Method interface {
 	// or a new user object (with id = 0) populated with the information that was found
 	// in the authentication data (username or email).
 	// Returns nil if verification fails.
-	Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User
+	Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User
 }

 // Initializable represents a structure that requires initialization
@ -51,7 +51,7 @@ type Freeable interface {

 // PasswordAuthenticator represents a source of authentication
 type PasswordAuthenticator interface {
-	Authenticate(user *models.User, login, password string) (*models.User, error)
+	Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
 }

 // LocalTwoFASkipper represents a source of authentication that can skip local 2fa
--- a/services/auth/login_source.go
+++ b/services/auth/login_source.go
@ -8,11 +8,12 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 )

 // DeleteLoginSource deletes a LoginSource record in DB.
 func DeleteLoginSource(source *login.Source) error {
-	count, err := db.GetEngine(db.DefaultContext).Count(&models.User{LoginSource: source.ID})
+	count, err := db.GetEngine(db.DefaultContext).Count(&user_model.User{LoginSource: source.ID})
 	if err != nil {
 		return err
 	} else if count > 0 {
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web/middleware"
@ -110,7 +111,7 @@ func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
 // or the "Authorization" header and returns the corresponding user object for that ID.
 // If verification is successful returns an existing user object.
 // Returns nil if verification fails.
-func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	if !db.HasEngine {
 		return nil
 	}
@ -125,9 +126,9 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
 	}
 	log.Trace("OAuth2 Authorization: Found token for user[%d]", id)

-	user, err := models.GetUserByID(id)
+	user, err := user_model.GetUserByID(id)
 	if err != nil {
-		if !models.IsErrUserNotExist(err) {
+		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserByName: %v", err)
 		}
 		return nil
--- a/services/auth/reverseproxy.go
+++ b/services/auth/reverseproxy.go
@ -9,7 +9,7 @@ import (
 	"net/http"
 	"strings"

-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
@ -56,16 +56,16 @@ func (r *ReverseProxy) Name() string {
 // If a username is available in the "setting.ReverseProxyAuthUser" header an existing
 // user object is returned (populated with username or email found in header).
 // Returns nil if header is empty.
-func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	username := r.getUserName(req)
 	if len(username) == 0 {
 		return nil
 	}
 	log.Trace("ReverseProxy Authorization: Found username: %s", username)

-	user, err := models.GetUserByName(username)
+	user, err := user_model.GetUserByName(username)
 	if err != nil {
-		if !models.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() {
+		if !user_model.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() {
 			log.Error("GetUserByName: %v", err)
 			return nil
 		}
@ -91,7 +91,7 @@ func (r *ReverseProxy) isAutoRegisterAllowed() bool {

 // newUser creates a new user object for the purpose of automatic registration
 // and populates its name and email with the information present in request headers.
-func (r *ReverseProxy) newUser(req *http.Request) *models.User {
+func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
 	username := r.getUserName(req)
 	if len(username) == 0 {
 		return nil
@ -105,12 +105,12 @@ func (r *ReverseProxy) newUser(req *http.Request) *models.User {
 		}
 	}

-	user := &models.User{
+	user := &user_model.User{
 		Name:     username,
 		Email:    email,
 		IsActive: true,
 	}
-	if err := models.CreateUser(user); err != nil {
+	if err := user_model.CreateUser(user); err != nil {
 		// FIXME: should I create a system notice?
 		log.Error("CreateUser: %v", err)
 		return nil
--- a/services/auth/session.go
+++ b/services/auth/session.go
@ -7,7 +7,7 @@ package auth
 import (
 	"net/http"

-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 )

@ -30,7 +30,7 @@ func (s *Session) Name() string {
 // Verify checks if there is a user uid stored in the session and returns the user
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
-func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	user := SessionUser(sess)
 	if user != nil {
 		return user
@ -39,7 +39,7 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
 }

 // SessionUser returns the user object corresponding to the "uid" session variable.
-func SessionUser(sess SessionStore) *models.User {
+func SessionUser(sess SessionStore) *user_model.User {
 	// Get user ID
 	uid := sess.Get("uid")
 	if uid == nil {
@ -53,9 +53,9 @@ func SessionUser(sess SessionStore) *models.User {
 	}

 	// Get user object
-	user, err := models.GetUserByID(id)
+	user, err := user_model.GetUserByID(id)
 	if err != nil {
-		if !models.IsErrUserNotExist(err) {
+		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserById: %v", err)
 		}
 		return nil
--- a/services/auth/signin.go
+++ b/services/auth/signin.go
@ -7,25 +7,24 @@ package auth
 import (
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"

-	_ "code.gitea.io/gitea/services/auth/source/db" // register the sources (and below)
-	_ "code.gitea.io/gitea/services/auth/source/ldap"
-	_ "code.gitea.io/gitea/services/auth/source/oauth2"
-	_ "code.gitea.io/gitea/services/auth/source/pam"
-	_ "code.gitea.io/gitea/services/auth/source/smtp"
-	_ "code.gitea.io/gitea/services/auth/source/sspi"
+	_ "code.gitea.io/gitea/services/auth/source/db"   // register the sources (and below)
+	_ "code.gitea.io/gitea/services/auth/source/ldap" // register the ldap source
+	"code.gitea.io/gitea/services/auth/source/oauth2"
+	_ "code.gitea.io/gitea/services/auth/source/pam" // register the pam source
+	"code.gitea.io/gitea/services/auth/source/smtp"
+	_ "code.gitea.io/gitea/services/auth/source/sspi" // register the sspi source
 )

 // UserSignIn validates user name and password.
-func UserSignIn(username, password string) (*models.User, *login.Source, error) {
-	var user *models.User
+func UserSignIn(username, password string) (*user_model.User, *login.Source, error) {
+	var user *user_model.User
 	if strings.Contains(username, "@") {
-		user = &models.User{Email: strings.ToLower(strings.TrimSpace(username))}
+		user = &user_model.User{Email: strings.ToLower(strings.TrimSpace(username))}
 		// check same email
 		cnt, err := db.Count(user)
 		if err != nil {
@ -39,13 +38,13 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
 	} else {
 		trimmedUsername := strings.TrimSpace(username)
 		if len(trimmedUsername) == 0 {
-			return nil, nil, models.ErrUserNotExist{Name: username}
+			return nil, nil, user_model.ErrUserNotExist{Name: username}
 		}

-		user = &models.User{LowerName: strings.ToLower(trimmedUsername)}
+		user = &user_model.User{LowerName: strings.ToLower(trimmedUsername)}
 	}

-	hasUser, err := models.GetUser(user)
+	hasUser, err := user_model.GetUser(user)
 	if err != nil {
 		return nil, nil, err
 	}
@ -57,12 +56,12 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
 		}

 		if !source.IsActive {
-			return nil, nil, models.ErrLoginSourceNotActived
+			return nil, nil, oauth2.ErrLoginSourceNotActived
 		}

 		authenticator, ok := source.Cfg.(PasswordAuthenticator)
 		if !ok {
-			return nil, nil, models.ErrUnsupportedLoginType
+			return nil, nil, smtp.ErrUnsupportedLoginType
 		}

 		user, err := authenticator.Authenticate(user, username, password)
@ -73,7 +72,7 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
 		// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
 		// user could be hint to resend confirm email.
 		if user.ProhibitLogin {
-			return nil, nil, models.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
+			return nil, nil, user_model.ErrUserProhibitLogin{UID: user.ID, Name: user.Name}
 		}

 		return user, source, nil
@ -101,15 +100,15 @@ func UserSignIn(username, password string) (*models.User, *login.Source, error)
 			if !authUser.ProhibitLogin {
 				return authUser, source, nil
 			}
-			err = models.ErrUserProhibitLogin{UID: authUser.ID, Name: authUser.Name}
+			err = user_model.ErrUserProhibitLogin{UID: authUser.ID, Name: authUser.Name}
 		}

-		if models.IsErrUserNotExist(err) {
+		if user_model.IsErrUserNotExist(err) {
 			log.Debug("Failed to login '%s' via '%s': %v", username, source.Name, err)
 		} else {
 			log.Warn("Failed to login '%s' via '%s': %v", username, source.Name, err)
 		}
 	}

-	return nil, nil, models.ErrUserNotExist{Name: username}
+	return nil, nil, user_model.ErrUserNotExist{Name: username}
 }
--- a/services/auth/source/db/authenticate.go
+++ b/services/auth/source/db/authenticate.go
@ -5,19 +5,19 @@
 package db

 import (
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 )

 // Authenticate authenticates the provided user against the DB
-func Authenticate(user *models.User, login, password string) (*models.User, error) {
+func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
 	if user == nil {
-		return nil, models.ErrUserNotExist{Name: login}
+		return nil, user_model.ErrUserNotExist{Name: login}
 	}

 	if !user.IsPasswordSet() || !user.ValidatePassword(password) {
-		return nil, models.ErrUserNotExist{UID: user.ID, Name: user.Name}
+		return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name}
 	}

 	// Update password hash if server password hash algorithm have changed
@ -25,7 +25,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
 		if err := user.SetPassword(password); err != nil {
 			return nil, err
 		}
-		if err := models.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+		if err := user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 			return nil, err
 		}
 	}
@ -33,7 +33,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
 	// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
 	// user could be hint to resend confirm email.
 	if user.ProhibitLogin {
-		return nil, models.ErrUserProhibitLogin{
+		return nil, user_model.ErrUserProhibitLogin{
 			UID:  user.ID,
 			Name: user.Name,
 		}
--- a/services/auth/source/db/source.go
+++ b/services/auth/source/db/source.go
@ -5,8 +5,8 @@
 package db

 import (
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 )

 // Source is a password authentication service
@ -24,7 +24,7 @@ func (source *Source) ToDB() ([]byte, error) {

 // Authenticate queries if login/password is valid against the PAM,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
 	return Authenticate(user, login, password)
 }

--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@ -11,27 +11,28 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/services/mailer"
 	user_service "code.gitea.io/gitea/services/user"
 )

 // Authenticate queries if login/password is valid against the LDAP directory pool,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
 	sr := source.SearchEntry(userName, password, source.loginSource.Type == login.DLDAP)
 	if sr == nil {
 		// User not in LDAP, do nothing
-		return nil, models.ErrUserNotExist{Name: userName}
+		return nil, user_model.ErrUserNotExist{Name: userName}
 	}

 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0

 	// Update User admin flag if exist
-	if isExist, err := models.IsUserExist(0, sr.Username); err != nil {
+	if isExist, err := user_model.IsUserExist(0, sr.Username); err != nil {
 		return nil, err
 	} else if isExist {
 		if user == nil {
-			user, err = models.GetUserByName(sr.Username)
+			user, err = user_model.GetUserByName(sr.Username)
 			if err != nil {
 				return nil, err
 			}
@ -49,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 				cols = append(cols, "is_restricted")
 			}
 			if len(cols) > 0 {
-				err = models.UpdateUserCols(db.DefaultContext, user, cols...)
+				err = user_model.UpdateUserCols(db.DefaultContext, user, cols...)
 				if err != nil {
 					return nil, err
 				}
@ -74,7 +75,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
 	}

-	user = &models.User{
+	user = &user_model.User{
 		LowerName:    strings.ToLower(sr.Username),
 		Name:         sr.Username,
 		FullName:     composeFullName(sr.Name, sr.Surname, sr.Username),
@ -87,7 +88,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		IsRestricted: sr.IsRestricted,
 	}

-	err := models.CreateUser(user)
+	err := user_model.CreateUser(user)
 	if err != nil {
 		return user, err
 	}
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@ -12,6 +12,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	user_service "code.gitea.io/gitea/services/user"
 )
@ -25,7 +26,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 	var sshKeysNeedUpdate bool

 	// Find all users with this login type - FIXME: Should this be an iterator?
-	users, err := models.GetUsersBySource(source.loginSource)
+	users, err := user_model.GetUsersBySource(source.loginSource)
 	if err != nil {
 		log.Error("SyncExternalUsers: %v", err)
 		return err
@ -83,7 +84,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			su.Mail = fmt.Sprintf("%s@localhost", su.Username)
 		}

-		var usr *models.User
+		var usr *user_model.User
 		for userPos < len(users) && users[userPos].LowerName < su.LowerName {
 			userPos++
 		}
@ -97,7 +98,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 		if usr == nil {
 			log.Trace("SyncExternalUsers[%s]: Creating user %s", source.loginSource.Name, su.Username)

-			usr = &models.User{
+			usr = &user_model.User{
 				LowerName:    su.LowerName,
 				Name:         su.Username,
 				FullName:     fullName,
@ -110,7 +111,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				IsActive:     true,
 			}

-			err = models.CreateUser(usr)
+			err = user_model.CreateUser(usr)

 			if err != nil {
 				log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.loginSource.Name, su.Username, err)
@ -153,7 +154,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				}
 				usr.IsActive = true

-				err = models.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
+				err = user_model.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
 				if err != nil {
 					log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.loginSource.Name, usr.Name, err)
 				}
@ -194,7 +195,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.loginSource.Name, usr.Name)

 				usr.IsActive = false
-				err = models.UpdateUserCols(db.DefaultContext, usr, "is_active")
+				err = user_model.UpdateUserCols(db.DefaultContext, usr, "is_active")
 				if err != nil {
 					log.Error("SyncExternalUsers[%s]: Error deactivating user %s: %v", source.loginSource.Name, usr.Name, err)
 				}
--- a/services/auth/source/oauth2/providers.go
+++ b/services/auth/source/oauth2/providers.go
@ -5,10 +5,10 @@
 package oauth2

 import (
+	"errors"
 	"net/url"
 	"sort"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -139,6 +139,11 @@ func ClearProviders() {
 	goth.ClearProviders()
 }

+var (
+	// ErrLoginSourceNotActived login source is not actived error
+	ErrLoginSourceNotActived = errors.New("Login source is not actived")
+)
+
 // used to create different types of goth providers
 func createProvider(providerName string, source *Source) (goth.Provider, error) {
 	callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback"
@ -148,7 +153,7 @@ func createProvider(providerName string, source *Source) (goth.Provider, error)

 	p, ok := gothProviders[source.Provider]
 	if !ok {
-		return nil, models.ErrLoginSourceNotActived
+		return nil, ErrLoginSourceNotActived
 	}

 	provider, err = p.CreateGothProvider(providerName, callbackURL, source)
--- a/services/auth/source/oauth2/source_authenticate.go
+++ b/services/auth/source/oauth2/source_authenticate.go
@ -5,12 +5,12 @@
 package oauth2

 import (
-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/services/auth/source/db"
 )

