6 files changed, 1843 insertions, 0 deletions
diff --git a/models/user/avatar.go b/models/user/avatar.go
new file mode 100644
index 0000000000..c881642b56
--- /dev/null
+++ b/models/user/avatar.go
@@ -0,0 +1,113 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"context"
+	"crypto/md5"
+	"fmt"
+	"image/png"
+	"io"
+	"strings"
+
+	"code.gitea.io/gitea/models/avatars"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/avatar"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+)
+
+// CustomAvatarRelativePath returns user custom avatar relative path.
+func (u *User) CustomAvatarRelativePath() string {
+	return u.Avatar
+}
+
+// GenerateRandomAvatar generates a random avatar for user.
+func GenerateRandomAvatar(u *User) error {
+	return GenerateRandomAvatarCtx(db.DefaultContext, u)
+}
+
+// GenerateRandomAvatarCtx generates a random avatar for user.
+func GenerateRandomAvatarCtx(ctx context.Context, u *User) error {
+	seed := u.Email
+	if len(seed) == 0 {
+		seed = u.Name
+	}
+
+	img, err := avatar.RandomImage([]byte(seed))
+	if err != nil {
+		return fmt.Errorf("RandomImage: %v", err)
+	}
+
+	u.Avatar = avatars.HashEmail(seed)
+
+	// Don't share the images so that we can delete them easily
+	if err := storage.SaveFrom(storage.Avatars, u.CustomAvatarRelativePath(), func(w io.Writer) error {
+		if err := png.Encode(w, img); err != nil {
+			log.Error("Encode: %v", err)
+		}
+		return err
+	}); err != nil {
+		return fmt.Errorf("Failed to create dir %s: %v", u.CustomAvatarRelativePath(), err)
+	}
+
+	if _, err := db.GetEngine(ctx).ID(u.ID).Cols("avatar").Update(u); err != nil {
+		return err
+	}
+
+	log.Info("New random avatar created: %d", u.ID)
+	return nil
+}
+
+// AvatarLinkWithSize returns a link to the user's avatar with size. size <= 0 means default size
+func (u *User) AvatarLinkWithSize(size int) string {
+	if u.ID == -1 {
+		// ghost user
+		return avatars.DefaultAvatarLink()
+	}
+
+	useLocalAvatar := false
+	autoGenerateAvatar := false
+
+	switch {
+	case u.UseCustomAvatar:
+		useLocalAvatar = true
+	case setting.DisableGravatar, setting.OfflineMode:
+		useLocalAvatar = true
+		autoGenerateAvatar = true
+	}
+
+	if useLocalAvatar {
+		if u.Avatar == "" && autoGenerateAvatar {
+			if err := GenerateRandomAvatar(u); err != nil {
+				log.Error("GenerateRandomAvatar: %v", err)
+			}
+		}
+		if u.Avatar == "" {
+			return avatars.DefaultAvatarLink()
+		}
+		return avatars.GenerateUserAvatarImageLink(u.Avatar, size)
+	}
+	return avatars.GenerateEmailAvatarFastLink(u.AvatarEmail, size)
+}
+
+// AvatarLink returns the full avatar link with http host
+func (u *User) AvatarLink() string {
+	link := u.AvatarLinkWithSize(0)
+	if !strings.HasPrefix(link, "//") && !strings.Contains(link, "://") {
+		return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL+"/")
+	}
+	return link
+}
+
+// IsUploadAvatarChanged returns true if the current user's avatar would be changed with the provided data
+func (u *User) IsUploadAvatarChanged(data []byte) bool {
+	if !u.UseCustomAvatar || len(u.Avatar) == 0 {
+		return true
+	}
+	avatarID := fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
+	return u.Avatar != avatarID
+}
diff --git a/models/user/error.go b/models/user/error.go
new file mode 100644
index 0000000000..25e0d8ea8a
--- /dev/null
+++ b/models/user/error.go
@@ -0,0 +1,80 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"fmt"
+)
+
+//  ____ ___
+// |    |   \______ ___________
+// |    |   /  ___// __ \_  __ \
+// |    |  /\___ \\  ___/|  | \/
+// |______//____  >\___  >__|
+//              \/     \/
+
+// ErrUserAlreadyExist represents a "user already exists" error.
+type ErrUserAlreadyExist struct {
+	Name string
+}
+
+// IsErrUserAlreadyExist checks if an error is a ErrUserAlreadyExists.
+func IsErrUserAlreadyExist(err error) bool {
+	_, ok := err.(ErrUserAlreadyExist)
+	return ok
+}
+
+func (err ErrUserAlreadyExist) Error() string {
+	return fmt.Sprintf("user already exists [name: %s]", err.Name)
+}
+
+// ErrUserNotExist represents a "UserNotExist" kind of error.
+type ErrUserNotExist struct {
+	UID   int64
+	Name  string
+	KeyID int64
+}
+
+// IsErrUserNotExist checks if an error is a ErrUserNotExist.
+func IsErrUserNotExist(err error) bool {
+	_, ok := err.(ErrUserNotExist)
+	return ok
+}
+
+func (err ErrUserNotExist) Error() string {
+	return fmt.Sprintf("user does not exist [uid: %d, name: %s, keyid: %d]", err.UID, err.Name, err.KeyID)
+}
+
+// ErrUserProhibitLogin represents a "ErrUserProhibitLogin" kind of error.
+type ErrUserProhibitLogin struct {
+	UID  int64
+	Name string
+}
+
+// IsErrUserProhibitLogin checks if an error is a ErrUserProhibitLogin
+func IsErrUserProhibitLogin(err error) bool {
+	_, ok := err.(ErrUserProhibitLogin)
+	return ok
+}
+
+func (err ErrUserProhibitLogin) Error() string {
+	return fmt.Sprintf("user is not allowed login [uid: %d, name: %s]", err.UID, err.Name)
+}
+
+// ErrUserInactive represents a "ErrUserInactive" kind of error.
+type ErrUserInactive struct {
+	UID  int64
+	Name string
+}
+
+// IsErrUserInactive checks if an error is a ErrUserInactive
+func IsErrUserInactive(err error) bool {
+	_, ok := err.(ErrUserInactive)
+	return ok
+}
+
+func (err ErrUserInactive) Error() string {
+	return fmt.Sprintf("user is inactive [uid: %d, name: %s]", err.UID, err.Name)
+}
diff --git a/models/user/main_test.go b/models/user/main_test.go
index 925af0e8b2..55e5f9341c 100644
--- a/models/user/main_test.go
+++ b/models/user/main_test.go
@@ -17,5 +17,8 @@ func TestMain(m *testing.M) {
 		"user_redirect.yml",
 		"follow.yml",
 		"user_open_id.yml",
+		"two_factor.yml",
+		"oauth2_application.yml",
+		"user.yml",
 	)
 }
diff --git a/models/user/search.go b/models/user/search.go
new file mode 100644
index 0000000000..5c37bb9961
--- /dev/null
+++ b/models/user/search.go
@@ -0,0 +1,167 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
+
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+// SearchUserOptions contains the options for searching
+type SearchUserOptions struct {
+	db.ListOptions
+	Keyword       string
+	Type          UserType
+	UID           int64
+	OrderBy       db.SearchOrderBy
+	Visible       []structs.VisibleType
+	Actor         *User // The user doing the search
+	SearchByEmail bool  // Search by email as well as username/full name
+
+	IsActive           util.OptionalBool
+	IsAdmin            util.OptionalBool
+	IsRestricted       util.OptionalBool
+	IsTwoFactorEnabled util.OptionalBool
+	IsProhibitLogin    util.OptionalBool
+}
+
+func (opts *SearchUserOptions) toSearchQueryBase() *xorm.Session {
+	var cond builder.Cond = builder.Eq{"type": opts.Type}
+	if len(opts.Keyword) > 0 {
+		lowerKeyword := strings.ToLower(opts.Keyword)
+		keywordCond := builder.Or(
+			builder.Like{"lower_name", lowerKeyword},
+			builder.Like{"LOWER(full_name)", lowerKeyword},
+		)
+		if opts.SearchByEmail {
+			keywordCond = keywordCond.Or(builder.Like{"LOWER(email)", lowerKeyword})
+		}
+
+		cond = cond.And(keywordCond)
+	}
+
+	// If visibility filtered
+	if len(opts.Visible) > 0 {
+		cond = cond.And(builder.In("visibility", opts.Visible))
+	}
+
+	if opts.Actor != nil {
+		var exprCond builder.Cond = builder.Expr("org_user.org_id = `user`.id")
+
+		// If Admin - they see all users!
