Refactor auth package (#17962)

modules/context/api.go

@@ -13,13 +13,13 @@ import (
 	"net/url"
 	"strings"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
-	"code.gitea.io/gitea/services/auth"
+	auth_service "code.gitea.io/gitea/services/auth"
 
 	"gitea.com/go-chi/session"
 )
@@ -225,9 +225,9 @@ func (ctx *APIContext) CheckForOTP() {
 	}
 
 	otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
-	twofa, err := login.GetTwoFactorByUID(ctx.Context.User.ID)
+	twofa, err := auth.GetTwoFactorByUID(ctx.Context.User.ID)
 	if err != nil {
-		if login.IsErrTwoFactorNotEnrolled(err) {
+		if auth.IsErrTwoFactorNotEnrolled(err) {
 			return // No 2FA enrollment for this user
 		}
 		ctx.Context.Error(http.StatusInternalServerError)
@@ -244,8 +244,8 @@ func (ctx *APIContext) CheckForOTP() {
 	}
 }
 
-// APIAuth converts auth.Auth as a middleware
-func APIAuth(authMethod auth.Method) func(*APIContext) {
+// APIAuth converts auth_service.Auth as a middleware
+func APIAuth(authMethod auth_service.Method) func(*APIContext) {
 	return func(ctx *APIContext) {
 		// Get user from session if logged in.
 		ctx.User = authMethod.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
@@ -253,7 +253,7 @@ func APIAuth(authMethod auth.Method) func(*APIContext) {
 			if ctx.Locale.Language() != ctx.User.Language {
 				ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
 			}
-			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == auth.BasicMethodName
+			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == auth_service.BasicMethodName
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
 			ctx.Data["SignedUser"] = ctx.User

modules/context/auth.go

@@ -8,7 +8,7 @@ package context
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
@@ -154,9 +154,9 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
 				if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
 					return // Skip 2FA
 				}
-				twofa, err := login.GetTwoFactorByUID(ctx.User.ID)
+				twofa, err := auth.GetTwoFactorByUID(ctx.User.ID)
 				if err != nil {
-					if login.IsErrTwoFactorNotEnrolled(err) {
+					if auth.IsErrTwoFactorNotEnrolled(err) {
 						return // No 2FA enrollment for this user
 					}
 					ctx.InternalServerError(err)

modules/convert/convert.go

@@ -13,7 +13,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -344,8 +344,8 @@ func ToTopicResponse(topic *repo_model.Topic) *api.TopicResponse {
 	}
 }
 
-// ToOAuth2Application convert from login.OAuth2Application to api.OAuth2Application
-func ToOAuth2Application(app *login.OAuth2Application) *api.OAuth2Application {
+// ToOAuth2Application convert from auth.OAuth2Application to api.OAuth2Application
+func ToOAuth2Application(app *auth.OAuth2Application) *api.OAuth2Application {
 	return &api.OAuth2Application{
 		ID:           app.ID,
 		Name:         app.Name,

modules/metrics/collector.go

@@ -297,7 +297,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	ch <- prometheus.MustNewConstMetric(
 		c.LoginSources,
 		prometheus.GaugeValue,
-		float64(stats.Counter.LoginSource),
+		float64(stats.Counter.AuthSource),
 	)
 	ch <- prometheus.MustNewConstMetric(
 		c.Milestones,

modules/session/db.go

@@ -8,7 +8,7 @@ import (
 	"log"
 	"sync"
 
-	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/modules/timeutil"
 
 	"gitea.com/go-chi/session"
@@ -72,7 +72,7 @@ func (s *DBStore) Release() error {
 		return err
 	}
 
-	return login.UpdateSession(s.sid, data)
+	return auth.UpdateSession(s.sid, data)
 }
 
 // Flush deletes all session data.
@@ -98,7 +98,7 @@ func (p *DBProvider) Init(maxLifetime int64, connStr string) error {
 
 // Read returns raw session store by session ID.
 func (p *DBProvider) Read(sid string) (session.RawStore, error) {
-	s, err := login.ReadSession(sid)
+	s, err := auth.ReadSession(sid)
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +118,7 @@ func (p *DBProvider) Read(sid string) (session.RawStore, error) {
 
 // Exist returns true if session with given ID exists.
 func (p *DBProvider) Exist(sid string) bool {
-	has, err := login.ExistSession(sid)
+	has, err := auth.ExistSession(sid)
 	if err != nil {
 		panic("session/DB: error checking existence: " + err.Error())
 	}
@@ -127,12 +127,12 @@ func (p *DBProvider) Exist(sid string) bool {
 
 // Destroy deletes a session by session ID.
 func (p *DBProvider) Destroy(sid string) error {
-	return login.DestroySession(sid)
+	return auth.DestroySession(sid)
 }
 
 // Regenerate regenerates a session store from old session ID to new one.
 func (p *DBProvider) Regenerate(oldsid, sid string) (_ session.RawStore, err error) {
-	s, err := login.RegenerateSession(oldsid, sid)
+	s, err := auth.RegenerateSession(oldsid, sid)
 	if err != nil {
 		return nil, err
 
@@ -153,7 +153,7 @@ func (p *DBProvider) Regenerate(oldsid, sid string) (_ session.RawStore, err err
 
 // Count counts and returns number of sessions.
 func (p *DBProvider) Count() int {
-	total, err := login.CountSessions()
+	total, err := auth.CountSessions()
 	if err != nil {
 		panic("session/DB: error counting records: " + err.Error())
 	}
@@ -162,7 +162,7 @@ func (p *DBProvider) Count() int {
 
 // GC calls GC to clean expired sessions.
 func (p *DBProvider) GC() {
-	if err := login.CleanupSessions(p.maxLifetime); err != nil {
+	if err := auth.CleanupSessions(p.maxLifetime); err != nil {
 		log.Printf("session/DB: error garbage collecting: %v", err)
 	}
 }