 // Authenticate falls back to the db authenticator
-func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
 	return db.Authenticate(user, login, password)
 }

--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@ -8,7 +8,6 @@ import (
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/auth/pam"
@ -20,11 +19,11 @@ import (

 // Authenticate queries if login/password is valid against the PAM,
 // and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
 	pamLogin, err := pam.Auth(source.ServiceName, userName, password)
 	if err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
-			return nil, models.ErrUserNotExist{Name: userName}
+			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 		return nil, err
 	}
@ -51,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		}
 	}

-	user = &models.User{
+	user = &user_model.User{
 		LowerName:   strings.ToLower(username),
 		Name:        username,
 		Email:       email,
@ -62,7 +61,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		IsActive:    true,
 	}

-	if err := models.CreateUser(user); err != nil {
+	if err := user_model.CreateUser(user); err != nil {
 		return user, err
 	}

--- a/services/auth/source/smtp/auth.go
+++ b/services/auth/source/smtp/auth.go
@ -6,13 +6,12 @@ package smtp

 import (
 	"crypto/tls"
+	"errors"
 	"fmt"
 	"net"
 	"net/smtp"
 	"os"
 	"strconv"
-
-	"code.gitea.io/gitea/models"
 )

 //   _________   __________________________
@ -52,6 +51,11 @@ const (
 // Authenticators contains available SMTP authentication type names.
 var Authenticators = []string{PlainAuthentication, LoginAuthentication, CRAMMD5Authentication}

+var (
+	// ErrUnsupportedLoginType login source is unknown error
+	ErrUnsupportedLoginType = errors.New("Login source is unknown")
+)
+
 // Authenticate performs an SMTP authentication.
 func Authenticate(a smtp.Auth, source *Source) error {
 	tlsConfig := &tls.Config{
@ -101,5 +105,5 @@ func Authenticate(a smtp.Auth, source *Source) error {
 		return client.Auth(a)
 	}

-	return models.ErrUnsupportedLoginType
+	return ErrUnsupportedLoginType
 }
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@ -10,22 +10,22 @@ import (
 	"net/textproto"
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/mailer"
 )

 // Authenticate queries if the provided login/password is authenticates against the SMTP server
 // Users will be autoregistered as required
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
 	// Verify allowed domains.
 	if len(source.AllowedDomains) > 0 {
 		idx := strings.Index(userName, "@")
 		if idx == -1 {
-			return nil, models.ErrUserNotExist{Name: userName}
+			return nil, user_model.ErrUserNotExist{Name: userName}
 		} else if !util.IsStringInSlice(userName[idx+1:], strings.Split(source.AllowedDomains, ","), true) {
-			return nil, models.ErrUserNotExist{Name: userName}
+			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 	}

@ -47,11 +47,11 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		tperr, ok := err.(*textproto.Error)
 		if (ok && tperr.Code == 535) ||
 			strings.Contains(err.Error(), "Username and Password not accepted") {
-			return nil, models.ErrUserNotExist{Name: userName}
+			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 		if (ok && tperr.Code == 534) ||
 			strings.Contains(err.Error(), "Application-specific password required") {
-			return nil, models.ErrUserNotExist{Name: userName}
+			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 		return nil, err
 	}
@ -66,7 +66,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		username = userName[:idx]
 	}

-	user = &models.User{
+	user = &user_model.User{
 		LowerName:   strings.ToLower(username),
 		Name:        strings.ToLower(username),
 		Email:       userName,
@ -77,7 +77,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
 		IsActive:    true,
 	}

-	if err := models.CreateUser(user); err != nil {
+	if err := user_model.CreateUser(user); err != nil {
 		return user, err
 	}

--- a/services/auth/sspi_windows.go
+++ b/services/auth/sspi_windows.go
@ -9,9 +9,9 @@ import (
 	"net/http"
 	"strings"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/avatars"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -83,7 +83,7 @@ func (s *SSPI) Free() error {
 // If authentication is successful, returns the corresponding user object.
 // If negotiation should continue or authentication fails, immediately returns a 401 HTTP
 // response code, as required by the SPNEGO protocol.
-func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User {
 	if !s.shouldAuthenticate(req) {
 		return nil
 	}
@ -126,9 +126,9 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore,
 	}
 	log.Info("Authenticated as %s\n", username)

-	user, err := models.GetUserByName(username)
+	user, err := user_model.GetUserByName(username)
 	if err != nil {
-		if !models.IsErrUserNotExist(err) {
+		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserByName: %v", err)
 			return nil
 		}
@ -184,9 +184,9 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) {

 // newUser creates a new user object for the purpose of automatic registration
 // and populates its name and email with the information present in request headers.
-func (s *SSPI) newUser(username string, cfg *sspi.Source) (*models.User, error) {
+func (s *SSPI) newUser(username string, cfg *sspi.Source) (*user_model.User, error) {
 	email := gouuid.New().String() + "@localhost.localdomain"
-	user := &models.User{
+	user := &user_model.User{
 		Name:                         username,
 		Email:                        email,
 		KeepEmailPrivate:             true,
@ -195,9 +195,9 @@ func (s *SSPI) newUser(username string, cfg *sspi.Source) (*models.User, error)
 		Language:                     cfg.DefaultLanguage,
 		UseCustomAvatar:              true,
 		Avatar:                       avatars.DefaultAvatarLink(),
-		EmailNotificationsPreference: models.EmailNotificationsDisabled,
+		EmailNotificationsPreference: user_model.EmailNotificationsDisabled,
 	}
-	if err := models.CreateUser(user); err != nil {
+	if err := user_model.CreateUser(user); err != nil {
 		return nil, err
 	}

--- a/services/comments/comments.go
+++ b/services/comments/comments.go
@ -8,12 +8,13 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/issues"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/timeutil"
 )

 // CreateIssueComment creates a plain issue comment.
-func CreateIssueComment(doer *models.User, repo *models.Repository, issue *models.Issue, content string, attachments []string) (*models.Comment, error) {
+func CreateIssueComment(doer *user_model.User, repo *models.Repository, issue *models.Issue, content string, attachments []string) (*models.Comment, error) {
 	comment, err := models.CreateComment(&models.CreateCommentOptions{
 		Type:        models.CommentTypeComment,
 		Doer:        doer,
@ -37,7 +38,7 @@ func CreateIssueComment(doer *models.User, repo *models.Repository, issue *model
 }

 // UpdateComment updates information of comment.
-func UpdateComment(c *models.Comment, doer *models.User, oldContent string) error {
+func UpdateComment(c *models.Comment, doer *user_model.User, oldContent string) error {
 	var needsContentHistory = c.Content != oldContent &&
 		(c.Type == models.CommentTypeComment || c.Type == models.CommentTypeReview || c.Type == models.CommentTypeCode)
 	if needsContentHistory {
@ -70,7 +71,7 @@ func UpdateComment(c *models.Comment, doer *models.User, oldContent string) erro
 }

 // DeleteComment deletes the comment
-func DeleteComment(doer *models.User, comment *models.Comment) error {
+func DeleteComment(doer *user_model.User, comment *models.Comment) error {
 	if err := models.DeleteComment(comment); err != nil {
 		return err
 	}
--- a/services/cron/setting.go
+++ b/services/cron/setting.go
@ -7,7 +7,7 @@ package cron
 import (
 	"time"

-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/unknwon/i18n"
 )
@ -17,7 +17,7 @@ type Config interface {
 	IsEnabled() bool
 	DoRunAtStart() bool
 	GetSchedule() string
-	FormatMessage(name, status string, doer *models.User, args ...interface{}) string
+	FormatMessage(name, status string, doer *user_model.User, args ...interface{}) string
 	DoNoticeOnSuccess() bool
 }

@ -70,7 +70,7 @@ func (b *BaseConfig) DoNoticeOnSuccess() bool {
 }

 // FormatMessage returns a message for the task
-func (b *BaseConfig) FormatMessage(name, status string, doer *models.User, args ...interface{}) string {
+func (b *BaseConfig) FormatMessage(name, status string, doer *user_model.User, args ...interface{}) string {
 	realArgs := make([]interface{}, 0, len(args)+2)
 	realArgs = append(realArgs, i18n.Tr("en-US", "admin.dashboard."+name))
 	if doer == nil {
--- a/services/cron/tasks.go
+++ b/services/cron/tasks.go
@ -10,9 +10,9 @@ import (
 	"reflect"
 	"sync"

-	"code.gitea.io/gitea/models"
 	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
@ -29,7 +29,7 @@ type Task struct {
 	lock      sync.Mutex
 	Name      string
 	config    Config
-	fun       func(context.Context, *models.User, Config) error
+	fun       func(context.Context, *user_model.User, Config) error
 	ExecTimes int64
 }

@ -55,7 +55,7 @@ func (t *Task) GetConfig() Config {

 // Run will run the task incrementing the cron counter with no user defined
 func (t *Task) Run() {
-	t.RunWithUser(&models.User{
+	t.RunWithUser(&user_model.User{
 		ID:        -1,
 		Name:      "(Cron)",
 		LowerName: "(cron)",
@ -63,7 +63,7 @@ func (t *Task) Run() {
 }

 // RunWithUser will run the task incrementing the cron counter at the time with User
-func (t *Task) RunWithUser(doer *models.User, config Config) {
+func (t *Task) RunWithUser(doer *user_model.User, config Config) {
 	if !taskStatusTable.StartIfNotRunning(t.Name) {
 		return
 	}
@ -118,7 +118,7 @@ func GetTask(name string) *Task {
 }

 // RegisterTask allows a task to be registered with the cron service
-func RegisterTask(name string, config Config, fun func(context.Context, *models.User, Config) error) error {
+func RegisterTask(name string, config Config, fun func(context.Context, *user_model.User, Config) error) error {
 	log.Debug("Registering task: %s", name)
 	_, err := setting.GetCronSettings(name, config)
 	if err != nil {
@ -163,7 +163,7 @@ func RegisterTask(name string, config Config, fun func(context.Context, *models.
 }

 // RegisterTaskFatal will register a task but if there is an error log.Fatal
-func RegisterTaskFatal(name string, config Config, fun func(context.Context, *models.User, Config) error) {
+func RegisterTaskFatal(name string, config Config, fun func(context.Context, *user_model.User, Config) error) {
 	if err := RegisterTask(name, config, fun); err != nil {
 		log.Fatal("Unable to register cron task %s Error: %v", name, err)
 	}
--- a/services/cron/tasks_basic.go
+++ b/services/cron/tasks_basic.go
@ -9,6 +9,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/models/webhook"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/auth"
@ -33,7 +34,7 @@ func registerUpdateMirrorTask() {
 		},
 		PullLimit: 50,
 		PushLimit: 50,
-	}, func(ctx context.Context, _ *models.User, cfg Config) error {
+	}, func(ctx context.Context, _ *user_model.User, cfg Config) error {
 		umtc := cfg.(*UpdateMirrorTaskConfig)
 		return mirror_service.Update(ctx, umtc.PullLimit, umtc.PushLimit)
 	})
@ -53,7 +54,7 @@ func registerRepoHealthCheck() {
 		},
 		Timeout: 60 * time.Second,
 		Args:    []string{},
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		rhcConfig := config.(*RepoHealthCheckConfig)
 		return repository_service.GitFsck(ctx, rhcConfig.Timeout, rhcConfig.Args)
 	})
@ -64,7 +65,7 @@ func registerCheckRepoStats() {
 		Enabled:    true,
 		RunAtStart: true,
 		Schedule:   "@midnight",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return models.CheckRepoStats(ctx)
 	})
 }
@ -77,7 +78,7 @@ func registerArchiveCleanup() {
 			Schedule:   "@midnight",
 		},
 		OlderThan: 24 * time.Hour,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		acConfig := config.(*OlderThanConfig)
 		return models.DeleteOldRepositoryArchives(ctx, acConfig.OlderThan)
 	})
@ -91,7 +92,7 @@ func registerSyncExternalUsers() {
 			Schedule:   "@midnight",
 		},
 		UpdateExisting: true,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		realConfig := config.(*UpdateExistingConfig)
 		return auth.SyncExternalUsers(ctx, realConfig.UpdateExisting)
 	})
@ -105,7 +106,7 @@ func registerDeletedBranchesCleanup() {
 			Schedule:   "@midnight",
 		},
 		OlderThan: 24 * time.Hour,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		realConfig := config.(*OlderThanConfig)
 		models.RemoveOldDeletedBranches(ctx, realConfig.OlderThan)
 		return nil
@ -117,7 +118,7 @@ func registerUpdateMigrationPosterID() {
 		Enabled:    true,
 		RunAtStart: true,
 		Schedule:   "@midnight",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return migrations.UpdateMigrationPosterID(ctx)
 	})
 }
@ -132,7 +133,7 @@ func registerCleanupHookTaskTable() {
 		CleanupType:  "OlderThan",
 		OlderThan:    168 * time.Hour,
 		NumberToKeep: 10,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		realConfig := config.(*CleanupHookTaskConfig)
 		return webhook.CleanupHookTaskTable(ctx, webhook.ToHookTaskCleanupType(realConfig.CleanupType), realConfig.OlderThan, realConfig.NumberToKeep)
 	})
--- a/services/cron/tasks_extended.go
+++ b/services/cron/tasks_extended.go
@ -9,6 +9,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/updatechecker"
 	repo_service "code.gitea.io/gitea/services/repository"
@ -23,7 +24,7 @@ func registerDeleteInactiveUsers() {
 			Schedule:   "@annually",
 		},
 		OlderThan: 0 * time.Second,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		olderThanConfig := config.(*OlderThanConfig)
 		return user_service.DeleteInactiveUsers(ctx, olderThanConfig.OlderThan)
 	})
@ -34,7 +35,7 @@ func registerDeleteRepositoryArchives() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@annually",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return repo_service.DeleteRepositoryArchives(ctx)
 	})
 }
@ -53,7 +54,7 @@ func registerGarbageCollectRepositories() {
 		},
 		Timeout: time.Duration(setting.Git.Timeout.GC) * time.Second,
 		Args:    setting.Git.GCArgs,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		rhcConfig := config.(*RepoHealthCheckConfig)
 		return repo_service.GitGcRepos(ctx, rhcConfig.Timeout, rhcConfig.Args...)
 	})
@ -64,7 +65,7 @@ func registerRewriteAllPublicKeys() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(_ context.Context, _ *models.User, _ Config) error {
+	}, func(_ context.Context, _ *user_model.User, _ Config) error {
 		return models.RewriteAllPublicKeys()
 	})
 }
@ -74,7 +75,7 @@ func registerRewriteAllPrincipalKeys() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(_ context.Context, _ *models.User, _ Config) error {
+	}, func(_ context.Context, _ *user_model.User, _ Config) error {
 		return models.RewriteAllPrincipalKeys()
 	})
 }
@ -84,7 +85,7 @@ func registerRepositoryUpdateHook() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return repo_service.SyncRepositoryHooks(ctx)
 	})
 }
@ -94,7 +95,7 @@ func registerReinitMissingRepositories() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return repo_service.ReinitMissingRepositories(ctx)
 	})
 }
@ -104,7 +105,7 @@ func registerDeleteMissingRepositories() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(ctx context.Context, user *models.User, _ Config) error {
+	}, func(ctx context.Context, user *user_model.User, _ Config) error {
 		return repo_service.DeleteMissingRepositories(ctx, user)
 	})
 }
@ -114,7 +115,7 @@ func registerRemoveRandomAvatars() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(ctx context.Context, _ *models.User, _ Config) error {
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
 		return models.RemoveRandomAvatars(ctx)
 	})
 }
@ -127,7 +128,7 @@ func registerDeleteOldActions() {
 			Schedule:   "@every 168h",
 		},
 		OlderThan: 365 * 24 * time.Hour,
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		olderThanConfig := config.(*OlderThanConfig)
 		return models.DeleteOldActions(olderThanConfig.OlderThan)
 	})
@ -145,7 +146,7 @@ func registerUpdateGiteaChecker() {
 			Schedule:   "@every 168h",
 		},
 		HTTPEndpoint: "https://dl.gitea.io/gitea/version.json",
-	}, func(ctx context.Context, _ *models.User, config Config) error {
+	}, func(ctx context.Context, _ *user_model.User, config Config) error {
 		updateCheckerConfig := config.(*UpdateCheckerConfig)
 		return updatechecker.GiteaUpdateChecker(updateCheckerConfig.HTTPEndpoint)
 	})
--- a/services/externalaccount/user.go
+++ b/services/externalaccount/user.go
@ -9,13 +9,14 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/structs"