+		if !opts.Actor.IsAdmin {
+			// Force visibility for privacy
+			var accessCond builder.Cond
+			if !opts.Actor.IsRestricted {
+				accessCond = builder.Or(
+					builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID}, builder.Eq{"visibility": structs.VisibleTypePrivate}))),
+					builder.In("visibility", structs.VisibleTypePublic, structs.VisibleTypeLimited))
+			} else {
+				// restricted users only see orgs they are a member of
+				accessCond = builder.In("id", builder.Select("org_id").From("org_user").LeftJoin("`user`", exprCond).Where(builder.And(builder.Eq{"uid": opts.Actor.ID})))
+			}
+			// Don't forget about self
+			accessCond = accessCond.Or(builder.Eq{"id": opts.Actor.ID})
+			cond = cond.And(accessCond)
+		}
+
+	} else {
+		// Force visibility for privacy
+		// Not logged in - only public users
+		cond = cond.And(builder.In("visibility", structs.VisibleTypePublic))
+	}
+
+	if opts.UID > 0 {
+		cond = cond.And(builder.Eq{"id": opts.UID})
+	}
+
+	if !opts.IsActive.IsNone() {
+		cond = cond.And(builder.Eq{"is_active": opts.IsActive.IsTrue()})
+	}
+
+	if !opts.IsAdmin.IsNone() {
+		cond = cond.And(builder.Eq{"is_admin": opts.IsAdmin.IsTrue()})
+	}
+
+	if !opts.IsRestricted.IsNone() {
+		cond = cond.And(builder.Eq{"is_restricted": opts.IsRestricted.IsTrue()})
+	}
+
+	if !opts.IsProhibitLogin.IsNone() {
+		cond = cond.And(builder.Eq{"prohibit_login": opts.IsProhibitLogin.IsTrue()})
+	}
+
+	e := db.GetEngine(db.DefaultContext)
+	if opts.IsTwoFactorEnabled.IsNone() {
+		return e.Where(cond)
+	}
+
+	// 2fa filter uses LEFT JOIN to check whether a user has a 2fa record
+	// TODO: bad performance here, maybe there will be a column "is_2fa_enabled" in the future
+	if opts.IsTwoFactorEnabled.IsTrue() {
+		cond = cond.And(builder.Expr("two_factor.uid IS NOT NULL"))
+	} else {
+		cond = cond.And(builder.Expr("two_factor.uid IS NULL"))
+	}
+
+	return e.Join("LEFT OUTER", "two_factor", "two_factor.uid = `user`.id").
+		Where(cond)
+}
+
+// SearchUsers takes options i.e. keyword and part of user name to search,
+// it returns results in given range and number of total results.
+func SearchUsers(opts *SearchUserOptions) (users []*User, _ int64, _ error) {
+	sessCount := opts.toSearchQueryBase()
+	defer sessCount.Close()
+	count, err := sessCount.Count(new(User))
+	if err != nil {
+		return nil, 0, fmt.Errorf("Count: %v", err)
+	}
+
+	if len(opts.OrderBy) == 0 {
+		opts.OrderBy = db.SearchOrderByAlphabetically
+	}
+
+	sessQuery := opts.toSearchQueryBase().OrderBy(opts.OrderBy.String())
+	defer sessQuery.Close()
+	if opts.Page != 0 {
+		sessQuery = db.SetSessionPagination(sessQuery, opts)
+	}
+
+	// the sql may contain JOIN, so we must only select User related columns
+	sessQuery = sessQuery.Select("`user`.*")
+	users = make([]*User, 0, opts.PageSize)
+	return users, count, sessQuery.Find(&users)
+}
+
+// IterateUser iterate users
+func IterateUser(f func(user *User) error) error {
+	var start int
+	batchSize := setting.Database.IterateBufferSize
+	for {
+		users := make([]*User, 0, batchSize)
+		if err := db.GetEngine(db.DefaultContext).Limit(batchSize, start).Find(&users); err != nil {
+			return err
+		}
+		if len(users) == 0 {
+			return nil
+		}
+		start += len(users)
+
+		for _, user := range users {
+			if err := f(user); err != nil {
+				return err
+			}
+		}
+	}
+}
diff --git a/models/user/user.go b/models/user/user.go
new file mode 100644
index 0000000000..f8ccee0b38
--- /dev/null
+++ b/models/user/user.go
@@ -0,0 +1,1125 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"context"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	_ "image/jpeg" // Needed for jpeg support
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/modules/auth/openid"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
+
+	"golang.org/x/crypto/argon2"
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/crypto/pbkdf2"
+	"golang.org/x/crypto/scrypt"
+	"xorm.io/builder"
+)
+
+// UserType defines the user type
+type UserType int //revive:disable-line:exported
+
+const (
+	// UserTypeIndividual defines an individual user
+	UserTypeIndividual UserType = iota // Historic reason to make it starts at 0.
+
+	// UserTypeOrganization defines an organization
+	UserTypeOrganization
+)
+
+const (
+	algoBcrypt = "bcrypt"
+	algoScrypt = "scrypt"
+	algoArgon2 = "argon2"
+	algoPbkdf2 = "pbkdf2"
+)
+
+// AvailableHashAlgorithms represents the available password hashing algorithms
+var AvailableHashAlgorithms = []string{
+	algoPbkdf2,
+	algoArgon2,
+	algoScrypt,
+	algoBcrypt,
+}
+
+const (
+	// EmailNotificationsEnabled indicates that the user would like to receive all email notifications
+	EmailNotificationsEnabled = "enabled"
+	// EmailNotificationsOnMention indicates that the user would like to be notified via email when mentioned.
+	EmailNotificationsOnMention = "onmention"
+	// EmailNotificationsDisabled indicates that the user would not like to be notified via email.
+	EmailNotificationsDisabled = "disabled"
+)
+
+var (
+	// ErrUserNameIllegal user name contains illegal characters error
+	ErrUserNameIllegal = errors.New("User name contains illegal characters")
+)
+
+// User represents the object of individual and member of organization.