 	"github.com/markbates/goth"
 )

 // LinkAccountToUser link the gothUser to the user
-func LinkAccountToUser(user *models.User, gothUser goth.User) error {
+func LinkAccountToUser(user *user_model.User, gothUser goth.User) error {
 	loginSource, err := login.GetActiveOAuth2LoginSourceByName(gothUser.Provider)
 	if err != nil {
 		return err
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@ -23,6 +23,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/analyze"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/git"
@ -666,7 +667,7 @@ type Diff struct {
 }

 // LoadComments loads comments into each line
-func (diff *Diff) LoadComments(issue *models.Issue, currentUser *models.User) error {
+func (diff *Diff) LoadComments(issue *models.Issue, currentUser *user_model.User) error {
 	allComments, err := models.FetchCodeComments(issue, currentUser)
 	if err != nil {
 		return err
--- a/services/gitdiff/gitdiff_test.go
+++ b/services/gitdiff/gitdiff_test.go
@ -14,6 +14,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/highlight"
 	"code.gitea.io/gitea/modules/json"
@ -667,7 +668,7 @@ func TestDiff_LoadComments(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	issue := unittest.AssertExistsAndLoadBean(t, &models.Issue{ID: 2}).(*models.Issue)
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
 	diff := setupDefaultDiff()
 	assert.NoError(t, diff.LoadComments(issue, user))
 	assert.Len(t, diff.Files[0].Sections[0].Lines[0].Comments, 2)
--- a/services/issue/assignee.go
+++ b/services/issue/assignee.go
@ -7,12 +7,13 @@ package issue
 import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 )

 // DeleteNotPassedAssignee deletes all assignees who aren't passed via the "assignees" array
-func DeleteNotPassedAssignee(issue *models.Issue, doer *models.User, assignees []*models.User) (err error) {
+func DeleteNotPassedAssignee(issue *models.Issue, doer *user_model.User, assignees []*user_model.User) (err error) {
 	var found bool

 	for _, assignee := range issue.Assignees {
@ -37,13 +38,13 @@ func DeleteNotPassedAssignee(issue *models.Issue, doer *models.User, assignees [
 }

 // ToggleAssignee changes a user between assigned and not assigned for this issue, and make issue comment for it.
-func ToggleAssignee(issue *models.Issue, doer *models.User, assigneeID int64) (removed bool, comment *models.Comment, err error) {
+func ToggleAssignee(issue *models.Issue, doer *user_model.User, assigneeID int64) (removed bool, comment *models.Comment, err error) {
 	removed, comment, err = issue.ToggleAssignee(doer, assigneeID)
 	if err != nil {
 		return
 	}

-	assignee, err1 := models.GetUserByID(assigneeID)
+	assignee, err1 := user_model.GetUserByID(assigneeID)
 	if err1 != nil {
 		err = err1
 		return
@ -55,7 +56,7 @@ func ToggleAssignee(issue *models.Issue, doer *models.User, assigneeID int64) (r
 }

 // ReviewRequest add or remove a review request from a user for this PR, and make comment for it.
-func ReviewRequest(issue *models.Issue, doer *models.User, reviewer *models.User, isAdd bool) (comment *models.Comment, err error) {
+func ReviewRequest(issue *models.Issue, doer *user_model.User, reviewer *user_model.User, isAdd bool) (comment *models.Comment, err error) {
 	if isAdd {
 		comment, err = models.AddReviewRequest(issue, reviewer, doer)
 	} else {
@ -74,7 +75,7 @@ func ReviewRequest(issue *models.Issue, doer *models.User, reviewer *models.User
 }

 // IsValidReviewRequest Check permission for ReviewRequest
-func IsValidReviewRequest(reviewer, doer *models.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
+func IsValidReviewRequest(reviewer, doer *user_model.User, isAdd bool, issue *models.Issue, permDoer *models.Permission) error {
 	if reviewer.IsOrganization() {
 		return models.ErrNotValidReviewRequest{
 			Reason: "Organization can't be added as reviewer",
@ -172,7 +173,7 @@ func IsValidReviewRequest(reviewer, doer *models.User, isAdd bool, issue *models
 }

 // IsValidTeamReviewRequest Check permission for ReviewRequest Team
-func IsValidTeamReviewRequest(reviewer *models.Team, doer *models.User, isAdd bool, issue *models.Issue) error {
+func IsValidTeamReviewRequest(reviewer *models.Team, doer *user_model.User, isAdd bool, issue *models.Issue) error {
 	if doer.IsOrganization() {
 		return models.ErrNotValidReviewRequest{
 			Reason: "Organization can't be doer to add reviewer",
@ -227,7 +228,7 @@ func IsValidTeamReviewRequest(reviewer *models.Team, doer *models.User, isAdd bo
 }

 // TeamReviewRequest add or remove a review request from a team for this PR, and make comment for it.
-func TeamReviewRequest(issue *models.Issue, doer *models.User, reviewer *models.Team, isAdd bool) (comment *models.Comment, err error) {
+func TeamReviewRequest(issue *models.Issue, doer *user_model.User, reviewer *models.Team, isAdd bool) (comment *models.Comment, err error) {
 	if isAdd {
 		comment, err = models.AddTeamReviewRequest(issue, reviewer, doer)
 	} else {
--- a/services/issue/assignee_test.go
+++ b/services/issue/assignee_test.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -20,7 +21,7 @@ func TestDeleteNotPassedAssignee(t *testing.T) {
 	issue, err := models.GetIssueWithAttrsByID(1)
 	assert.NoError(t, err)

-	user1, err := models.GetUserByID(1) // This user is already assigned (see the definition in fixtures), so running  UpdateAssignee should unassign him
+	user1, err := user_model.GetUserByID(1) // This user is already assigned (see the definition in fixtures), so running  UpdateAssignee should unassign him
 	assert.NoError(t, err)

 	// Check if he got removed
@ -29,7 +30,7 @@ func TestDeleteNotPassedAssignee(t *testing.T) {
 	assert.True(t, isAssigned)

 	// Clean everyone
-	err = DeleteNotPassedAssignee(issue, user1, []*models.User{})
+	err = DeleteNotPassedAssignee(issue, user1, []*user_model.User{})
 	assert.NoError(t, err)

 	// Check they're gone
--- a/services/issue/commit.go
+++ b/services/issue/commit.go
@ -14,6 +14,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/references"
 	"code.gitea.io/gitea/modules/repository"
 )
@ -72,7 +73,7 @@ func timeLogToAmount(str string) int64 {
 	return a
 }

-func issueAddTime(issue *models.Issue, doer *models.User, time time.Time, timeLog string) error {
+func issueAddTime(issue *models.Issue, doer *user_model.User, time time.Time, timeLog string) error {
 	amount := timeLogToAmount(timeLog)
 	if amount == 0 {
 		return nil
@ -96,7 +97,7 @@ func getIssueFromRef(repo *models.Repository, index int64) (*models.Issue, error
 }

 // UpdateIssuesCommit checks if issues are manipulated by commit message.
-func UpdateIssuesCommit(doer *models.User, repo *models.Repository, commits []*repository.PushCommit, branchName string) error {
+func UpdateIssuesCommit(doer *user_model.User, repo *models.Repository, commits []*repository.PushCommit, branchName string) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
--- a/services/issue/commit_test.go
+++ b/services/issue/commit_test.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"

@ -44,7 +45,7 @@ func TestUpdateIssuesCommit(t *testing.T) {
 		},
 	}

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	repo.Owner = user

@ -130,7 +131,7 @@ func TestUpdateIssuesCommit_Colon(t *testing.T) {
 		},
 	}

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	repo.Owner = user

@ -144,7 +145,7 @@ func TestUpdateIssuesCommit_Colon(t *testing.T) {

 func TestUpdateIssuesCommit_Issue5957(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

 	// Test that push to a non-default branch closes an issue.
 	pushCommits := []*repository.PushCommit{
@ -178,7 +179,7 @@ func TestUpdateIssuesCommit_Issue5957(t *testing.T) {

 func TestUpdateIssuesCommit_AnotherRepo(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

 	// Test that a push to default branch closes issue in another repo
 	// If the user also has push permissions to that repo
@ -213,7 +214,7 @@ func TestUpdateIssuesCommit_AnotherRepo(t *testing.T) {

 func TestUpdateIssuesCommit_AnotherRepo_FullAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

 	// Test that a push to default branch closes issue in another repo
 	// If the user also has push permissions to that repo
@ -248,7 +249,7 @@ func TestUpdateIssuesCommit_AnotherRepo_FullAddress(t *testing.T) {

 func TestUpdateIssuesCommit_AnotherRepoNoPermission(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 10}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 10}).(*user_model.User)

 	// Test that a push with close reference *can not* close issue
 	// If the committer doesn't have push rights in that repo
--- a/services/issue/content.go
+++ b/services/issue/content.go
@ -6,11 +6,12 @@ package issue

 import (
 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 )

 // ChangeContent changes issue content, as the given user.
-func ChangeContent(issue *models.Issue, doer *models.User, content string) (err error) {
+func ChangeContent(issue *models.Issue, doer *user_model.User, content string) (err error) {
 	oldContent := issue.Content

 	if err := issue.ChangeContent(doer, content); err != nil {
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@ -7,6 +7,7 @@ package issue
 import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/util"
@ -41,7 +42,7 @@ func NewIssue(repo *models.Repository, issue *models.Issue, labelIDs []int64, uu
 }

 // ChangeTitle changes the title of this issue, as the given user.
-func ChangeTitle(issue *models.Issue, doer *models.User, title string) (err error) {
+func ChangeTitle(issue *models.Issue, doer *user_model.User, title string) (err error) {
 	oldTitle := issue.Title
 	issue.Title = title

@ -55,7 +56,7 @@ func ChangeTitle(issue *models.Issue, doer *models.User, title string) (err erro
 }

 // ChangeIssueRef changes the branch of this issue, as the given user.
-func ChangeIssueRef(issue *models.Issue, doer *models.User, ref string) error {
+func ChangeIssueRef(issue *models.Issue, doer *user_model.User, ref string) error {
 	oldRef := issue.Ref
 	issue.Ref = ref

@ -74,8 +75,8 @@ func ChangeIssueRef(issue *models.Issue, doer *models.User, ref string) error {
 // "assignees" (array): Logins for Users to assign to this issue.
 // Pass one or more user logins to replace the set of assignees on this Issue.
 // Send an empty array ([]) to clear all assignees from the Issue.
-func UpdateAssignees(issue *models.Issue, oneAssignee string, multipleAssignees []string, doer *models.User) (err error) {
-	var allNewAssignees []*models.User
+func UpdateAssignees(issue *models.Issue, oneAssignee string, multipleAssignees []string, doer *user_model.User) (err error) {
+	var allNewAssignees []*user_model.User

 	// Keep the old assignee thingy for compatibility reasons
 	if oneAssignee != "" {
@ -95,7 +96,7 @@ func UpdateAssignees(issue *models.Issue, oneAssignee string, multipleAssignees

 	// Loop through all assignees to add them
 	for _, assigneeName := range multipleAssignees {
-		assignee, err := models.GetUserByName(assigneeName)
+		assignee, err := user_model.GetUserByName(assigneeName)
 		if err != nil {
 			return err
 		}
@ -125,8 +126,8 @@ func UpdateAssignees(issue *models.Issue, oneAssignee string, multipleAssignees

 // AddAssigneeIfNotAssigned adds an assignee only if he isn't already assigned to the issue.
 // Also checks for access of assigned user
-func AddAssigneeIfNotAssigned(issue *models.Issue, doer *models.User, assigneeID int64) (err error) {
-	assignee, err := models.GetUserByID(assigneeID)
+func AddAssigneeIfNotAssigned(issue *models.Issue, doer *user_model.User, assigneeID int64) (err error) {
+	assignee, err := user_model.GetUserByID(assigneeID)
 	if err != nil {
 		return err
 	}
--- a/services/issue/label.go
+++ b/services/issue/label.go
@ -6,11 +6,12 @@ package issue

 import (
 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 )

 // ClearLabels clears all of an issue's labels
-func ClearLabels(issue *models.Issue, doer *models.User) (err error) {
+func ClearLabels(issue *models.Issue, doer *user_model.User) (err error) {
 	if err = issue.ClearLabels(doer); err != nil {
 		return
 	}
@ -21,7 +22,7 @@ func ClearLabels(issue *models.Issue, doer *models.User) (err error) {
 }

 // AddLabel adds a new label to the issue.
-func AddLabel(issue *models.Issue, doer *models.User, label *models.Label) error {
+func AddLabel(issue *models.Issue, doer *user_model.User, label *models.Label) error {
 	if err := models.NewIssueLabel(issue, label, doer); err != nil {
 		return err
 	}
@ -31,7 +32,7 @@ func AddLabel(issue *models.Issue, doer *models.User, label *models.Label) error
 }

 // AddLabels adds a list of new labels to the issue.
-func AddLabels(issue *models.Issue, doer *models.User, labels []*models.Label) error {
+func AddLabels(issue *models.Issue, doer *user_model.User, labels []*models.Label) error {
 	if err := models.NewIssueLabels(issue, labels, doer); err != nil {
 		return err
 	}
@ -41,7 +42,7 @@ func AddLabels(issue *models.Issue, doer *models.User, labels []*models.Label) e
 }

 // RemoveLabel removes a label from issue by given ID.
-func RemoveLabel(issue *models.Issue, doer *models.User, label *models.Label) error {
+func RemoveLabel(issue *models.Issue, doer *user_model.User, label *models.Label) error {
 	if err := issue.LoadRepo(); err != nil {
 		return err
 	}
@ -66,7 +67,7 @@ func RemoveLabel(issue *models.Issue, doer *models.User, label *models.Label) er
 }

 // ReplaceLabels removes all current labels and add new labels to the issue.
-func ReplaceLabels(issue *models.Issue, doer *models.User, labels []*models.Label) error {
+func ReplaceLabels(issue *models.Issue, doer *user_model.User, labels []*models.Label) error {
 	old, err := models.GetLabelsByIssueID(issue.ID)
 	if err != nil {
 		return err
--- a/services/issue/label_test.go
+++ b/services/issue/label_test.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -31,7 +32,7 @@ func TestIssue_AddLabels(t *testing.T) {
 		for i, labelID := range test.labelIDs {
 			labels[i] = unittest.AssertExistsAndLoadBean(t, &models.Label{ID: labelID}).(*models.Label)
 		}
-		doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: test.doerID}).(*models.User)
+		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: test.doerID}).(*user_model.User)
 		assert.NoError(t, AddLabels(issue, doer, labels))
 		for _, labelID := range test.labelIDs {
 			unittest.AssertExistsAndLoadBean(t, &models.IssueLabel{IssueID: test.issueID, LabelID: labelID})
@ -54,7 +55,7 @@ func TestIssue_AddLabel(t *testing.T) {
 		assert.NoError(t, unittest.PrepareTestDatabase())
 		issue := unittest.AssertExistsAndLoadBean(t, &models.Issue{ID: test.issueID}).(*models.Issue)
 		label := unittest.AssertExistsAndLoadBean(t, &models.Label{ID: test.labelID}).(*models.Label)
-		doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: test.doerID}).(*models.User)
+		doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: test.doerID}).(*user_model.User)
 		assert.NoError(t, AddLabel(issue, doer, label))
 		unittest.AssertExistsAndLoadBean(t, &models.IssueLabel{IssueID: test.issueID, LabelID: test.labelID})
 	}
--- a/services/issue/milestone.go
+++ b/services/issue/milestone.go
@ -6,11 +6,12 @@ package issue

 import (
 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 )

 // ChangeMilestoneAssign changes assignment of milestone for issue.
-func ChangeMilestoneAssign(issue *models.Issue, doer *models.User, oldMilestoneID int64) (err error) {
+func ChangeMilestoneAssign(issue *models.Issue, doer *user_model.User, oldMilestoneID int64) (err error) {
 	if err = models.ChangeMilestoneAssign(issue, doer, oldMilestoneID); err != nil {
 		return
 	}
--- a/services/issue/status.go
+++ b/services/issue/status.go
@ -7,11 +7,12 @@ package issue
 import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 )

 // ChangeStatus changes issue status to open or closed.
-func ChangeStatus(issue *models.Issue, doer *models.User, closed bool) error {
+func ChangeStatus(issue *models.Issue, doer *user_model.User, closed bool) error {
 	comment, err := issue.ChangeStatus(doer, closed)
 	if err != nil {
 		// Don't return an error when dependencies are open as this would let the push fail
--- a/services/lfs/locks.go
+++ b/services/lfs/locks.go
@ -168,9 +168,9 @@ func PostLockHandler(ctx *context.Context) {
 	}

 	lock, err := models.CreateLFSLock(&models.LFSLock{
-		Repo:  repository,
-		Path:  req.Path,
-		Owner: ctx.User,
+		Repo:    repository,
+		Path:    req.Path,
+		OwnerID: ctx.User.ID,
 	})
 	if err != nil {
 		if models.IsErrLFSLockAlreadyExist(err) {
@ -249,7 +249,7 @@ func VerifyLockHandler(ctx *context.Context) {
 	lockOursListAPI := make([]*api.LFSLock, 0, len(lockList))
 	lockTheirsListAPI := make([]*api.LFSLock, 0, len(lockList))
 	for _, l := range lockList {
-		if l.Owner.ID == ctx.User.ID {
+		if l.OwnerID == ctx.User.ID {
 			lockOursListAPI = append(lockOursListAPI, convert.ToLFSLock(l))
 		} else {
 			lockTheirsListAPI = append(lockTheirsListAPI, convert.ToLFSLock(l))
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@ -20,6 +20,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/json"
 	lfs_module "code.gitea.io/gitea/modules/lfs"
@ -506,7 +507,7 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
 	return true
 }

-func handleLFSToken(tokenSHA string, target *models.Repository, mode models.AccessMode) (*models.User, error) {
+func handleLFSToken(tokenSHA string, target *models.Repository, mode models.AccessMode) (*user_model.User, error) {
 	if !strings.Contains(tokenSHA, ".") {
 		return nil, nil
 	}
@ -533,7 +534,7 @@ func handleLFSToken(tokenSHA string, target *models.Repository, mode models.Acce
 		return nil, fmt.Errorf("invalid token claim")
 	}

-	u, err := models.GetUserByID(claims.UserID)
+	u, err := user_model.GetUserByID(claims.UserID)
 	if err != nil {
 		log.Error("Unable to GetUserById[%d]: Error: %v", claims.UserID, err)
 		return nil, err
@ -541,7 +542,7 @@ func handleLFSToken(tokenSHA string, target *models.Repository, mode models.Acce
 	return u, nil
 }

-func parseToken(authorization string, target *models.Repository, mode models.AccessMode) (*models.User, error) {
+func parseToken(authorization string, target *models.Repository, mode models.AccessMode) (*user_model.User, error) {
 	if authorization == "" {
 		return nil, fmt.Errorf("no token")
 	}
--- a/services/mailer/mail.go
+++ b/services/mailer/mail.go
@ -66,7 +66,7 @@ func SendTestMail(email string) error {
 }

 // sendUserMail sends a mail to the user
-func sendUserMail(language string, u *models.User, tpl base.TplName, code, subject, info string) {
+func sendUserMail(language string, u *user_model.User, tpl base.TplName, code, subject, info string) {
 	locale := translation.NewLocale(language)
 	data := map[string]interface{}{
 		"DisplayName":       u.DisplayName(),
@ -94,7 +94,7 @@ func sendUserMail(language string, u *models.User, tpl base.TplName, code, subje
 }

 // SendActivateAccountMail sends an activation mail to the user (new user registration)
-func SendActivateAccountMail(locale translation.Locale, u *models.User) {
+func SendActivateAccountMail(locale translation.Locale, u *user_model.User) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return
@ -103,7 +103,7 @@ func SendActivateAccountMail(locale translation.Locale, u *models.User) {
 }

 // SendResetPasswordMail sends a password reset mail to the user
-func SendResetPasswordMail(u *models.User) {
+func SendResetPasswordMail(u *user_model.User) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return
@ -113,7 +113,7 @@ func SendResetPasswordMail(u *models.User) {
 }

 // SendActivateEmailMail sends confirmation email to confirm new email address
-func SendActivateEmailMail(u *models.User, email *user_model.EmailAddress) {
+func SendActivateEmailMail(u *user_model.User, email *user_model.EmailAddress) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return
@ -145,7 +145,7 @@ func SendActivateEmailMail(u *models.User, email *user_model.EmailAddress) {
 }

 // SendRegisterNotifyMail triggers a notify e-mail by admin created a account.
-func SendRegisterNotifyMail(u *models.User) {
+func SendRegisterNotifyMail(u *user_model.User) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return
@ -176,7 +176,7 @@ func SendRegisterNotifyMail(u *models.User) {
 }

 // SendCollaboratorMail sends mail notification to new collaborator.
-func SendCollaboratorMail(u, doer *models.User, repo *models.Repository) {
+func SendCollaboratorMail(u, doer *user_model.User, repo *models.Repository) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return
@ -209,7 +209,7 @@ func SendCollaboratorMail(u, doer *models.User, repo *models.Repository) {
 	SendAsync(msg)
 }

-func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipients []*models.User, fromMention bool, info string) ([]*Message, error) {
+func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipients []*user_model.User, fromMention bool, info string) ([]*Message, error) {
 	var (
 		subject string
 		link    string
@ -337,7 +337,7 @@ func createReference(issue *models.Issue, comment *models.Comment) string {
 	return fmt.Sprintf("%s/%s/%d%s@%s", issue.Repo.FullName(), path, issue.Index, extra, setting.Domain)
 }

-func generateAdditionalHeaders(ctx *mailCommentContext, reason string, recipient *models.User) map[string]string {
+func generateAdditionalHeaders(ctx *mailCommentContext, reason string, recipient *user_model.User) map[string]string {
 	repo := ctx.Issue.Repo

 	return map[string]string{
@ -381,7 +381,7 @@ func sanitizeSubject(subject string) string {
 }

 // SendIssueAssignedMail composes and sends issue assigned email
-func SendIssueAssignedMail(issue *models.Issue, doer *models.User, content string, comment *models.Comment, recipients []*models.User) error {
+func SendIssueAssignedMail(issue *models.Issue, doer *user_model.User, content string, comment *models.Comment, recipients []*user_model.User) error {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
@ -392,7 +392,7 @@ func SendIssueAssignedMail(issue *models.Issue, doer *models.User, content strin
 		return err
 	}

-	langMap := make(map[string][]*models.User)
+	langMap := make(map[string][]*user_model.User)
 	for _, user := range recipients {
 		langMap[user.Language] = append(langMap[user.Language], user)
 	}
--- a/services/mailer/mail_comment.go
+++ b/services/mailer/mail_comment.go
@ -6,12 +6,13 @@ package mailer

 import (
 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 )

 // MailParticipantsComment sends new comment emails to repository watchers and mentioned people.
-func MailParticipantsComment(c *models.Comment, opType models.ActionType, issue *models.Issue, mentions []*models.User) error {
+func MailParticipantsComment(c *models.Comment, opType models.ActionType, issue *models.Issue, mentions []*user_model.User) error {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
@ -35,7 +36,7 @@ func MailParticipantsComment(c *models.Comment, opType models.ActionType, issue
 }

 // MailMentionsComment sends email to users mentioned in a code comment
-func MailMentionsComment(pr *models.PullRequest, c *models.Comment, mentions []*models.User) (err error) {
+func MailMentionsComment(pr *models.PullRequest, c *models.Comment, mentions []*user_model.User) (err error) {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
--- a/services/mailer/mail_issue.go
+++ b/services/mailer/mail_issue.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 )
@ -19,7 +20,7 @@ func fallbackMailSubject(issue *models.Issue) string {

 type mailCommentContext struct {
 	Issue      *models.Issue
-	Doer       *models.User
+	Doer       *user_model.User
 	ActionType models.ActionType
 	Content    string
 	Comment    *models.Comment
@ -34,7 +35,7 @@ const (
 // This function sends two list of emails:
 // 1. Repository watchers (except for WIP pull requests) and users who are participated in comments.
 // 2. Users who are not in 1. but get mentioned in current issue/comment.
-func mailIssueCommentToParticipants(ctx *mailCommentContext, mentions []*models.User) error {
+func mailIssueCommentToParticipants(ctx *mailCommentContext, mentions []*user_model.User) error {

 	// Required by the mail composer; make sure to load these before calling the async function
 	if err := ctx.Issue.LoadRepo(); err != nil {
@ -103,7 +104,7 @@ func mailIssueCommentToParticipants(ctx *mailCommentContext, mentions []*models.
 		visited[i] = true
 	}

-	unfilteredUsers, err := models.GetMaileableUsersByIDs(unfiltered, false)
+	unfilteredUsers, err := user_model.GetMaileableUsersByIDs(unfiltered, false)
 	if err != nil {
 		return err
 	}
@ -114,18 +115,18 @@ func mailIssueCommentToParticipants(ctx *mailCommentContext, mentions []*models.
 	return nil
 }

-func mailIssueCommentBatch(ctx *mailCommentContext, users []*models.User, visited map[int64]bool, fromMention bool) error {
+func mailIssueCommentBatch(ctx *mailCommentContext, users []*user_model.User, visited map[int64]bool, fromMention bool) error {
 	checkUnit := unit.TypeIssues
 	if ctx.Issue.IsPull {
 		checkUnit = unit.TypePullRequests
 	}

-	langMap := make(map[string][]*models.User)
+	langMap := make(map[string][]*user_model.User)
 	for _, user := range users {
 		// At this point we exclude:
 		// user that don't have all mails enabled or users only get mail on mention and this is one ...
-		if !(user.EmailNotificationsPreference == models.EmailNotificationsEnabled ||
-			fromMention && user.EmailNotificationsPreference == models.EmailNotificationsOnMention) {
+		if !(user.EmailNotificationsPreference == user_model.EmailNotificationsEnabled ||
+			fromMention && user.EmailNotificationsPreference == user_model.EmailNotificationsOnMention) {
 			continue
 		}

@ -164,7 +165,7 @@ func mailIssueCommentBatch(ctx *mailCommentContext, users []*models.User, visite

 // MailParticipants sends new issue thread created emails to repository watchers
 // and mentioned people.
-func MailParticipants(issue *models.Issue, doer *models.User, opType models.ActionType, mentions []*models.User) error {
+func MailParticipants(issue *models.Issue, doer *user_model.User, opType models.ActionType, mentions []*user_model.User) error {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
--- a/services/mailer/mail_release.go
+++ b/services/mailer/mail_release.go
@ -8,6 +8,7 @@ import (
 	"bytes"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
@ -34,9 +35,9 @@ func MailNewRelease(rel *models.Release) {
 		return
 	}