+type User struct {
+	ID        int64  `xorm:"pk autoincr"`
+	LowerName string `xorm:"UNIQUE NOT NULL"`
+	Name      string `xorm:"UNIQUE NOT NULL"`
+	FullName  string
+	// Email is the primary email address (to be used for communication)
+	Email                        string `xorm:"NOT NULL"`
+	KeepEmailPrivate             bool
+	EmailNotificationsPreference string `xorm:"VARCHAR(20) NOT NULL DEFAULT 'enabled'"`
+	Passwd                       string `xorm:"NOT NULL"`
+	PasswdHashAlgo               string `xorm:"NOT NULL DEFAULT 'argon2'"`
+
+	// MustChangePassword is an attribute that determines if a user
+	// is to change his/her password after registration.
+	MustChangePassword bool `xorm:"NOT NULL DEFAULT false"`
+
+	LoginType   login.Type
+	LoginSource int64 `xorm:"NOT NULL DEFAULT 0"`
+	LoginName   string
+	Type        UserType
+	Location    string
+	Website     string
+	Rands       string `xorm:"VARCHAR(10)"`
+	Salt        string `xorm:"VARCHAR(10)"`
+	Language    string `xorm:"VARCHAR(5)"`
+	Description string
+
+	CreatedUnix   timeutil.TimeStamp `xorm:"INDEX created"`
+	UpdatedUnix   timeutil.TimeStamp `xorm:"INDEX updated"`
+	LastLoginUnix timeutil.TimeStamp `xorm:"INDEX"`
+
+	// Remember visibility choice for convenience, true for private
+	LastRepoVisibility bool
+	// Maximum repository creation limit, -1 means use global default
+	MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
+
+	// IsActive true: primary email is activated, user can access Web UI and Git SSH.
+	// false: an inactive user can only log in Web UI for account operations (ex: activate the account by email), no other access.
+	IsActive bool `xorm:"INDEX"`
+	// the user is a Gitea admin, who can access all repositories and the admin pages.
+	IsAdmin bool
+	// true: the user is only allowed to see organizations/repositories that they has explicit rights to.
+	// (ex: in private Gitea instances user won't be allowed to see even organizations/repositories that are set as public)
+	IsRestricted bool `xorm:"NOT NULL DEFAULT false"`
+
+	AllowGitHook            bool
+	AllowImportLocal        bool // Allow migrate repository by local path
+	AllowCreateOrganization bool `xorm:"DEFAULT true"`
+
+	// true: the user is not allowed to log in Web UI. Git/SSH access could still be allowed (please refer to Git/SSH access related code/documents)
+	ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
+
+	// Avatar
+	Avatar          string `xorm:"VARCHAR(2048) NOT NULL"`
+	AvatarEmail     string `xorm:"NOT NULL"`
+	UseCustomAvatar bool
+
+	// Counters
+	NumFollowers int
+	NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
+	NumStars     int
+	NumRepos     int
+
+	// For organization
+	NumTeams                  int
+	NumMembers                int
+	Visibility                structs.VisibleType `xorm:"NOT NULL DEFAULT 0"`
+	RepoAdminChangeTeamAccess bool                `xorm:"NOT NULL DEFAULT false"`
+
+	// Preferences
+	DiffViewStyle       string `xorm:"NOT NULL DEFAULT ''"`
+	Theme               string `xorm:"NOT NULL DEFAULT ''"`
+	KeepActivityPrivate bool   `xorm:"NOT NULL DEFAULT false"`
+}
+
+func init() {
+	db.RegisterModel(new(User))
+}
+
+// SearchOrganizationsOptions options to filter organizations
+type SearchOrganizationsOptions struct {
+	db.ListOptions
+	All bool
+}
+
+// ColorFormat writes a colored string to identify this struct
+func (u *User) ColorFormat(s fmt.State) {
+	log.ColorFprintf(s, "%d:%s",
+		log.NewColoredIDValue(u.ID),
+		log.NewColoredValue(u.Name))
+}
+
+// BeforeUpdate is invoked from XORM before updating this object.
+func (u *User) BeforeUpdate() {
+	if u.MaxRepoCreation < -1 {
+		u.MaxRepoCreation = -1
+	}
+
+	// Organization does not need email
+	u.Email = strings.ToLower(u.Email)
+	if !u.IsOrganization() {
+		if len(u.AvatarEmail) == 0 {
+			u.AvatarEmail = u.Email
+		}
+	}
+
+	u.LowerName = strings.ToLower(u.Name)
+	u.Location = base.TruncateString(u.Location, 255)
+	u.Website = base.TruncateString(u.Website, 255)
+	u.Description = base.TruncateString(u.Description, 255)
+}
+
+// AfterLoad is invoked from XORM after filling all the fields of this object.
+func (u *User) AfterLoad() {
+	if u.Theme == "" {
+		u.Theme = setting.UI.DefaultTheme
+	}
+}
+
+// SetLastLogin set time to last login
+func (u *User) SetLastLogin() {
+	u.LastLoginUnix = timeutil.TimeStampNow()
+}
+
+// UpdateUserDiffViewStyle updates the users diff view style
+func UpdateUserDiffViewStyle(u *User, style string) error {
+	u.DiffViewStyle = style
+	return UpdateUserCols(db.DefaultContext, u, "diff_view_style")
+}
+
+// UpdateUserTheme updates a users' theme irrespective of the site wide theme
+func UpdateUserTheme(u *User, themeName string) error {
+	u.Theme = themeName
+	return UpdateUserCols(db.DefaultContext, u, "theme")
+}
+
+// GetEmail returns an noreply email, if the user has set to keep his
+// email address private, otherwise the primary email address.
+func (u *User) GetEmail() string {
+	if u.KeepEmailPrivate {
+		return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
+	}
+	return u.Email
+}
+
+// GetAllUsers returns a slice of all individual users found in DB.
+func GetAllUsers() ([]*User, error) {
+	users := make([]*User, 0)
+	return users, db.GetEngine(db.DefaultContext).OrderBy("id").Where("type = ?", UserTypeIndividual).Find(&users)
+}
+
+// IsLocal returns true if user login type is LoginPlain.
+func (u *User) IsLocal() bool {
+	return u.LoginType <= login.Plain
+}
+
+// IsOAuth2 returns true if user login type is LoginOAuth2.
+func (u *User) IsOAuth2() bool {
+	return u.LoginType == login.OAuth2
+}
+
+// MaxCreationLimit returns the number of repositories a user is allowed to create
+func (u *User) MaxCreationLimit() int {
+	if u.MaxRepoCreation <= -1 {
+		return setting.Repository.MaxCreationLimit
+	}
+	return u.MaxRepoCreation
+}
+
+// CanCreateRepo returns if user login can create a repository
+// NOTE: functions calling this assume a failure due to repository count limit; if new checks are added, those functions should be revised
+func (u *User) CanCreateRepo() bool {
+	if u.IsAdmin {
+		return true
+	}
+	if u.MaxRepoCreation <= -1 {
+		if setting.Repository.MaxCreationLimit <= -1 {
+			return true
+		}
+		return u.NumRepos < setting.Repository.MaxCreationLimit
+	}
+	return u.NumRepos < u.MaxRepoCreation
+}
+
+// CanCreateOrganization returns true if user can create organisation.
+func (u *User) CanCreateOrganization() bool {
+	return u.IsAdmin || (u.AllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation)
+}
+
+// CanEditGitHook returns true if user can edit Git hooks.