-	recipients, err := models.GetMaileableUsersByIDs(watcherIDList, false)
+	recipients, err := user_model.GetMaileableUsersByIDs(watcherIDList, false)
 	if err != nil {
-		log.Error("models.GetMaileableUsersByIDs: %v", err)
+		log.Error("user_model.GetMaileableUsersByIDs: %v", err)
 		return
 	}

--- a/services/mailer/mail_repo.go
+++ b/services/mailer/mail_repo.go
@ -9,13 +9,14 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/translation"
 )

 // SendRepoTransferNotifyMail triggers a notification e-mail when a pending repository transfer was created
-func SendRepoTransferNotifyMail(doer, newOwner *models.User, repo *models.Repository) error {
+func SendRepoTransferNotifyMail(doer, newOwner *user_model.User, repo *models.Repository) error {
 	if setting.MailService == nil {
 		// No mail service configured
 		return nil
@ -45,7 +46,7 @@ func SendRepoTransferNotifyMail(doer, newOwner *models.User, repo *models.Reposi
 }

 // sendRepoTransferNotifyMail triggers a notification e-mail when a pending repository transfer was created for each language
-func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *models.User, emails []string, repo *models.Repository) error {
+func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *user_model.User, emails []string, repo *models.Repository) error {
 	var (
 		locale  = translation.NewLocale(lang)
 		content bytes.Buffer
--- a/services/mailer/mail_test.go
+++ b/services/mailer/mail_test.go
@ -12,6 +12,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
@ -40,7 +41,7 @@ const bodyTpl = `
 </html>
 `

-func prepareMailerTest(t *testing.T) (doer *models.User, repo *models.Repository, issue *models.Issue, comment *models.Comment) {
+func prepareMailerTest(t *testing.T) (doer *user_model.User, repo *models.Repository, issue *models.Issue, comment *models.Comment) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 	var mailService = setting.Mailer{
 		From: "test@gitea.com",
@ -49,7 +50,7 @@ func prepareMailerTest(t *testing.T) (doer *models.User, repo *models.Repository
 	setting.MailService = &mailService
 	setting.Domain = "localhost"

-	doer = unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	doer = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo = unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1, Owner: doer}).(*models.Repository)
 	issue = unittest.AssertExistsAndLoadBean(t, &models.Issue{ID: 1, Repo: repo, Poster: doer}).(*models.Issue)
 	assert.NoError(t, issue.LoadRepo())
@ -64,7 +65,7 @@ func TestComposeIssueCommentMessage(t *testing.T) {
 	btpl := template.Must(template.New("issue/comment").Parse(bodyTpl))
 	InitMailRender(stpl, btpl)

-	recipients := []*models.User{{Name: "Test", Email: "test@gitea.com"}, {Name: "Test2", Email: "test2@gitea.com"}}
+	recipients := []*user_model.User{{Name: "Test", Email: "test@gitea.com"}, {Name: "Test2", Email: "test2@gitea.com"}}
 	msgs, err := composeIssueCommentMessages(&mailCommentContext{Issue: issue, Doer: doer, ActionType: models.ActionCommentIssue,
 		Content: "test body", Comment: comment}, "en-US", recipients, false, "issue comment")
 	assert.NoError(t, err)
@ -91,7 +92,7 @@ func TestComposeIssueMessage(t *testing.T) {
 	btpl := template.Must(template.New("issue/new").Parse(bodyTpl))
 	InitMailRender(stpl, btpl)

-	recipients := []*models.User{{Name: "Test", Email: "test@gitea.com"}, {Name: "Test2", Email: "test2@gitea.com"}}
+	recipients := []*user_model.User{{Name: "Test", Email: "test@gitea.com"}, {Name: "Test2", Email: "test2@gitea.com"}}
 	msgs, err := composeIssueCommentMessages(&mailCommentContext{Issue: issue, Doer: doer, ActionType: models.ActionCreateIssue,
 		Content: "test body"}, "en-US", recipients, false, "issue create")
 	assert.NoError(t, err)
@ -113,7 +114,7 @@ func TestComposeIssueMessage(t *testing.T) {

 func TestTemplateSelection(t *testing.T) {
 	doer, repo, issue, comment := prepareMailerTest(t)
-	recipients := []*models.User{{Name: "Test", Email: "test@gitea.com"}}
+	recipients := []*user_model.User{{Name: "Test", Email: "test@gitea.com"}}

 	stpl := texttmpl.Must(texttmpl.New("issue/default").Parse("issue/default/subject"))
 	texttmpl.Must(stpl.New("issue/new").Parse("issue/new/subject"))
@ -159,14 +160,14 @@ func TestTemplateServices(t *testing.T) {
 	doer, _, issue, comment := prepareMailerTest(t)
 	assert.NoError(t, issue.LoadRepo())

-	expect := func(t *testing.T, issue *models.Issue, comment *models.Comment, doer *models.User,
+	expect := func(t *testing.T, issue *models.Issue, comment *models.Comment, doer *user_model.User,
 		actionType models.ActionType, fromMention bool, tplSubject, tplBody, expSubject, expBody string) {

 		stpl := texttmpl.Must(texttmpl.New("issue/default").Parse(tplSubject))
 		btpl := template.Must(template.New("issue/default").Parse(tplBody))
 		InitMailRender(stpl, btpl)

-		recipients := []*models.User{{Name: "Test", Email: "test@gitea.com"}}
+		recipients := []*user_model.User{{Name: "Test", Email: "test@gitea.com"}}
 		msg := testComposeIssueCommentMessage(t, &mailCommentContext{Issue: issue, Doer: doer, ActionType: actionType,
 			Content: "test body", Comment: comment}, recipients, fromMention, "TestTemplateServices")

@ -198,7 +199,7 @@ func TestTemplateServices(t *testing.T) {
 		"//Re: //")
 }

-func testComposeIssueCommentMessage(t *testing.T, ctx *mailCommentContext, recipients []*models.User, fromMention bool, info string) *Message {
+func testComposeIssueCommentMessage(t *testing.T, ctx *mailCommentContext, recipients []*user_model.User, fromMention bool, info string) *Message {
 	msgs, err := composeIssueCommentMessages(ctx, "en-US", recipients, fromMention, info)
 	assert.NoError(t, err)
 	assert.Len(t, msgs, 1)
@ -209,7 +210,7 @@ func TestGenerateAdditionalHeaders(t *testing.T) {
 	doer, _, issue, _ := prepareMailerTest(t)

 	ctx := &mailCommentContext{Issue: issue, Doer: doer}
-	recipient := &models.User{Name: "Test", Email: "test@gitea.com"}
+	recipient := &user_model.User{Name: "Test", Email: "test@gitea.com"}

 	headers := generateAdditionalHeaders(ctx, "dummy-reason", recipient)

--- a/services/migrations/dump.go
+++ b/services/migrations/dump.go
@ -17,7 +17,7 @@ import (
 	"strings"
 	"time"

-	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
@ -607,7 +607,7 @@ func updateOptionsUnits(opts *base.MigrateOptions, units []string) {

 // RestoreRepository restore a repository from the disk directory
 func RestoreRepository(ctx context.Context, baseDir string, ownerName, repoName string, units []string) error {
-	doer, err := models.GetAdminUser()
+	doer, err := user_model.GetAdminUser()
 	if err != nil {
 		return err
 	}
--- a/services/migrations/gitea_uploader.go
+++ b/services/migrations/gitea_uploader.go
@ -18,6 +18,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
@ -39,7 +40,7 @@ var (
 // GiteaLocalUploader implements an Uploader to gitea sites
 type GiteaLocalUploader struct {
 	ctx            context.Context
-	doer           *models.User
+	doer           *user_model.User
 	repoOwner      string
 	repoName       string
 	repo           *models.Repository
@ -54,7 +55,7 @@ type GiteaLocalUploader struct {
 }

 // NewGiteaLocalUploader creates an gitea Uploader via gitea API v1
-func NewGiteaLocalUploader(ctx context.Context, doer *models.User, repoOwner, repoName string) *GiteaLocalUploader {
+func NewGiteaLocalUploader(ctx context.Context, doer *user_model.User, repoOwner, repoName string) *GiteaLocalUploader {
 	return &GiteaLocalUploader{
 		ctx:         ctx,
 		doer:        doer,
@ -87,7 +88,7 @@ func (g *GiteaLocalUploader) MaxBatchInsertSize(tp string) int {

 // CreateRepo creates a repository
 func (g *GiteaLocalUploader) CreateRepo(repo *base.Repository, opts base.MigrateOptions) error {
-	owner, err := models.GetUserByName(g.repoOwner)
+	owner, err := user_model.GetUserByName(g.repoOwner)
 	if err != nil {
 		return err
 	}
--- a/services/migrations/gitea_uploader_test.go
+++ b/services/migrations/gitea_uploader_test.go
@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/graceful"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/structs"
@ -27,7 +28,7 @@ func TestGiteaUploadRepo(t *testing.T) {

 	unittest.PrepareTestEnv(t)

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

 	var (
 		downloader = NewGithubDownloaderV3(context.Background(), "https://github.com", "", "", "", "go-xorm", "builder")
--- a/services/migrations/migrate.go
+++ b/services/migrations/migrate.go
@ -15,6 +15,7 @@ import (

 	"code.gitea.io/gitea/models"
 	admin_model "code.gitea.io/gitea/models/admin"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/hostmatcher"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
@ -38,7 +39,7 @@ func RegisterDownloaderFactory(factory base.DownloaderFactory) {
 }

 // IsMigrateURLAllowed checks if an URL is allowed to be migrated from
-func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
+func IsMigrateURLAllowed(remoteURL string, doer *user_model.User) error {
 	// Remote address can be HTTP/HTTPS/Git URL or local path.
 	u, err := url.Parse(remoteURL)
 	if err != nil {
@ -105,7 +106,7 @@ func IsMigrateURLAllowed(remoteURL string, doer *models.User) error {
 }

 // MigrateRepository migrate repository according MigrateOptions
-func MigrateRepository(ctx context.Context, doer *models.User, ownerName string, opts base.MigrateOptions, messenger base.Messenger) (*models.Repository, error) {
+func MigrateRepository(ctx context.Context, doer *user_model.User, ownerName string, opts base.MigrateOptions, messenger base.Messenger) (*models.Repository, error) {
 	err := IsMigrateURLAllowed(opts.CloneAddr, doer)
 	if err != nil {
 		return nil, err
--- a/services/migrations/migrate_test.go
+++ b/services/migrations/migrate_test.go
@ -8,8 +8,8 @@ import (
 	"path/filepath"
 	"testing"

-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
@ -18,8 +18,8 @@ import (
 func TestMigrateWhiteBlocklist(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	adminUser := unittest.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
-	nonAdminUser := unittest.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+	adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"}).(*user_model.User)
+	nonAdminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"}).(*user_model.User)

 	setting.Migrations.AllowedDomains = "github.com"
 	setting.Migrations.AllowLocalNetworks = false
--- a/services/org/org.go
+++ b/services/org/org.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 )
@ -40,7 +41,7 @@ func DeleteOrganization(org *models.Organization) error {
 	// FIXME: system notice
 	// Note: There are something just cannot be roll back,
 	//	so just keep error logs of those operations.
-	path := models.UserPath(org.Name)
+	path := user_model.UserPath(org.Name)

 	if err := util.RemoveAll(path); err != nil {
 		return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
--- a/services/org/org_test.go
+++ b/services/org/org_test.go
@ -10,6 +10,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -33,5 +34,5 @@ func TestDeleteOrganization(t *testing.T) {

 	user := unittest.AssertExistsAndLoadBean(t, &models.Organization{ID: 5}).(*models.Organization)
 	assert.Error(t, DeleteOrganization(user))
-	unittest.CheckConsistencyFor(t, &models.User{}, &models.Team{})
+	unittest.CheckConsistencyFor(t, &user_model.User{}, &models.Team{})
 }
--- a/services/pull/check.go
+++ b/services/pull/check.go
@ -14,6 +14,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
@ -159,7 +160,7 @@ func manuallyMerged(pr *models.PullRequest) bool {
 		pr.MergedCommitID = commit.ID.String()
 		pr.MergedUnix = timeutil.TimeStamp(commit.Author.When.Unix())
 		pr.Status = models.PullRequestStatusManuallyMerged
-		merger, _ := models.GetUserByEmail(commit.Author.Email)
+		merger, _ := user_model.GetUserByEmail(commit.Author.Email)

 		// When the commit author is unknown set the BaseRepo owner as merger
 		if merger == nil {
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@ -17,6 +17,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
@ -30,7 +31,7 @@ import (
 // Merge merges pull request to base repository.
 // Caller should check PR is ready to be merged (review and status checks)
 // FIXME: add repoWorkingPull make sure two merges does not happen at same time.
-func Merge(pr *models.PullRequest, doer *models.User, baseGitRepo *git.Repository, mergeStyle models.MergeStyle, message string) (err error) {
+func Merge(pr *models.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, mergeStyle models.MergeStyle, message string) (err error) {
 	if err = pr.LoadHeadRepo(); err != nil {
 		log.Error("LoadHeadRepo: %v", err)
 		return fmt.Errorf("LoadHeadRepo: %v", err)
@ -110,7 +111,7 @@ func Merge(pr *models.PullRequest, doer *models.User, baseGitRepo *git.Repositor
 }

 // rawMerge perform the merge operation without changing any pull information in database
-func rawMerge(pr *models.PullRequest, doer *models.User, mergeStyle models.MergeStyle, message string) (string, error) {
+func rawMerge(pr *models.PullRequest, doer *user_model.User, mergeStyle models.MergeStyle, message string) (string, error) {
 	err := git.LoadGitVersion()
 	if err != nil {
 		log.Error("git.LoadGitVersion: %v", err)
@ -396,10 +397,10 @@ func rawMerge(pr *models.PullRequest, doer *models.User, mergeStyle models.Merge
 		}
 	}

-	var headUser *models.User
+	var headUser *user_model.User
 	err = pr.HeadRepo.GetOwner()
 	if err != nil {
-		if !models.IsErrUserNotExist(err) {
+		if !user_model.IsErrUserNotExist(err) {
 			log.Error("Can't find user: %d for head repository - %v", pr.HeadRepo.OwnerID, err)
 			return "", err
 		}
@ -541,7 +542,7 @@ func getDiffTree(repoPath, baseBranch, headBranch string) (string, error) {
 }

 // IsSignedIfRequired check if merge will be signed if required
-func IsSignedIfRequired(pr *models.PullRequest, doer *models.User) (bool, error) {
+func IsSignedIfRequired(pr *models.PullRequest, doer *user_model.User) (bool, error) {
 	if err := pr.LoadProtectedBranch(); err != nil {
 		return false, err
 	}
@ -556,7 +557,7 @@ func IsSignedIfRequired(pr *models.PullRequest, doer *models.User) (bool, error)
 }

 // IsUserAllowedToMerge check if user is allowed to merge PR with given permissions and branch protections
-func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *models.User) (bool, error) {
+func IsUserAllowedToMerge(pr *models.PullRequest, p models.Permission, user *user_model.User) (bool, error) {
 	if user == nil {
 		return false, nil
 	}
@ -632,7 +633,7 @@ func CheckPRReadyToMerge(pr *models.PullRequest, skipProtectedFilesCheck bool) (
 }

 // MergedManually mark pr as merged manually
-func MergedManually(pr *models.PullRequest, doer *models.User, baseGitRepo *git.Repository, commitID string) (err error) {
+func MergedManually(pr *models.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, commitID string) (err error) {
 	prUnit, err := pr.BaseRepo.GetUnit(unit.TypePullRequests)
 	if err != nil {
 		return
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@ -15,6 +15,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/json"
@ -113,7 +114,7 @@ func NewPullRequest(repo *models.Repository, pull *models.Issue, labelIDs []int6
 }

 // ChangeTargetBranch changes the target branch of this pull request, as the given user.
-func ChangeTargetBranch(pr *models.PullRequest, doer *models.User, targetBranch string) (err error) {
+func ChangeTargetBranch(pr *models.PullRequest, doer *user_model.User, targetBranch string) (err error) {
 	// Current target branch is already the same
 	if pr.BaseBranch == targetBranch {
 		return nil
@ -209,7 +210,7 @@ func ChangeTargetBranch(pr *models.PullRequest, doer *models.User, targetBranch
 	return nil
 }

-func checkForInvalidation(requests models.PullRequestList, repoID int64, doer *models.User, branch string) error {
+func checkForInvalidation(requests models.PullRequestList, repoID int64, doer *user_model.User, branch string) error {
 	repo, err := models.GetRepositoryByID(repoID)
 	if err != nil {
 		return fmt.Errorf("GetRepositoryByID: %v", err)
@ -231,7 +232,7 @@ func checkForInvalidation(requests models.PullRequestList, repoID int64, doer *m

 // AddTestPullRequestTask adds new test tasks by given head/base repository and head/base branch,
 // and generate new patch for testing as needed.
-func AddTestPullRequestTask(doer *models.User, repoID int64, branch string, isSync bool, oldCommitID, newCommitID string) {
+func AddTestPullRequestTask(doer *user_model.User, repoID int64, branch string, isSync bool, oldCommitID, newCommitID string) {
 	log.Trace("AddTestPullRequestTask [head_repo_id: %d, head_branch: %s]: finding pull requests", repoID, branch)
 	graceful.GetManager().RunWithShutdownContext(func(ctx context.Context) {
 		// There is no sensible way to shut this down ":-("
@ -494,7 +495,7 @@ func (errs errlist) Error() string {
 }

 // CloseBranchPulls close all the pull requests who's head branch is the branch
-func CloseBranchPulls(doer *models.User, repoID int64, branch string) error {
+func CloseBranchPulls(doer *user_model.User, repoID int64, branch string) error {
 	prs, err := models.GetUnmergedPullRequestsByHeadInfo(repoID, branch)
 	if err != nil {
 		return err
@ -523,7 +524,7 @@ func CloseBranchPulls(doer *models.User, repoID int64, branch string) error {
 }

 // CloseRepoBranchesPulls close all pull requests which head branches are in the given repository, but only whose base repo is not in the given repository
-func CloseRepoBranchesPulls(doer *models.User, repo *models.Repository) error {
+func CloseRepoBranchesPulls(doer *user_model.User, repo *models.Repository) error {
 	branches, _, err := git.GetBranchesByPath(repo.RepoPath(), 0, 0)
 	if err != nil {
 		return err
--- a/services/pull/review.go
+++ b/services/pull/review.go
@ -13,6 +13,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
@ -20,7 +21,7 @@ import (
 )

 // CreateCodeComment creates a comment on the code line
-func CreateCodeComment(doer *models.User, gitRepo *git.Repository, issue *models.Issue, line int64, content string, treePath string, isReview bool, replyReviewID int64, latestCommitID string) (*models.Comment, error) {
+func CreateCodeComment(doer *user_model.User, gitRepo *git.Repository, issue *models.Issue, line int64, content string, treePath string, isReview bool, replyReviewID int64, latestCommitID string) (*models.Comment, error) {

 	var (
 		existsReview bool
@ -114,7 +115,7 @@ func CreateCodeComment(doer *models.User, gitRepo *git.Repository, issue *models
 var notEnoughLines = regexp.MustCompile(`exit status 128 - fatal: file .* has only \d+ lines?`)

 // createCodeComment creates a plain code comment at the specified line / path
-func createCodeComment(doer *models.User, repo *models.Repository, issue *models.Issue, content, treePath string, line, reviewID int64) (*models.Comment, error) {
+func createCodeComment(doer *user_model.User, repo *models.Repository, issue *models.Issue, content, treePath string, line, reviewID int64) (*models.Comment, error) {
 	var commitID, patch string
 	if err := issue.LoadPullRequest(); err != nil {
 		return nil, fmt.Errorf("GetPullRequestByIssueID: %v", err)
@ -216,7 +217,7 @@ func createCodeComment(doer *models.User, repo *models.Repository, issue *models
 }

 // SubmitReview creates a review out of the existing pending review or creates a new one if no pending review exist
-func SubmitReview(doer *models.User, gitRepo *git.Repository, issue *models.Issue, reviewType models.ReviewType, content, commitID string, attachmentUUIDs []string) (*models.Review, *models.Comment, error) {
+func SubmitReview(doer *user_model.User, gitRepo *git.Repository, issue *models.Issue, reviewType models.ReviewType, content, commitID string, attachmentUUIDs []string) (*models.Review, *models.Comment, error) {
 	pr, err := issue.GetPullRequest()
 	if err != nil {
 		return nil, nil, err
@ -270,7 +271,7 @@ func SubmitReview(doer *models.User, gitRepo *git.Repository, issue *models.Issu
 }

 // DismissReview dismissing stale review by repo admin
-func DismissReview(reviewID int64, message string, doer *models.User, isDismiss bool) (comment *models.Comment, err error) {
+func DismissReview(reviewID int64, message string, doer *user_model.User, isDismiss bool) (comment *models.Comment, err error) {
 	review, err := models.GetReviewByID(reviewID)
 	if err != nil {
 		return
--- a/services/pull/update.go
+++ b/services/pull/update.go
@ -8,12 +8,13 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 )

 // Update updates pull request with base branch.
-func Update(pull *models.PullRequest, doer *models.User, message string, rebase bool) error {
+func Update(pull *models.PullRequest, doer *user_model.User, message string, rebase bool) error {
 	var (
 		pr    *models.PullRequest
 		style models.MergeStyle
@ -67,7 +68,7 @@ func Update(pull *models.PullRequest, doer *models.User, message string, rebase
 }

 // IsUserAllowedToUpdate check if user is allowed to update PR with given permissions and branch protections
-func IsUserAllowedToUpdate(pull *models.PullRequest, user *models.User) (mergeAllowed, rebaseAllowed bool, err error) {
+func IsUserAllowedToUpdate(pull *models.PullRequest, user *user_model.User) (mergeAllowed, rebaseAllowed bool, err error) {
 	if pull.Flow == models.PullRequestFlowAGit {
 		return false, false, nil
 	}
--- a/services/release/release.go
+++ b/services/release/release.go
@ -12,6 +12,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
@ -93,7 +94,7 @@ func createTag(gitRepo *git.Repository, rel *models.Release, msg string) (bool,
 		}

 		if rel.PublisherID <= 0 {
-			u, err := models.GetUserByEmail(commit.Author.Email)
+			u, err := user_model.GetUserByEmail(commit.Author.Email)
 			if err == nil {
 				rel.PublisherID = u.ID
 			}
@ -136,7 +137,7 @@ func CreateRelease(gitRepo *git.Repository, rel *models.Release, attachmentUUIDs
 }

 // CreateNewTag creates a new repository tag
-func CreateNewTag(doer *models.User, repo *models.Repository, commit, tagName, msg string) error {
+func CreateNewTag(doer *user_model.User, repo *models.Repository, commit, tagName, msg string) error {
 	isExist, err := models.IsReleaseExist(repo.ID, tagName)
 	if err != nil {
 		return err
@ -179,7 +180,7 @@ func CreateNewTag(doer *models.User, repo *models.Repository, commit, tagName, m
 // addAttachmentUUIDs accept a slice of new created attachments' uuids which will be reassigned release_id as the created release
 // delAttachmentUUIDs accept a slice of attachments' uuids which will be deleted from the release
 // editAttachments accept a map of attachment uuid to new attachment name which will be updated with attachments.
-func UpdateRelease(doer *models.User, gitRepo *git.Repository, rel *models.Release,
+func UpdateRelease(doer *user_model.User, gitRepo *git.Repository, rel *models.Release,
 	addAttachmentUUIDs, delAttachmentUUIDs []string, editAttachments map[string]string) (err error) {
 	if rel.ID == 0 {
 		return errors.New("UpdateRelease only accepts an exist release")
@ -278,7 +279,7 @@ func UpdateRelease(doer *models.User, gitRepo *git.Repository, rel *models.Relea
 }

 // DeleteReleaseByID deletes a release and corresponding Git tag by given ID.
-func DeleteReleaseByID(id int64, doer *models.User, delTag bool) error {
+func DeleteReleaseByID(id int64, doer *user_model.User, delTag bool) error {
 	rel, err := models.GetReleaseByID(id)
 	if err != nil {
 		return fmt.Errorf("GetReleaseByID: %v", err)
--- a/services/release/release_test.go
+++ b/services/release/release_test.go
@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/models"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/services/attachment"

@ -26,7 +27,7 @@ func TestMain(m *testing.M) {
 func TestRelease_Create(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	repoPath := models.RepoPath(user.Name, repo.Name)

@ -130,7 +131,7 @@ func TestRelease_Create(t *testing.T) {
 func TestRelease_Update(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	repoPath := models.RepoPath(user.Name, repo.Name)

@ -272,7 +273,7 @@ func TestRelease_Update(t *testing.T) {
 func TestRelease_createTag(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
 	repoPath := models.RepoPath(user.Name, repo.Name)

@ -354,7 +355,7 @@ func TestRelease_createTag(t *testing.T) {

 func TestCreateNewTag(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)

 	assert.NoError(t, CreateNewTag(user, repo, "master", "v2.0",
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@ -13,6 +13,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
@ -24,7 +25,7 @@ import (
 )

 // AdoptRepository adopts pre-existing repository files for the user/organization.
-func AdoptRepository(doer, u *models.User, opts models.CreateRepoOptions) (*models.Repository, error) {
+func AdoptRepository(doer, u *user_model.User, opts models.CreateRepoOptions) (*models.Repository, error) {
 	if !doer.IsAdmin && !u.CanCreateRepo() {
 		return nil, models.ErrReachLimitOfRepo{
 			Limit: u.MaxRepoCreation,
@ -98,7 +99,7 @@ func AdoptRepository(doer, u *models.User, opts models.CreateRepoOptions) (*mode
 	return repo, nil
 }

-func adoptRepository(ctx context.Context, repoPath string, u *models.User, repo *models.Repository, opts models.CreateRepoOptions) (err error) {
+func adoptRepository(ctx context.Context, repoPath string, u *user_model.User, repo *models.Repository, opts models.CreateRepoOptions) (err error) {
 	isExist, err := util.IsExist(repoPath)
 	if err != nil {
 		log.Error("Unable to check if %s exists. Error: %v", repoPath, err)
@ -185,7 +186,7 @@ func adoptRepository(ctx context.Context, repoPath string, u *models.User, repo
 }

 // DeleteUnadoptedRepository deletes unadopted repository files from the filesystem
-func DeleteUnadoptedRepository(doer, u *models.User, repoName string) error {
+func DeleteUnadoptedRepository(doer, u *user_model.User, repoName string) error {
 	if err := models.IsUsableRepoName(repoName); err != nil {
 		return err
 	}
@ -240,7 +241,7 @@ func ListUnadoptedRepositories(query string, opts *db.ListOptions) ([]string, in
 	repoNamesToCheck := make([]string, 0, opts.PageSize)

 	repoNames := make([]string, 0, opts.PageSize)
-	var ctxUser *models.User
+	var ctxUser *user_model.User

 	count := 0

@ -293,9 +294,9 @@ func ListUnadoptedRepositories(query string, opts *db.ListOptions) ([]string, in
 				return filepath.SkipDir
 			}

-			ctxUser, err = models.GetUserByName(info.Name())
+			ctxUser, err = user_model.GetUserByName(info.Name())
 			if err != nil {
-				if models.IsErrUserNotExist(err) {
+				if user_model.IsErrUserNotExist(err) {
 					log.Debug("Missing user: %s", info.Name())
 					return filepath.SkipDir
 				}
--- a/services/repository/branch.go
+++ b/services/repository/branch.go
@ -9,6 +9,7 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
@ -17,7 +18,7 @@ import (
 )

 // CreateNewBranch creates a new repository branch
-func CreateNewBranch(doer *models.User, repo *models.Repository, oldBranchName, branchName string) (err error) {
+func CreateNewBranch(doer *user_model.User, repo *models.Repository, oldBranchName, branchName string) (err error) {
 	// Check if branch name can be used
 	if err := checkBranchName(repo, branchName); err != nil {
 		return err
@ -99,7 +100,7 @@ func checkBranchName(repo *models.Repository, name string) error {
 }

 // CreateNewBranchFromCommit creates a new repository branch
-func CreateNewBranchFromCommit(doer *models.User, repo *models.Repository, commit, branchName string) (err error) {
+func CreateNewBranchFromCommit(doer *user_model.User, repo *models.Repository, commit, branchName string) (err error) {
 	// Check if branch name can be used
 	if err := checkBranchName(repo, branchName); err != nil {
 		return err
@ -120,7 +121,7 @@ func CreateNewBranchFromCommit(doer *models.User, repo *models.Repository, commi
 }