+func (u *User) CanEditGitHook() bool {
+	return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
+}
+
+// CanImportLocal returns true if user can migrate repository by local path.
+func (u *User) CanImportLocal() bool {
+	if !setting.ImportLocalPaths || u == nil {
+		return false
+	}
+	return u.IsAdmin || u.AllowImportLocal
+}
+
+// DashboardLink returns the user dashboard page link.
+func (u *User) DashboardLink() string {
+	if u.IsOrganization() {
+		return u.OrganisationLink() + "/dashboard"
+	}
+	return setting.AppSubURL + "/"
+}
+
+// HomeLink returns the user or organization home page link.
+func (u *User) HomeLink() string {
+	return setting.AppSubURL + "/" + url.PathEscape(u.Name)
+}
+
+// HTMLURL returns the user or organization's full link.
+func (u *User) HTMLURL() string {
+	return setting.AppURL + url.PathEscape(u.Name)
+}
+
+// OrganisationLink returns the organization sub page link.
+func (u *User) OrganisationLink() string {
+	return setting.AppSubURL + "/org/" + url.PathEscape(u.Name)
+}
+
+// GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
+func (u *User) GenerateEmailActivateCode(email string) string {
+	code := base.CreateTimeLimitCode(
+		fmt.Sprintf("%d%s%s%s%s", u.ID, email, u.LowerName, u.Passwd, u.Rands),
+		setting.Service.ActiveCodeLives, nil)
+
+	// Add tail hex username
+	code += hex.EncodeToString([]byte(u.LowerName))
+	return code
+}
+
+// GetUserFollowers returns range of user's followers.
+func GetUserFollowers(u *User, listOptions db.ListOptions) ([]*User, error) {
+	sess := db.GetEngine(db.DefaultContext).
+		Where("follow.follow_id=?", u.ID).
+		Join("LEFT", "follow", "`user`.id=follow.user_id")
+
+	if listOptions.Page != 0 {
+		sess = db.SetSessionPagination(sess, &listOptions)
+
+		users := make([]*User, 0, listOptions.PageSize)
+		return users, sess.Find(&users)
+	}
+
+	users := make([]*User, 0, 8)
+	return users, sess.Find(&users)
+}
+
+// GetUserFollowing returns range of user's following.
+func GetUserFollowing(u *User, listOptions db.ListOptions) ([]*User, error) {
+	sess := db.GetEngine(db.DefaultContext).
+		Where("follow.user_id=?", u.ID).
+		Join("LEFT", "follow", "`user`.id=follow.follow_id")
+
+	if listOptions.Page != 0 {
+		sess = db.SetSessionPagination(sess, &listOptions)
+
+		users := make([]*User, 0, listOptions.PageSize)
+		return users, sess.Find(&users)
+	}
+
+	users := make([]*User, 0, 8)
+	return users, sess.Find(&users)
+}
+
+// NewGitSig generates and returns the signature of given user.
+func (u *User) NewGitSig() *git.Signature {
+	return &git.Signature{
+		Name:  u.GitName(),
+		Email: u.GetEmail(),
+		When:  time.Now(),
+	}
+}
+
+func hashPassword(passwd, salt, algo string) string {
+	var tempPasswd []byte
+
+	switch algo {
+	case algoBcrypt:
+		tempPasswd, _ = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.DefaultCost)
+		return string(tempPasswd)
+	case algoScrypt:
+		tempPasswd, _ = scrypt.Key([]byte(passwd), []byte(salt), 65536, 16, 2, 50)
+	case algoArgon2:
+		tempPasswd = argon2.IDKey([]byte(passwd), []byte(salt), 2, 65536, 8, 50)
+	case algoPbkdf2:
+		fallthrough
+	default:
+		tempPasswd = pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)
+	}
+
+	return fmt.Sprintf("%x", tempPasswd)
+}
+
+// SetPassword hashes a password using the algorithm defined in the config value of PASSWORD_HASH_ALGO
+// change passwd, salt and passwd_hash_algo fields
+func (u *User) SetPassword(passwd string) (err error) {
+	if len(passwd) == 0 {
+		u.Passwd = ""
+		u.Salt = ""
+		u.PasswdHashAlgo = ""
+		return nil
+	}
+
+	if u.Salt, err = GetUserSalt(); err != nil {
+		return err
+	}
+	u.PasswdHashAlgo = setting.PasswordHashAlgo
+	u.Passwd = hashPassword(passwd, u.Salt, setting.PasswordHashAlgo)
+
+	return nil
+}
+
+// ValidatePassword checks if given password matches the one belongs to the user.
+func (u *User) ValidatePassword(passwd string) bool {
+	tempHash := hashPassword(passwd, u.Salt, u.PasswdHashAlgo)
+
+	if u.PasswdHashAlgo != algoBcrypt && subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(tempHash)) == 1 {
+		return true
+	}
+	if u.PasswdHashAlgo == algoBcrypt && bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(passwd)) == nil {
+		return true
+	}
+	return false
+}
+
+// IsPasswordSet checks if the password is set or left empty
+func (u *User) IsPasswordSet() bool {
+	return len(u.Passwd) != 0
+}
+
+// IsOrganization returns true if user is actually a organization.
+func (u *User) IsOrganization() bool {
+	return u.Type == UserTypeOrganization
+}
+
+// DisplayName returns full name if it's not empty,
+// returns username otherwise.
+func (u *User) DisplayName() string {
+	trimmed := strings.TrimSpace(u.FullName)
+	if len(trimmed) > 0 {
+		return trimmed
+	}
+	return u.Name
+}
+
+// GetDisplayName returns full name if it's not empty and DEFAULT_SHOW_FULL_NAME is set,
+// returns username otherwise.
+func (u *User) GetDisplayName() string {
+	if setting.UI.DefaultShowFullName {
+		trimmed := strings.TrimSpace(u.FullName)
+		if len(trimmed) > 0 {
+			return trimmed
+		}
+	}
+	return u.Name
+}
+
+func gitSafeName(name string) string {
+	return strings.TrimSpace(strings.NewReplacer("\n", "", "<", "", ">", "").Replace(name))
+}
+
+// GitName returns a git safe name
+func (u *User) GitName() string {
+	gitName := gitSafeName(u.FullName)
+	if len(gitName) > 0 {
+		return gitName
+	}
+	// Although u.Name should be safe if created in our system
+	// LDAP users may have bad names
+	gitName = gitSafeName(u.Name)
+	if len(gitName) > 0 {
+		return gitName
+	}
+	// Totally pathological name so it's got to be:
+	return fmt.Sprintf("user-%d", u.ID)
+}
+
+// ShortName ellipses username to length
+func (u *User) ShortName(length int) string {
+	return base.EllipsisString(u.Name, length)
+}
+
+// IsMailable checks if a user is eligible
+// to receive emails.
+func (u *User) IsMailable() bool {
+	return u.IsActive
+}
+
+// EmailNotifications returns the User's email notification preference
+func (u *User) EmailNotifications() string {
+	return u.EmailNotificationsPreference
+}
+
+// SetEmailNotifications sets the user's email notification preference
+func SetEmailNotifications(u *User, set string) error {
+	u.EmailNotificationsPreference = set
+	if err := UpdateUserCols(db.DefaultContext, u, "email_notifications_preference"); err != nil {
+		log.Error("SetEmailNotifications: %v", err)
+		return err
+	}
+	return nil
+}
+
+func isUserExist(e db.Engine, uid int64, name string) (bool, error) {
+	if len(name) == 0 {
+		return false, nil
+	}
+	return e.
+		Where("id!=?", uid).
+		Get(&User{LowerName: strings.ToLower(name)})
+}
+
+// IsUserExist checks if given user name exist,
+// the user name should be noncased unique.
+// If uid is presented, then check will rule out that one,
+// it is used when update a user name in settings page.
+func IsUserExist(uid int64, name string) (bool, error) {
+	return isUserExist(db.GetEngine(db.DefaultContext), uid, name)
+}
+
+// GetUserSalt returns a random user salt token.
+func GetUserSalt() (string, error) {
+	return util.RandomString(10)
+}
+
+// NewGhostUser creates and returns a fake user for someone has deleted his/her account.
+func NewGhostUser() *User {
+	return &User{
+		ID:        -1,
+		Name:      "Ghost",
+		LowerName: "ghost",
+	}
+}
+
+// NewReplaceUser creates and returns a fake user for external user
+func NewReplaceUser(name string) *User {
+	return &User{
+		ID:        -1,
+		Name:      name,
+		LowerName: strings.ToLower(name),
+	}
+}
+
+// IsGhost check if user is fake user for a deleted account
+func (u *User) IsGhost() bool {
+	if u == nil {
+		return false
+	}
+	return u.ID == -1 && u.Name == "Ghost"
+}
+
+var (
+	reservedUsernames = []string{
+		".",
+		"..",
+		".well-known",
+		"admin",
+		"api",
+		"assets",
+		"attachments",
+		"avatars",
+		"captcha",
+		"commits",
+		"debug",
+		"error",
+		"explore",
+		"favicon.ico",
+		"ghost",
+		"help",
+		"install",
+		"issues",
+		"less",
+		"login",
+		"manifest.json",
+		"metrics",
+		"milestones",
+		"new",
+		"notifications",
+		"org",
+		"plugins",
+		"pulls",
+		"raw",
+		"repo",
+		"robots.txt",
+		"search",
+		"serviceworker.js",
+		"stars",
+		"template",
+		"user",
+	}
+
+	reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
+)
+
+// IsUsableUsername returns an error when a username is reserved
+func IsUsableUsername(name string) error {
+	// Validate username make sure it satisfies requirement.
+	if db.AlphaDashDotPattern.MatchString(name) {
+		// Note: usually this error is normally caught up earlier in the UI
+		return db.ErrNameCharsNotAllowed{Name: name}
+	}
+	return db.IsUsableName(reservedUsernames, reservedUserPatterns, name)
+}
+
+// CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation
+type CreateUserOverwriteOptions struct {
+	Visibility structs.VisibleType
+}
+
+// CreateUser creates record of a new user.
+func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
+	if err = IsUsableUsername(u.Name); err != nil {
+		return err
+	}
+
+	// set system defaults
+	u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
+	u.Visibility = setting.Service.DefaultUserVisibilityMode
+	u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
+	u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
+	u.MaxRepoCreation = -1
+	u.Theme = setting.UI.DefaultTheme
+
+	// overwrite defaults if set
+	if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
+		u.Visibility = overwriteDefault[0].Visibility
+	}
+
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+
+	sess := db.GetEngine(ctx)
+
+	// validate data
+	if err := validateUser(u); err != nil {
+		return err
+	}
+
+	isExist, err := isUserExist(sess, 0, u.Name)
+	if err != nil {
+		return err
+	} else if isExist {
+		return ErrUserAlreadyExist{u.Name}
+	}
+
+	isExist, err = IsEmailUsed(ctx, u.Email)
+	if err != nil {
+		return err
+	} else if isExist {
+		return ErrEmailAlreadyUsed{
+			Email: u.Email,
+		}
+	}
+
+	// prepare for database
+
+	u.LowerName = strings.ToLower(u.Name)
+	u.AvatarEmail = u.Email
+	if u.Rands, err = GetUserSalt(); err != nil {
+		return err
+	}
+	if err = u.SetPassword(u.Passwd); err != nil {
+		return err
+	}
+
+	// save changes to database
+
+	if err = DeleteUserRedirect(ctx, u.Name); err != nil {
+		return err
+	}
+
+	if err = db.Insert(ctx, u); err != nil {
+		return err
+	}
+
+	// insert email address
+	if err := db.Insert(ctx, &EmailAddress{
+		UID:         u.ID,
+		Email:       u.Email,
+		LowerEmail:  strings.ToLower(u.Email),
+		IsActivated: u.IsActive,
+		IsPrimary:   true,
+	}); err != nil {
+		return err
+	}
+
+	return committer.Commit()
+}
+
+func countUsers(e db.Engine) int64 {
+	count, _ := e.
+		Where("type=0").
+		Count(new(User))
+	return count
+}
+
+// CountUsers returns number of users.
+func CountUsers() int64 {
+	return countUsers(db.GetEngine(db.DefaultContext))
+}
+
+// GetVerifyUser get user by verify code
+func GetVerifyUser(code string) (user *User) {
+	if len(code) <= base.TimeLimitCodeLength {
+		return nil
+	}
+
+	// use tail hex username query user
+	hexStr := code[base.TimeLimitCodeLength:]
+	if b, err := hex.DecodeString(hexStr); err == nil {
+		if user, err = GetUserByName(string(b)); user != nil {
+			return user
+		}
+		log.Error("user.getVerifyUser: %v", err)
+	}
+
+	return nil
+}
+
+// VerifyUserActiveCode verifies active code when active account
+func VerifyUserActiveCode(code string) (user *User) {
+	minutes := setting.Service.ActiveCodeLives
+
+	if user = GetVerifyUser(code); user != nil {
+		// time limit code
+		prefix := code[:base.TimeLimitCodeLength]
+		data := fmt.Sprintf("%d%s%s%s%s", user.ID, user.Email, user.LowerName, user.Passwd, user.Rands)
+
+		if base.VerifyTimeLimitCode(data, minutes, prefix) {
+			return user
+		}
+	}
+	return nil
+}
+
+// ChangeUserName changes all corresponding setting from old user name to new one.
+func ChangeUserName(u *User, newUserName string) (err error) {
+	oldUserName := u.Name
+	if err = IsUsableUsername(newUserName); err != nil {
+		return err
+	}
+
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+	sess := db.GetEngine(ctx)
+
+	isExist, err := isUserExist(sess, 0, newUserName)
+	if err != nil {
+		return err
+	} else if isExist {
+		return ErrUserAlreadyExist{newUserName}
+	}
+
+	if _, err = sess.Exec("UPDATE `repository` SET owner_name=? WHERE owner_name=?", newUserName, oldUserName); err != nil {
+		return fmt.Errorf("Change repo owner name: %v", err)
+	}
+
+	// Do not fail if directory does not exist
+	if err = util.Rename(UserPath(oldUserName), UserPath(newUserName)); err != nil && !os.IsNotExist(err) {
+		return fmt.Errorf("Rename user directory: %v", err)
+	}
+
+	if err = NewUserRedirect(ctx, u.ID, oldUserName, newUserName); err != nil {
+		return err
+	}
+
+	if err = committer.Commit(); err != nil {
+		if err2 := util.Rename(UserPath(newUserName), UserPath(oldUserName)); err2 != nil && !os.IsNotExist(err2) {
+			log.Critical("Unable to rollback directory change during failed username change from: %s to: %s. DB Error: %v. Filesystem Error: %v", oldUserName, newUserName, err, err2)
+			return fmt.Errorf("failed to rollback directory change during failed username change from: %s to: %s. DB Error: %w. Filesystem Error: %v", oldUserName, newUserName, err, err2)
+		}
+		return err
+	}
+
+	return nil
+}
+
+// checkDupEmail checks whether there are the same email with the user
+func checkDupEmail(e db.Engine, u *User) error {
+	u.Email = strings.ToLower(u.Email)
+	has, err := e.
+		Where("id!=?", u.ID).
+		And("type=?", u.Type).
+		And("email=?", u.Email).
+		Get(new(User))
+	if err != nil {
+		return err
+	} else if has {
+		return ErrEmailAlreadyUsed{
+			Email: u.Email,
+		}
+	}
+	return nil
+}
+
+// validateUser check if user is valid to insert / update into database
+func validateUser(u *User) error {
+	if !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(u.Visibility) && !u.IsOrganization() {
+		return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
+	}
+
+	u.Email = strings.ToLower(u.Email)
+	return ValidateEmail(u.Email)
+}
+
+func updateUser(e db.Engine, u *User) error {
+	if err := validateUser(u); err != nil {
+		return err
+	}
+
+	_, err := e.ID(u.ID).AllCols().Update(u)
+	return err
+}
+
+// UpdateUser updates user's information.
+func UpdateUser(u *User) error {
+	return updateUser(db.GetEngine(db.DefaultContext), u)
+}
+
+// UpdateUserCols update user according special columns
+func UpdateUserCols(ctx context.Context, u *User, cols ...string) error {
+	return updateUserCols(db.GetEngine(ctx), u, cols...)
+}
+
+// UpdateUserColsEngine update user according special columns
+func UpdateUserColsEngine(e db.Engine, u *User, cols ...string) error {
+	return updateUserCols(e, u, cols...)
+}
+
+func updateUserCols(e db.Engine, u *User, cols ...string) error {
+	if err := validateUser(u); err != nil {
+		return err
+	}
+
+	_, err := e.ID(u.ID).Cols(cols...).Update(u)
+	return err
+}
+
+// UpdateUserSetting updates user's settings.
+func UpdateUserSetting(u *User) (err error) {
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+	sess := db.GetEngine(ctx)
+
+	if !u.IsOrganization() {
+		if err = checkDupEmail(sess, u); err != nil {
+			return err
+		}
+	}
+	if err = updateUser(sess, u); err != nil {
+		return err
+	}
+	return committer.Commit()
+}
+
+// GetInactiveUsers gets all inactive users
+func GetInactiveUsers(ctx context.Context, olderThan time.Duration) ([]*User, error) {
+	var cond builder.Cond = builder.Eq{"is_active": false}
+
+	if olderThan > 0 {
+		cond = cond.And(builder.Lt{"created_unix": time.Now().Add(-olderThan).Unix()})
+	}
+
+	users := make([]*User, 0, 10)
+	return users, db.GetEngine(ctx).
+		Where(cond).
+		Find(&users)
+}
+
+// UserPath returns the path absolute path of user repositories.
+func UserPath(userName string) string { //revive:disable-line:exported
+	return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
+}
+
+// GetUserByIDEngine returns the user object by given ID if exists.
+func GetUserByIDEngine(e db.Engine, id int64) (*User, error) {
+	u := new(User)
+	has, err := e.ID(id).Get(u)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist{id, "", 0}
+	}
+	return u, nil
+}
+
+// GetUserByID returns the user object by given ID if exists.
+func GetUserByID(id int64) (*User, error) {
+	return GetUserByIDCtx(db.DefaultContext, id)
+}
+
+// GetUserByIDCtx returns the user object by given ID if exists.
+func GetUserByIDCtx(ctx context.Context, id int64) (*User, error) {
+	return GetUserByIDEngine(db.GetEngine(ctx), id)
+}
+
+// GetUserByName returns user by given name.
+func GetUserByName(name string) (*User, error) {
+	return GetUserByNameCtx(db.DefaultContext, name)
+}
+
+// GetUserByNameCtx returns user by given name.
+func GetUserByNameCtx(ctx context.Context, name string) (*User, error) {
+	if len(name) == 0 {
+		return nil, ErrUserNotExist{0, name, 0}
+	}
+	u := &User{LowerName: strings.ToLower(name)}
+	has, err := db.GetEngine(ctx).Get(u)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist{0, name, 0}
+	}
+	return u, nil
+}
+
+// GetUserEmailsByNames returns a list of e-mails corresponds to names of users
+// that have their email notifications set to enabled or onmention.
+func GetUserEmailsByNames(names []string) []string {
+	return getUserEmailsByNames(db.DefaultContext, names)
+}
+
+func getUserEmailsByNames(ctx context.Context, names []string) []string {
+	mails := make([]string, 0, len(names))
+	for _, name := range names {
+		u, err := GetUserByNameCtx(ctx, name)
+		if err != nil {
+			continue
+		}
+		if u.IsMailable() && u.EmailNotifications() != EmailNotificationsDisabled {
+			mails = append(mails, u.Email)
+		}
+	}
+	return mails
+}
+
+// GetMaileableUsersByIDs gets users from ids, but only if they can receive mails
+func GetMaileableUsersByIDs(ids []int64, isMention bool) ([]*User, error) {
+	if len(ids) == 0 {
+		return nil, nil
+	}
+	ous := make([]*User, 0, len(ids))
+
+	if isMention {
+		return ous, db.GetEngine(db.DefaultContext).In("id", ids).
+			Where("`type` = ?", UserTypeIndividual).
+			And("`prohibit_login` = ?", false).
+			And("`is_active` = ?", true).
+			And("`email_notifications_preference` IN ( ?, ?)", EmailNotificationsEnabled, EmailNotificationsOnMention).
+			Find(&ous)
+	}
+
+	return ous, db.GetEngine(db.DefaultContext).In("id", ids).
+		Where("`type` = ?", UserTypeIndividual).
+		And("`prohibit_login` = ?", false).
+		And("`is_active` = ?", true).
+		And("`email_notifications_preference` = ?", EmailNotificationsEnabled).
+		Find(&ous)
+}
+
+// GetUserNamesByIDs returns usernames for all resolved users from a list of Ids.
+func GetUserNamesByIDs(ids []int64) ([]string, error) {
+	unames := make([]string, 0, len(ids))
+	err := db.GetEngine(db.DefaultContext).In("id", ids).
+		Table("user").
+		Asc("name").
+		Cols("name").
+		Find(&unames)
+	return unames, err
+}
+
+// GetUserIDsByNames returns a slice of ids corresponds to names.
+func GetUserIDsByNames(names []string, ignoreNonExistent bool) ([]int64, error) {
+	ids := make([]int64, 0, len(names))
+	for _, name := range names {
+		u, err := GetUserByName(name)
+		if err != nil {
+			if ignoreNonExistent {
+				continue
+			} else {
+				return nil, err
+			}
+		}
+		ids = append(ids, u.ID)
+	}
+	return ids, nil
+}
+
+// GetUsersBySource returns a list of Users for a login source
+func GetUsersBySource(s *login.Source) ([]*User, error) {
+	var users []*User
+	err := db.GetEngine(db.DefaultContext).Where("login_type = ? AND login_source = ?", s.Type, s.ID).Find(&users)
+	return users, err
+}
+
+// UserCommit represents a commit with validation of user.
+type UserCommit struct { //revive:disable-line:exported
+	User *User
+	*git.Commit
+}
+
+// ValidateCommitWithEmail check if author's e-mail of commit is corresponding to a user.
+func ValidateCommitWithEmail(c *git.Commit) *User {
+	if c.Author == nil {
+		return nil
+	}
+	u, err := GetUserByEmail(c.Author.Email)
+	if err != nil {
+		return nil
+	}
+	return u
+}
+
+// ValidateCommitsWithEmails checks if authors' e-mails of commits are corresponding to users.
+func ValidateCommitsWithEmails(oldCommits []*git.Commit) []*UserCommit {
+	var (
+		emails     = make(map[string]*User)
+		newCommits = make([]*UserCommit, 0, len(oldCommits))
+	)
+	for _, c := range oldCommits {
+		var u *User
+		if c.Author != nil {
+			if v, ok := emails[c.Author.Email]; !ok {
+				u, _ = GetUserByEmail(c.Author.Email)
+				emails[c.Author.Email] = u
+			} else {
+				u = v
+			}
+		}
+
+		newCommits = append(newCommits, &UserCommit{
+			User:   u,
+			Commit: c,
+		})
+	}
+	return newCommits
+}
+
+// GetUserByEmail returns the user object by given e-mail if exists.
+func GetUserByEmail(email string) (*User, error) {
+	return GetUserByEmailContext(db.DefaultContext, email)
+}
+
+// GetUserByEmailContext returns the user object by given e-mail if exists with db context
+func GetUserByEmailContext(ctx context.Context, email string) (*User, error) {
+	if len(email) == 0 {
+		return nil, ErrUserNotExist{0, email, 0}
+	}
+
+	email = strings.ToLower(email)
+	// First try to find the user by primary email
+	user := &User{Email: email}
+	has, err := db.GetEngine(ctx).Get(user)
+	if err != nil {
+		return nil, err
+	}
+	if has {
+		return user, nil
+	}
+
+	// Otherwise, check in alternative list for activated email addresses
+	emailAddress := &EmailAddress{Email: email, IsActivated: true}
+	has, err = db.GetEngine(ctx).Get(emailAddress)
+	if err != nil {
+		return nil, err
+	}
+	if has {
+		return GetUserByIDCtx(ctx, emailAddress.UID)
+	}
+
+	// Finally, if email address is the protected email address:
+	if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
+		username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
+		user := &User{}
+		has, err := db.GetEngine(ctx).Where("lower_name=?", username).Get(user)
+		if err != nil {
+			return nil, err
+		}
+		if has {
+			return user, nil
+		}
+	}
+
+	return nil, ErrUserNotExist{0, email, 0}
+}
+
+// GetUser checks if a user already exists
+func GetUser(user *User) (bool, error) {
+	return db.GetEngine(db.DefaultContext).Get(user)
+}
+
+// GetUserByOpenID returns the user object by given OpenID if exists.
+func GetUserByOpenID(uri string) (*User, error) {
+	if len(uri) == 0 {
+		return nil, ErrUserNotExist{0, uri, 0}
+	}
+
+	uri, err := openid.Normalize(uri)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Trace("Normalized OpenID URI: " + uri)
+
+	// Otherwise, check in openid table
+	oid := &UserOpenID{}
+	has, err := db.GetEngine(db.DefaultContext).Where("uri=?", uri).Get(oid)
+	if err != nil {
+		return nil, err
+	}
+	if has {
+		return GetUserByID(oid.UID)
+	}
+
+	return nil, ErrUserNotExist{0, uri, 0}
+}
+
+// GetAdminUser returns the first administrator
+func GetAdminUser() (*User, error) {
+	var admin User
+	has, err := db.GetEngine(db.DefaultContext).Where("is_admin=?", true).Get(&admin)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist{}
+	}
+
+	return &admin, nil
+}
diff --git a/models/user/user_test.go b/models/user/user_test.go
new file mode 100644
index 0000000000..ac49852254
--- /dev/null
+++ b/models/user/user_test.go
@@ -0,0 +1,355 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package user
+
+import (
+	"math/rand"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOAuth2Application_LoadUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	app := unittest.AssertExistsAndLoadBean(t, &login.OAuth2Application{ID: 1}).(*login.OAuth2Application)
+	user, err := GetUserByID(app.UID)
+	assert.NoError(t, err)
+	assert.NotNil(t, user)
+}
+
+func TestGetUserEmailsByNames(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// ignore none active user email
+	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames([]string{"user8", "user9"}))
+	assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, GetUserEmailsByNames([]string{"user8", "user5"}))
+
+	assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames([]string{"user8", "user7"}))
+}
+
+func TestCanCreateOrganization(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	admin := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	assert.True(t, admin.CanCreateOrganization())
+
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.True(t, user.CanCreateOrganization())
+	// Disable user create organization permission.
+	user.AllowCreateOrganization = false
+	assert.False(t, user.CanCreateOrganization())
+
+	setting.Admin.DisableRegularOrgCreation = true
+	user.AllowCreateOrganization = true
+	assert.True(t, admin.CanCreateOrganization())
+	assert.False(t, user.CanCreateOrganization())
+}
+
+func TestSearchUsers(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	testSuccess := func(opts *SearchUserOptions, expectedUserOrOrgIDs []int64) {
+		users, _, err := SearchUsers(opts)
+		assert.NoError(t, err)
+		if assert.Len(t, users, len(expectedUserOrOrgIDs), opts) {
+			for i, expectedID := range expectedUserOrOrgIDs {
+				assert.EqualValues(t, expectedID, users[i].ID)
+			}
+		}
+	}
+
+	// test orgs
+	testOrgSuccess := func(opts *SearchUserOptions, expectedOrgIDs []int64) {
+		opts.Type = UserTypeOrganization
+		testSuccess(opts, expectedOrgIDs)
+	}
+
+	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1, PageSize: 2}},
+		[]int64{3, 6})
+
+	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 2, PageSize: 2}},
+		[]int64{7, 17})
+
+	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 3, PageSize: 2}},
+		[]int64{19, 25})
+
+	testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 4, PageSize: 2}},
+		[]int64{26})
+
+	testOrgSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 5, PageSize: 2}},
+		[]int64{})
+
+	// test users
+	testUserSuccess := func(opts *SearchUserOptions, expectedUserIDs []int64) {
+		opts.Type = UserTypeIndividual
+		testSuccess(opts, expectedUserIDs)
+	}
+
+	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
+		[]int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32})
+
+	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
+		[]int64{9})
+
+	testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+		[]int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30, 32})
+
+	testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})
+
+	// order by name asc default
+	testUserSuccess(&SearchUserOptions{Keyword: "user1", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
+		[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})
+
+	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsAdmin: util.OptionalBoolTrue},
+		[]int64{1})
+
+	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsRestricted: util.OptionalBoolTrue},
+		[]int64{29, 30})
+
+	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsProhibitLogin: util.OptionalBoolTrue},
+		[]int64{30})
+
+	testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsTwoFactorEnabled: util.OptionalBoolTrue},
+		[]int64{24})
+}
+
+func TestEmailNotificationPreferences(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	for _, test := range []struct {
+		expected string
+		userID   int64
+	}{
+		{EmailNotificationsEnabled, 1},
+		{EmailNotificationsEnabled, 2},
+		{EmailNotificationsOnMention, 3},
+		{EmailNotificationsOnMention, 4},
+		{EmailNotificationsEnabled, 5},
+		{EmailNotificationsEnabled, 6},
+		{EmailNotificationsDisabled, 7},
+		{EmailNotificationsEnabled, 8},
+		{EmailNotificationsOnMention, 9},
+	} {
+		user := unittest.AssertExistsAndLoadBean(t, &User{ID: test.userID}).(*User)
+		assert.Equal(t, test.expected, user.EmailNotifications())
+
+		// Try all possible settings
+		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsEnabled))
+		assert.Equal(t, EmailNotificationsEnabled, user.EmailNotifications())
+
+		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsOnMention))
+		assert.Equal(t, EmailNotificationsOnMention, user.EmailNotifications())
+
+		assert.NoError(t, SetEmailNotifications(user, EmailNotificationsDisabled))
+		assert.Equal(t, EmailNotificationsDisabled, user.EmailNotifications())
+	}
+}
+
+func TestHashPasswordDeterministic(t *testing.T) {
+	b := make([]byte, 16)
+	u := &User{}
+	algos := []string{"argon2", "pbkdf2", "scrypt", "bcrypt"}
+	for j := 0; j < len(algos); j++ {
+		u.PasswdHashAlgo = algos[j]
+		for i := 0; i < 50; i++ {
+			// generate a random password
+			rand.Read(b)
+			pass := string(b)
+
+			// save the current password in the user - hash it and store the result
+			u.SetPassword(pass)
+			r1 := u.Passwd
+
+			// run again
+			u.SetPassword(pass)
+			r2 := u.Passwd
+
+			assert.NotEqual(t, r1, r2)
+			assert.True(t, u.ValidatePassword(pass))
+		}
+	}
+}
+
+func BenchmarkHashPassword(b *testing.B) {
+	// BenchmarkHashPassword ensures that it takes a reasonable amount of time
+	// to hash a password - in order to protect from brute-force attacks.
+	pass := "password1337"
+	u := &User{Passwd: pass}
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		u.SetPassword(pass)
+	}
+}
+
+func TestNewGitSig(t *testing.T) {
+	users := make([]*User, 0, 20)
+	err := db.GetEngine(db.DefaultContext).Find(&users)
+	assert.NoError(t, err)
+
+	for _, user := range users {
+		sig := user.NewGitSig()
+		assert.NotContains(t, sig.Name, "<")
+		assert.NotContains(t, sig.Name, ">")
+		assert.NotContains(t, sig.Name, "\n")
+		assert.NotEqual(t, len(strings.TrimSpace(sig.Name)), 0)
+	}
+}
+
+func TestDisplayName(t *testing.T) {
+	users := make([]*User, 0, 20)
+	err := db.GetEngine(db.DefaultContext).Find(&users)
+	assert.NoError(t, err)
+
+	for _, user := range users {
+		displayName := user.DisplayName()
+		assert.Equal(t, strings.TrimSpace(displayName), displayName)
+		if len(strings.TrimSpace(user.FullName)) == 0 {
+			assert.Equal(t, user.Name, displayName)
+		}
+		assert.NotEqual(t, len(strings.TrimSpace(displayName)), 0)
+	}
+}
+
+func TestCreateUserInvalidEmail(t *testing.T) {
+	user := &User{
+		Name:               "GiteaBot",
+		Email:              "GiteaBot@gitea.io\r\n",
+		Passwd:             ";p['////..-++']",
+		IsAdmin:            false,
+		Theme:              setting.UI.DefaultTheme,
+		MustChangePassword: false,
+	}
+
+	err := CreateUser(user)
+	assert.Error(t, err)
+	assert.True(t, IsErrEmailInvalid(err))
+}
+
+func TestGetUserIDsByNames(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	// ignore non existing
+	IDs, err := GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true)
+	assert.NoError(t, err)
+	assert.Equal(t, []int64{1, 2}, IDs)
+
+	// ignore non existing
+	IDs, err = GetUserIDsByNames([]string{"user1", "do_not_exist"}, false)
+	assert.Error(t, err)
+	assert.Equal(t, []int64(nil), IDs)
+}
+
+func TestGetMaileableUsersByIDs(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	results, err := GetMaileableUsersByIDs([]int64{1, 4}, false)
+	assert.NoError(t, err)
+	assert.Len(t, results, 1)
+	if len(results) > 1 {
+		assert.Equal(t, results[0].ID, 1)
+	}
+
+	results, err = GetMaileableUsersByIDs([]int64{1, 4}, true)
+	assert.NoError(t, err)
+	assert.Len(t, results, 2)
+	if len(results) > 2 {
+		assert.Equal(t, results[0].ID, 1)
+		assert.Equal(t, results[1].ID, 4)
+	}
+}
+
+func TestUpdateUser(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+
+	user.KeepActivityPrivate = true
+	assert.NoError(t, UpdateUser(user))
+	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.True(t, user.KeepActivityPrivate)
+
+	setting.Service.AllowedUserVisibilityModesSlice = []bool{true, false, false}
+	user.KeepActivityPrivate = false
+	user.Visibility = structs.VisibleTypePrivate
+	assert.Error(t, UpdateUser(user))
+	user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.True(t, user.KeepActivityPrivate)
+
+	user.Email = "no mail@mail.org"
+	assert.Error(t, UpdateUser(user))
+}
+
+func TestNewUserRedirect(t *testing.T) {
+	// redirect to a completely new name
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+
+	unittest.AssertExistsAndLoadBean(t, &Redirect{
+		LowerName:      user.LowerName,
+		RedirectUserID: user.ID,
+	})
+	unittest.AssertExistsAndLoadBean(t, &Redirect{
+		LowerName:      "olduser1",
+		RedirectUserID: user.ID,
+	})
+}
+
+func TestNewUserRedirect2(t *testing.T) {
+	// redirect to previously used name
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "olduser1"))
+
+	unittest.AssertExistsAndLoadBean(t, &Redirect{
+		LowerName:      user.LowerName,
+		RedirectUserID: user.ID,
+	})
+	unittest.AssertNotExistsBean(t, &Redirect{
+		LowerName:      "olduser1",
+		RedirectUserID: user.ID,
+	})
+}
+
+func TestNewUserRedirect3(t *testing.T) {
+	// redirect for a previously-unredirected user
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	assert.NoError(t, NewUserRedirect(db.DefaultContext, user.ID, user.Name, "newusername"))
+
+	unittest.AssertExistsAndLoadBean(t, &Redirect{
+		LowerName:      user.LowerName,
+		RedirectUserID: user.ID,
+	})
+}
+
+func TestGetUserByOpenID(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	_, err := GetUserByOpenID("https://unknown")
+	if assert.Error(t, err) {
+		assert.True(t, IsErrUserNotExist(err))
+	}
+
+	user, err := GetUserByOpenID("https://user1.domain1.tld")
+	if assert.NoError(t, err) {
+		assert.Equal(t, int64(1), user.ID)
+	}
+
+	user, err = GetUserByOpenID("https://domain1.tld/user2/")
+	if assert.NoError(t, err) {
+		assert.Equal(t, int64(2), user.ID)
+	}
+}