 // RenameBranch rename a branch
-func RenameBranch(repo *models.Repository, doer *models.User, gitRepo *git.Repository, from, to string) (string, error) {
+func RenameBranch(repo *models.Repository, doer *user_model.User, gitRepo *git.Repository, from, to string) (string, error) {
 	if from == to {
 		return "target_exist", nil
 	}
@ -164,7 +165,7 @@ var (
 )

 // DeleteBranch delete branch
-func DeleteBranch(doer *models.User, repo *models.Repository, gitRepo *git.Repository, branchName string) error {
+func DeleteBranch(doer *user_model.User, repo *models.Repository, gitRepo *git.Repository, branchName string) error {
 	if branchName == repo.DefaultBranch {
 		return ErrBranchIsDefault
 	}
--- a/services/repository/check.go
+++ b/services/repository/check.go
@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/models"
 	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/util"
@ -149,7 +150,7 @@ func gatherMissingRepoRecords(ctx context.Context) ([]*models.Repository, error)
 }

 // DeleteMissingRepositories deletes all repository records that lost Git files.
-func DeleteMissingRepositories(ctx context.Context, doer *models.User) error {
+func DeleteMissingRepositories(ctx context.Context, doer *user_model.User) error {
 	repos, err := gatherMissingRepoRecords(ctx)
 	if err != nil {
 		return err
--- a/services/repository/files/commit.go
+++ b/services/repository/files/commit.go
@ -8,6 +8,7 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/structs"
 )
@ -15,7 +16,7 @@ import (
 // CreateCommitStatus creates a new CommitStatus given a bunch of parameters
 // NOTE: All text-values will be trimmed from whitespaces.
 // Requires: Repo, Creator, SHA
-func CreateCommitStatus(repo *models.Repository, creator *models.User, sha string, status *models.CommitStatus) error {
+func CreateCommitStatus(repo *models.Repository, creator *user_model.User, sha string, status *models.CommitStatus) error {
 	repoPath := repo.RepoPath()

 	// confirm that commit is exist
--- a/services/repository/files/delete.go
+++ b/services/repository/files/delete.go
@ -9,6 +9,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	api "code.gitea.io/gitea/modules/structs"
 	repo_service "code.gitea.io/gitea/services/repository"
@ -29,7 +30,7 @@ type DeleteRepoFileOptions struct {
 }

 // DeleteRepoFile deletes a file in the given repository
-func DeleteRepoFile(repo *models.Repository, doer *models.User, opts *DeleteRepoFileOptions) (*api.FileResponse, error) {
+func DeleteRepoFile(repo *models.Repository, doer *user_model.User, opts *DeleteRepoFileOptions) (*api.FileResponse, error) {
 	// If no branch name is set, assume the repo's default branch
 	if opts.OldBranch == "" {
 		opts.OldBranch = repo.DefaultBranch
--- a/services/repository/files/file.go
+++ b/services/repository/files/file.go
@ -12,6 +12,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	api "code.gitea.io/gitea/modules/structs"
 )
@ -81,7 +82,7 @@ func GetFileCommitResponse(repo *models.Repository, commit *git.Commit) (*api.Fi
 }

 // GetAuthorAndCommitterUsers Gets the author and committer user objects from the IdentityOptions
-func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *models.User) (authorUser, committerUser *models.User) {
+func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *user_model.User) (authorUser, committerUser *user_model.User) {
 	// Committer and author are optional. If they are not the doer (not same email address)
 	// then we use bogus User objects for them to store their FullName and Email.
 	// If only one of the two are provided, we set both of them to it.
@ -93,7 +94,7 @@ func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *models
 				committerUser.FullName = committer.Name
 			}
 		} else {
-			committerUser = &models.User{
+			committerUser = &user_model.User{
 				FullName: committer.Name,
 				Email:    committer.Email,
 			}
@ -106,7 +107,7 @@ func GetAuthorAndCommitterUsers(author, committer *IdentityOptions, doer *models
 				authorUser.FullName = author.Name
 			}
 		} else {
-			authorUser = &models.User{
+			authorUser = &user_model.User{
 				FullName: author.Name,
 				Email:    author.Email,
 			}
--- a/services/repository/files/temp_repo.go
+++ b/services/repository/files/temp_repo.go
@ -15,6 +15,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -185,12 +186,12 @@ func (t *TemporaryUploadRepository) GetLastCommitByRef(ref string) (string, erro
 }

 // CommitTree creates a commit from a given tree for the user with provided message
-func (t *TemporaryUploadRepository) CommitTree(author, committer *models.User, treeHash string, message string, signoff bool) (string, error) {
+func (t *TemporaryUploadRepository) CommitTree(author, committer *user_model.User, treeHash string, message string, signoff bool) (string, error) {
 	return t.CommitTreeWithDate(author, committer, treeHash, message, signoff, time.Now(), time.Now())
 }

 // CommitTreeWithDate creates a commit from a given tree for the user with provided message
-func (t *TemporaryUploadRepository) CommitTreeWithDate(author, committer *models.User, treeHash string, message string, signoff bool, authorDate, committerDate time.Time) (string, error) {
+func (t *TemporaryUploadRepository) CommitTreeWithDate(author, committer *user_model.User, treeHash string, message string, signoff bool, authorDate, committerDate time.Time) (string, error) {
 	authorSig := author.NewGitSig()
 	committerSig := committer.NewGitSig()

@ -260,7 +261,7 @@ func (t *TemporaryUploadRepository) CommitTreeWithDate(author, committer *models
 }

 // Push the provided commitHash to the repository branch by the provided user
-func (t *TemporaryUploadRepository) Push(doer *models.User, commitHash string, branch string) error {
+func (t *TemporaryUploadRepository) Push(doer *user_model.User, commitHash string, branch string) error {
 	// Because calls hooks we need to pass in the environment
 	env := models.PushingEnvironment(doer, t.repo)
 	if err := git.Push(t.basePath, git.PushOptions{
--- a/services/repository/files/update.go
+++ b/services/repository/files/update.go
@ -12,6 +12,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/lfs"
@ -122,7 +123,7 @@ func detectEncodingAndBOM(entry *git.TreeEntry, repo *models.Repository) (string
 }

 // CreateOrUpdateRepoFile adds or updates a file in the given repository
-func CreateOrUpdateRepoFile(repo *models.Repository, doer *models.User, opts *UpdateRepoFileOptions) (*structs.FileResponse, error) {
+func CreateOrUpdateRepoFile(repo *models.Repository, doer *user_model.User, opts *UpdateRepoFileOptions) (*structs.FileResponse, error) {
 	// If no branch name is set, assume default branch
 	if opts.OldBranch == "" {
 		opts.OldBranch = repo.DefaultBranch
@ -439,7 +440,7 @@ func CreateOrUpdateRepoFile(repo *models.Repository, doer *models.User, opts *Up
 }

 // VerifyBranchProtection verify the branch protection for modifying the given treePath on the given branch
-func VerifyBranchProtection(repo *models.Repository, doer *models.User, branchName string, treePath string) error {
+func VerifyBranchProtection(repo *models.Repository, doer *user_model.User, branchName string, treePath string) error {
 	protectedBranch, err := repo.GetBranchProtection(branchName)
 	if err != nil {
 		return err
--- a/services/repository/files/upload.go
+++ b/services/repository/files/upload.go
@ -11,6 +11,7 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/setting"
@ -47,7 +48,7 @@ func cleanUpAfterFailure(infos *[]uploadInfo, t *TemporaryUploadRepository, orig
 }

 // UploadRepoFiles uploads files to the given repository
-func UploadRepoFiles(repo *models.Repository, doer *models.User, opts *UploadRepoFileOptions) error {
+func UploadRepoFiles(repo *models.Repository, doer *user_model.User, opts *UploadRepoFileOptions) error {
 	if len(opts.Files) == 0 {
 		return nil
 	}
@ -67,7 +68,11 @@ func UploadRepoFiles(repo *models.Repository, doer *models.User, opts *UploadRep
 			return err
 		}
 		if lfsLock != nil && lfsLock.OwnerID != doer.ID {
-			return models.ErrLFSFileLocked{RepoID: repo.ID, Path: filepath, UserName: lfsLock.Owner.Name}
+			u, err := user_model.GetUserByID(lfsLock.OwnerID)
+			if err != nil {
+				return err
+			}
+			return models.ErrLFSFileLocked{RepoID: repo.ID, Path: filepath, UserName: u.Name}
 		}

 		names[i] = upload.Name
--- a/services/repository/fork.go
+++ b/services/repository/fork.go
@ -12,6 +12,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
@ -21,7 +22,7 @@ import (
 )

 // ForkRepository forks a repository
-func ForkRepository(doer, owner *models.User, opts models.ForkRepoOptions) (_ *models.Repository, err error) {
+func ForkRepository(doer, owner *user_model.User, opts models.ForkRepoOptions) (_ *models.Repository, err error) {
 	forkedRepo, err := opts.BaseRepo.GetUserFork(owner.ID)
 	if err != nil {
 		return nil, err
--- a/services/repository/fork_test.go
+++ b/services/repository/fork_test.go
@ -9,6 +9,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"

 	"github.com/stretchr/testify/assert"
 )
@ -17,7 +18,7 @@ func TestForkRepository(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

 	// user 13 has already forked repo10
-	user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 13}).(*models.User)
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 13}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 10}).(*models.Repository)

 	fork, err := ForkRepository(user, user, models.ForkRepoOptions{
--- a/services/repository/generate.go
+++ b/services/repository/generate.go
@ -9,13 +9,14 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 	repo_module "code.gitea.io/gitea/modules/repository"
 )

 // GenerateRepository generates a repository from a template
-func GenerateRepository(doer, owner *models.User, templateRepo *models.Repository, opts models.GenerateRepoOptions) (_ *models.Repository, err error) {
+func GenerateRepository(doer, owner *user_model.User, templateRepo *models.Repository, opts models.GenerateRepoOptions) (_ *models.Repository, err error) {
 	if !doer.IsAdmin && !owner.CanCreateRepo() {
 		return nil, models.ErrReachLimitOfRepo{
 			Limit: owner.MaxRepoCreation,
--- a/services/repository/push.go
+++ b/services/repository/push.go
@ -13,6 +13,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
@ -93,7 +94,7 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error {

 	addTags := make([]string, 0, len(optsList))
 	delTags := make([]string, 0, len(optsList))
-	var pusher *models.User
+	var pusher *user_model.User

 	for _, opts := range optsList {
 		if opts.IsNewRef() && opts.IsDelRef() {
@ -102,7 +103,7 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error {
 		if opts.IsTag() { // If is tag reference
 			if pusher == nil || pusher.ID != opts.PusherID {
 				var err error
-				if pusher, err = models.GetUserByID(opts.PusherID); err != nil {
+				if pusher, err = user_model.GetUserByID(opts.PusherID); err != nil {
 					return err
 				}
 			}
@ -133,7 +134,7 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error {
 		} else if opts.IsBranch() { // If is branch reference
 			if pusher == nil || pusher.ID != opts.PusherID {
 				var err error
-				if pusher, err = models.GetUserByID(opts.PusherID); err != nil {
+				if pusher, err = user_model.GetUserByID(opts.PusherID); err != nil {
 					return err
 				}
 			}
@ -276,7 +277,7 @@ func pushUpdateAddTags(ctx context.Context, repo *models.Repository, gitRepo *gi

 	newReleases := make([]*models.Release, 0, len(lowerTags)-len(relMap))

-	emailToUser := make(map[string]*models.User)
+	emailToUser := make(map[string]*user_model.User)

 	for i, lowerTag := range lowerTags {
 		tag, err := gitRepo.GetTag(tags[i])
@ -295,15 +296,15 @@ func pushUpdateAddTags(ctx context.Context, repo *models.Repository, gitRepo *gi
 		if sig == nil {
 			sig = commit.Committer
 		}
-		var author *models.User
+		var author *user_model.User
 		var createdAt = time.Unix(1, 0)

 		if sig != nil {
 			var ok bool
 			author, ok = emailToUser[sig.Email]
 			if !ok {
-				author, err = models.GetUserByEmailContext(ctx, sig.Email)
-				if err != nil && !models.IsErrUserNotExist(err) {
+				author, err = user_model.GetUserByEmailContext(ctx, sig.Email)
+				if err != nil && !user_model.IsErrUserNotExist(err) {
 					return fmt.Errorf("GetUserByEmail: %v", err)
 				}
 				if author != nil {
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@ -8,6 +8,7 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 	repo_module "code.gitea.io/gitea/modules/repository"
@ -16,7 +17,7 @@ import (
 )

 // CreateRepository creates a repository for the user/organization.
-func CreateRepository(doer, owner *models.User, opts models.CreateRepoOptions) (*models.Repository, error) {
+func CreateRepository(doer, owner *user_model.User, opts models.CreateRepoOptions) (*models.Repository, error) {
 	repo, err := repo_module.CreateRepository(doer, owner, opts)
 	if err != nil {
 		// No need to rollback here we should do this in CreateRepository...
@ -29,7 +30,7 @@ func CreateRepository(doer, owner *models.User, opts models.CreateRepoOptions) (
 }

 // DeleteRepository deletes a repository for a user or organization.
-func DeleteRepository(doer *models.User, repo *models.Repository) error {
+func DeleteRepository(doer *user_model.User, repo *models.Repository) error {
 	if err := pull_service.CloseRepoBranchesPulls(doer, repo); err != nil {
 		log.Error("CloseRepoBranchesPulls failed: %v", err)
 	}
@ -42,7 +43,7 @@ func DeleteRepository(doer *models.User, repo *models.Repository) error {
 }

 // PushCreateRepo creates a repository when a new repository is pushed to an appropriate namespace
-func PushCreateRepo(authUser, owner *models.User, repoName string) (*models.Repository, error) {
+func PushCreateRepo(authUser, owner *user_model.User, repoName string) (*models.Repository, error) {
 	if !authUser.IsAdmin {
 		if owner.IsOrganization() {
 			if ok, err := models.CanCreateOrgRepo(owner.ID, authUser.ID); err != nil {
--- a/services/repository/transfer.go
+++ b/services/repository/transfer.go
@ -8,6 +8,7 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/sync"
 )
@ -16,7 +17,7 @@ import (
 var repoWorkingPool = sync.NewExclusivePool()

 // TransferOwnership transfers all corresponding setting from old user to new one.
-func TransferOwnership(doer, newOwner *models.User, repo *models.Repository, teams []*models.Team) error {
+func TransferOwnership(doer, newOwner *user_model.User, repo *models.Repository, teams []*models.Team) error {
 	if err := repo.GetOwner(); err != nil {
 		return err
 	}
@ -52,7 +53,7 @@ func TransferOwnership(doer, newOwner *models.User, repo *models.Repository, tea
 }

 // ChangeRepositoryName changes all corresponding setting from old repository name to new one.
-func ChangeRepositoryName(doer *models.User, repo *models.Repository, newRepoName string) error {
+func ChangeRepositoryName(doer *user_model.User, repo *models.Repository, newRepoName string) error {
 	oldRepoName := repo.Name

 	// Change repository directory name. We must lock the local copy of the
@ -73,7 +74,7 @@ func ChangeRepositoryName(doer *models.User, repo *models.Repository, newRepoNam

 // StartRepositoryTransfer transfer a repo from one owner to a new one.
 // it make repository into pending transfer state, if doer can not create repo for new owner.
-func StartRepositoryTransfer(doer, newOwner *models.User, repo *models.Repository, teams []*models.Team) error {
+func StartRepositoryTransfer(doer, newOwner *user_model.User, repo *models.Repository, teams []*models.Team) error {
 	if err := models.TestRepositoryReadyForTransfer(repo.Status); err != nil {
 		return err
 	}
--- a/services/repository/transfer_test.go
+++ b/services/repository/transfer_test.go
@ -10,6 +10,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/notification/action"
 	"code.gitea.io/gitea/modules/util"
@ -30,9 +31,9 @@ func TestTransferOwnership(t *testing.T) {

 	assert.NoError(t, unittest.PrepareTestDatabase())

-	doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)
-	repo.Owner = unittest.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+	repo.Owner = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}).(*user_model.User)
 	assert.NoError(t, TransferOwnership(doer, doer, repo, nil))

 	transferredRepo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)
@ -51,16 +52,16 @@ func TestTransferOwnership(t *testing.T) {
 		Content:   "user3/repo3",
 	})

-	unittest.CheckConsistencyFor(t, &models.Repository{}, &models.User{}, &models.Team{})
+	unittest.CheckConsistencyFor(t, &models.Repository{}, &user_model.User{}, &models.Team{})
 }

 func TestStartRepositoryTransferSetPermission(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
-	recipient := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
+	recipient := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)
-	repo.Owner = unittest.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+	repo.Owner = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}).(*user_model.User)

 	hasAccess, err := models.HasAccess(recipient.ID, repo)
 	assert.NoError(t, err)
@ -72,5 +73,5 @@ func TestStartRepositoryTransferSetPermission(t *testing.T) {
 	assert.NoError(t, err)
 	assert.True(t, hasAccess)

-	unittest.CheckConsistencyFor(t, &models.Repository{}, &models.User{}, &models.Team{})
+	unittest.CheckConsistencyFor(t, &models.Repository{}, &user_model.User{}, &models.Team{})
 }
--- a/services/task/migrate.go
+++ b/services/task/migrate.go
@ -11,6 +11,8 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
@ -23,16 +25,16 @@ import (
 	"code.gitea.io/gitea/services/migrations"
 )

-func handleCreateError(owner *models.User, err error) error {
+func handleCreateError(owner *user_model.User, err error) error {
 	switch {
 	case models.IsErrReachLimitOfRepo(err):
 		return fmt.Errorf("You have already reached your limit of %d repositories", owner.MaxCreationLimit())
 	case models.IsErrRepoAlreadyExist(err):
 		return errors.New("The repository name is already used")
-	case models.IsErrNameReserved(err):
-		return fmt.Errorf("The repository name '%s' is reserved", err.(models.ErrNameReserved).Name)
-	case models.IsErrNamePatternNotAllowed(err):
-		return fmt.Errorf("The pattern '%s' is not allowed in a repository name", err.(models.ErrNamePatternNotAllowed).Pattern)
+	case db.IsErrNameReserved(err):
+		return fmt.Errorf("The repository name '%s' is reserved", err.(db.ErrNameReserved).Name)
+	case db.IsErrNamePatternNotAllowed(err):
+		return fmt.Errorf("The pattern '%s' is not allowed in a repository name", err.(db.ErrNamePatternNotAllowed).Pattern)
 	default:
 		return err
 	}
--- a/services/task/task.go
+++ b/services/task/task.go
@ -8,6 +8,7 @@ import (
 	"fmt"

 	"code.gitea.io/gitea/models"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
@ -57,7 +58,7 @@ func handle(data ...queue.Data) {
 }

 // MigrateRepository add migration repository to task
-func MigrateRepository(doer, u *models.User, opts base.MigrateOptions) error {
+func MigrateRepository(doer, u *user_model.User, opts base.MigrateOptions) error {
 	task, err := CreateMigrateTask(doer, u, opts)
 	if err != nil {
 		return err
@ -67,7 +68,7 @@ func MigrateRepository(doer, u *models.User, opts base.MigrateOptions) error {
 }

 // CreateMigrateTask creates a migrate task
-func CreateMigrateTask(doer, u *models.User, opts base.MigrateOptions) (*models.Task, error) {
+func CreateMigrateTask(doer, u *user_model.User, opts base.MigrateOptions) (*models.Task, error) {
 	// encrypt credentials for persistence
 	var err error
 	opts.CloneAddrEncrypted, err = secret.EncryptSecret(setting.SecretKey, opts.CloneAddr)
--- a/services/user/user.go
+++ b/services/user/user.go
@ -25,7 +25,7 @@ import (
 // DeleteUser completely and permanently deletes everything of a user,
 // but issues/comments/pulls will be kept and shown as someone has been deleted,
 // unless the user is younger than USER_DELETE_WITH_COMMENTS_MAX_DAYS.
-func DeleteUser(u *models.User) error {
+func DeleteUser(u *user_model.User) error {
 	if u.IsOrganization() {
 		return fmt.Errorf("%s is an organization not a user", u.Name)
 	}
@ -72,7 +72,7 @@ func DeleteUser(u *models.User) error {

 	// Note: There are something just cannot be roll back,
 	//	so just keep error logs of those operations.
-	path := models.UserPath(u.Name)
+	path := user_model.UserPath(u.Name)
 	if err := util.RemoveAll(path); err != nil {
 		err = fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
 		_ = admin_model.CreateNotice(db.DefaultContext, admin_model.NoticeTask, fmt.Sprintf("delete user '%s': %v", u.Name, err))
@ -93,7 +93,7 @@ func DeleteUser(u *models.User) error {

 // DeleteInactiveUsers deletes all inactive users and email addresses.
 func DeleteInactiveUsers(ctx context.Context, olderThan time.Duration) error {
-	users, err := models.GetInactiveUsers(ctx, olderThan)
+	users, err := user_model.GetInactiveUsers(ctx, olderThan)
 	if err != nil {
 		return err
 	}
@ -118,7 +118,7 @@ func DeleteInactiveUsers(ctx context.Context, olderThan time.Duration) error {
 }

 // UploadAvatar saves custom avatar for user.
-func UploadAvatar(u *models.User, data []byte) error {
+func UploadAvatar(u *user_model.User, data []byte) error {
 	m, err := avatar.Prepare(data)
 	if err != nil {
 		return err
@ -136,7 +136,7 @@ func UploadAvatar(u *models.User, data []byte) error {
 	// Otherwise, if any of the users delete his avatar
 	// Other users will lose their avatars too.
 	u.Avatar = fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
-	if err = models.UpdateUserCols(ctx, u, "use_custom_avatar", "avatar"); err != nil {
+	if err = user_model.UpdateUserCols(ctx, u, "use_custom_avatar", "avatar"); err != nil {
 		return fmt.Errorf("updateUser: %v", err)
 	}

@ -153,7 +153,7 @@ func UploadAvatar(u *models.User, data []byte) error {
 }

 // DeleteAvatar deletes the user's custom avatar.
-func DeleteAvatar(u *models.User) error {
+func DeleteAvatar(u *user_model.User) error {
 	aPath := u.CustomAvatarRelativePath()
 	log.Trace("DeleteAvatar[%d]: %s", u.ID, aPath)
 	if len(u.Avatar) > 0 {
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@ -11,6 +11,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/stretchr/testify/assert"
@ -23,7 +24,7 @@ func TestMain(m *testing.M) {
 func TestDeleteUser(t *testing.T) {
 	test := func(userID int64) {
 		assert.NoError(t, unittest.PrepareTestDatabase())
-		user := unittest.AssertExistsAndLoadBean(t, &models.User{ID: userID}).(*models.User)
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID}).(*user_model.User)

 		ownedRepos := make([]*models.Repository, 0, 10)
 		assert.NoError(t, db.GetEngine(db.DefaultContext).Find(&ownedRepos, &models.Repository{OwnerID: userID}))
@ -43,20 +44,20 @@ func TestDeleteUser(t *testing.T) {
 			}
 		}
 		assert.NoError(t, DeleteUser(user))
-		unittest.AssertNotExistsBean(t, &models.User{ID: userID})
-		unittest.CheckConsistencyFor(t, &models.User{}, &models.Repository{})
+		unittest.AssertNotExistsBean(t, &user_model.User{ID: userID})
+		unittest.CheckConsistencyFor(t, &user_model.User{}, &models.Repository{})
 	}
 	test(2)
 	test(4)
 	test(8)
 	test(11)

-	org := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
+	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)
 	assert.Error(t, DeleteUser(org))
 }

 func TestCreateUser(t *testing.T) {
-	user := &models.User{
+	user := &user_model.User{
 		Name:               "GiteaBot",
 		Email:              "GiteaBot@gitea.io",
 		Passwd:             ";p['////..-++']",
@ -65,7 +66,7 @@ func TestCreateUser(t *testing.T) {
 		MustChangePassword: false,
 	}

-	assert.NoError(t, models.CreateUser(user))
+	assert.NoError(t, user_model.CreateUser(user))

 	assert.NoError(t, DeleteUser(user))
 }
@ -77,11 +78,11 @@ func TestCreateUser_Issue5882(t *testing.T) {
 	passwd := ".//.;1;;//.,-=_"

 	tt := []struct {
-		user               *models.User
+		user               *user_model.User
 		disableOrgCreation bool
 	}{
-		{&models.User{Name: "GiteaBot", Email: "GiteaBot@gitea.io", Passwd: passwd, MustChangePassword: false}, false},
-		{&models.User{Name: "GiteaBot2", Email: "GiteaBot2@gitea.io", Passwd: passwd, MustChangePassword: false}, true},
+		{&user_model.User{Name: "GiteaBot", Email: "GiteaBot@gitea.io", Passwd: passwd, MustChangePassword: false}, false},
+		{&user_model.User{Name: "GiteaBot2", Email: "GiteaBot2@gitea.io", Passwd: passwd, MustChangePassword: false}, true},
 	}

 	setting.Service.DefaultAllowCreateOrganization = true
@ -89,9 +90,9 @@ func TestCreateUser_Issue5882(t *testing.T) {
 	for _, v := range tt {
 		setting.Admin.DisableRegularOrgCreation = v.disableOrgCreation

-		assert.NoError(t, models.CreateUser(v.user))
+		assert.NoError(t, user_model.CreateUser(v.user))

-		u, err := models.GetUserByEmail(v.user.Email)
+		u, err := user_model.GetUserByEmail(v.user.Email)
 		assert.NoError(t, err)

 		assert.Equal(t, !u.AllowCreateOrganization, v.disableOrgCreation)
--- a/services/wiki/wiki.go
+++ b/services/wiki/wiki.go
@ -15,6 +15,7 @@ import (
 	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unit"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
@ -116,7 +117,7 @@ func prepareWikiFileName(gitRepo *git.Repository, wikiName string) (bool, string
 }

 // updateWikiPage adds a new page to the repository wiki.
-func updateWikiPage(doer *models.User, repo *models.Repository, oldWikiName, newWikiName, content, message string, isNew bool) (err error) {
+func updateWikiPage(doer *user_model.User, repo *models.Repository, oldWikiName, newWikiName, content, message string, isNew bool) (err error) {
 	if err = nameAllowed(newWikiName); err != nil {
 		return err
 	}
@ -264,18 +265,18 @@ func updateWikiPage(doer *models.User, repo *models.Repository, oldWikiName, new
 }

 // AddWikiPage adds a new wiki page with a given wikiPath.
-func AddWikiPage(doer *models.User, repo *models.Repository, wikiName, content, message string) error {
+func AddWikiPage(doer *user_model.User, repo *models.Repository, wikiName, content, message string) error {
 	return updateWikiPage(doer, repo, "", wikiName, content, message, true)
 }

 // EditWikiPage updates a wiki page identified by its wikiPath,
 // optionally also changing wikiPath.
-func EditWikiPage(doer *models.User, repo *models.Repository, oldWikiName, newWikiName, content, message string) error {
+func EditWikiPage(doer *user_model.User, repo *models.Repository, oldWikiName, newWikiName, content, message string) error {
 	return updateWikiPage(doer, repo, oldWikiName, newWikiName, content, message, false)
 }

 // DeleteWikiPage deletes a wiki page identified by its path.
-func DeleteWikiPage(doer *models.User, repo *models.Repository, wikiName string) (err error) {
+func DeleteWikiPage(doer *user_model.User, repo *models.Repository, wikiName string) (err error) {
 	wikiWorkingPool.CheckIn(fmt.Sprint(repo.ID))
 	defer wikiWorkingPool.CheckOut(fmt.Sprint(repo.ID))

--- a/services/wiki/wiki_test.go
+++ b/services/wiki/wiki_test.go
@ -11,6 +11,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/util"

@ -126,7 +127,7 @@ func TestRepository_AddWikiPage(t *testing.T) {
 	const wikiContent = "This is the wiki content"
 	const commitMsg = "Commit message"
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
-	doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	for _, wikiName := range []string{
 		"Another page",
 		"Here's a <tag> and a/slash",
@ -171,7 +172,7 @@ func TestRepository_EditWikiPage(t *testing.T) {
 	const newWikiContent = "This is the new content"
 	const commitMsg = "Commit message"
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
-	doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	for _, newWikiName := range []string{
 		"Home", // same name as before
 		"New home",
@ -201,7 +202,7 @@ func TestRepository_EditWikiPage(t *testing.T) {
 func TestRepository_DeleteWikiPage(t *testing.T) {
 	unittest.PrepareTestEnv(t)
 	repo := unittest.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
-	doer := unittest.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
 	assert.NoError(t, DeleteWikiPage(doer, repo, "Home"))

 	// Now need to show that the page has been added: