7 files changed, 38 insertions, 45 deletions
diff --git a/services/auth/source/oauth2/assert_interface_test.go b/services/auth/source/oauth2/assert_interface_test.go
index 56fe0e4aa8..d870ac1dcd 100644
--- a/services/auth/source/oauth2/assert_interface_test.go
+++ b/services/auth/source/oauth2/assert_interface_test.go
@@ -14,7 +14,6 @@ import (
 
 type sourceInterface interface {
 	auth_model.Config
-	auth_model.SourceSettable
 	auth_model.RegisterableSource
 	auth.PasswordAuthenticator
 }
diff --git a/services/auth/source/oauth2/source.go b/services/auth/source/oauth2/source.go
index 3454c9ad55..08837de377 100644
--- a/services/auth/source/oauth2/source.go
+++ b/services/auth/source/oauth2/source.go
@@ -10,6 +10,8 @@ import (
 
 // Source holds configuration for the OAuth2 login source.
 type Source struct {
+	auth.ConfigBase `json:"-"`
+
 	Provider                      string
 	ClientID                      string
 	ClientSecret                  string
@@ -25,10 +27,6 @@ type Source struct {
 	GroupTeamMap        string
 	GroupTeamMapRemoval bool
 	RestrictedGroup     string
-	SkipLocalTwoFA      bool `json:",omitempty"`
-
-	// reference to the authSource
-	authSource *auth.Source
 }
 
 // FromDB fills up an OAuth2Config from serialized format.
@@ -41,11 +39,6 @@ func (source *Source) ToDB() ([]byte, error) {
 	return json.Marshal(source)
 }
 
-// SetAuthSource sets the related AuthSource
-func (source *Source) SetAuthSource(authSource *auth.Source) {
-	source.authSource = authSource
-}
-
 func init() {
 	auth.RegisterTypeConfig(auth.OAuth2, &Source{})
 }
diff --git a/services/auth/source/oauth2/source_callout.go b/services/auth/source/oauth2/source_callout.go
index 8d70bee248..f09d25c772 100644
--- a/services/auth/source/oauth2/source_callout.go
+++ b/services/auth/source/oauth2/source_callout.go
@@ -13,7 +13,7 @@ import (
 // Callout redirects request/response pair to authenticate against the provider
 func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error {
 	// not sure if goth is thread safe (?) when using multiple providers
-	request.Header.Set(ProviderHeaderKey, source.authSource.Name)
+	request.Header.Set(ProviderHeaderKey, source.AuthSource.Name)
 
 	// don't use the default gothic begin handler to prevent issues when some error occurs
 	// normally the gothic library will write some custom stuff to the response instead of our own nice error page
@@ -33,7 +33,7 @@ func (source *Source) Callout(request *http.Request, response http.ResponseWrite
 // this will trigger a new authentication request, but because we save it in the session we can use that
 func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error) {
 	// not sure if goth is thread safe (?) when using multiple providers
-	request.Header.Set(ProviderHeaderKey, source.authSource.Name)
+	request.Header.Set(ProviderHeaderKey, source.AuthSource.Name)
 
 	gothRWMutex.RLock()
 	defer gothRWMutex.RUnlock()
diff --git a/services/auth/source/oauth2/source_register.go b/services/auth/source/oauth2/source_register.go
index 82a36acaa6..12da56c11b 100644
--- a/services/auth/source/oauth2/source_register.go
+++ b/services/auth/source/oauth2/source_register.go
@@ -9,13 +9,13 @@ import (
 
 // RegisterSource causes an OAuth2 configuration to be registered
 func (source *Source) RegisterSource() error {
-	err := RegisterProviderWithGothic(source.authSource.Name, source)
-	return wrapOpenIDConnectInitializeError(err, source.authSource.Name, source)
+	err := RegisterProviderWithGothic(source.AuthSource.Name, source)
+	return wrapOpenIDConnectInitializeError(err, source.AuthSource.Name, source)
 }
 
 // UnregisterSource causes an OAuth2 configuration to be unregistered
 func (source *Source) UnregisterSource() error {
-	RemoveProviderFromGothic(source.authSource.Name)
+	RemoveProviderFromGothic(source.AuthSource.Name)
 	return nil
 }
 
diff --git a/services/auth/source/oauth2/source_sync.go b/services/auth/source/oauth2/source_sync.go
index 5e30313c8f..c2e3dfb1a8 100644
--- a/services/auth/source/oauth2/source_sync.go
+++ b/services/auth/source/oauth2/source_sync.go
@@ -18,27 +18,27 @@ import (
 
 // Sync causes this OAuth2 source to synchronize its users with the db.
 func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
-	log.Trace("Doing: SyncExternalUsers[%s] %d", source.authSource.Name, source.authSource.ID)
+	log.Trace("Doing: SyncExternalUsers[%s] %d", source.AuthSource.Name, source.AuthSource.ID)
 
 	if !updateExisting {
-		log.Info("SyncExternalUsers[%s] not running since updateExisting is false", source.authSource.Name)
+		log.Info("SyncExternalUsers[%s] not running since updateExisting is false", source.AuthSource.Name)
 		return nil
 	}
 
-	provider, err := createProvider(source.authSource.Name, source)
+	provider, err := createProvider(source.AuthSource.Name, source)
 	if err != nil {
 		return err
 	}
 
 	if !provider.RefreshTokenAvailable() {
-		log.Trace("SyncExternalUsers[%s] provider doesn't support refresh tokens, can't synchronize", source.authSource.Name)
+		log.Trace("SyncExternalUsers[%s] provider doesn't support refresh tokens, can't synchronize", source.AuthSource.Name)
 		return nil
 	}
 
 	opts := user_model.FindExternalUserOptions{
 		HasRefreshToken: true,
 		Expired:         true,
-		LoginSourceID:   source.authSource.ID,
+		LoginSourceID:   source.AuthSource.ID,
 	}
 
 	return user_model.IterateExternalLogin(ctx, opts, func(ctx context.Context, u *user_model.ExternalLoginUser) error {
@@ -77,7 +77,7 @@ func (source *Source) refresh(ctx context.Context, provider goth.Provider, u *us
 	// recognizes them as a valid user, they will be able to login
 	// via their provider and reactivate their account.
 	if shouldDisable {
-		log.Info("SyncExternalUsers[%s] disabling user %d", source.authSource.Name, user.ID)
+		log.Info("SyncExternalUsers[%s] disabling user %d", source.AuthSource.Name, user.ID)
 
 		return db.WithTx(ctx, func(ctx context.Context) error {
 			if hasUser {
diff --git a/services/auth/source/oauth2/source_sync_test.go b/services/auth/source/oauth2/source_sync_test.go
index 893ed62502..2927f3634b 100644
--- a/services/auth/source/oauth2/source_sync_test.go
+++ b/services/auth/source/oauth2/source_sync_test.go
@@ -4,7 +4,6 @@
 package oauth2
 
 import (
-	"context"
 	"testing"
 
 	"code.gitea.io/gitea/models/auth"
@@ -19,24 +18,26 @@ func TestSource(t *testing.T) {
 
 	source := &Source{
 		Provider: "fake",
-		authSource: &auth.Source{
-			ID:            12,
-			Type:          auth.OAuth2,
-			Name:          "fake",
-			IsActive:      true,
-			IsSyncEnabled: true,
+		ConfigBase: auth.ConfigBase{
+			AuthSource: &auth.Source{
+				ID:            12,
+				Type:          auth.OAuth2,
+				Name:          "fake",
+				IsActive:      true,
+				IsSyncEnabled: true,
+			},
 		},
 	}
 
 	user := &user_model.User{
 		LoginName:   "external",
 		LoginType:   auth.OAuth2,
-		LoginSource: source.authSource.ID,
+		LoginSource: source.AuthSource.ID,
 		Name:        "test",
 		Email:       "external@example.com",
 	}
 
-	err := user_model.CreateUser(context.Background(), user, &user_model.Meta{}, &user_model.CreateUserOverwriteOptions{})
+	err := user_model.CreateUser(t.Context(), user, &user_model.Meta{}, &user_model.CreateUserOverwriteOptions{})
 	assert.NoError(t, err)
 
 	e := &user_model.ExternalLoginUser{
@@ -45,15 +46,15 @@ func TestSource(t *testing.T) {
 		LoginSourceID: user.LoginSource,
 		RefreshToken:  "valid",
 	}
-	err = user_model.LinkExternalToUser(context.Background(), user, e)
+	err = user_model.LinkExternalToUser(t.Context(), user, e)
 	assert.NoError(t, err)
 
-	provider, err := createProvider(source.authSource.Name, source)
+	provider, err := createProvider(source.AuthSource.Name, source)
 	assert.NoError(t, err)
 
 	t.Run("refresh", func(t *testing.T) {
 		t.Run("valid", func(t *testing.T) {
-			err := source.refresh(context.Background(), provider, e)
+			err := source.refresh(t.Context(), provider, e)
 			assert.NoError(t, err)
 
 			e := &user_model.ExternalLoginUser{
@@ -61,19 +62,19 @@ func TestSource(t *testing.T) {
 				LoginSourceID: e.LoginSourceID,
 			}
 
-			ok, err := user_model.GetExternalLogin(context.Background(), e)
+			ok, err := user_model.GetExternalLogin(t.Context(), e)
 			assert.NoError(t, err)
 			assert.True(t, ok)
 			assert.Equal(t, "refresh", e.RefreshToken)
 			assert.Equal(t, "token", e.AccessToken)
 
-			u, err := user_model.GetUserByID(context.Background(), user.ID)
+			u, err := user_model.GetUserByID(t.Context(), user.ID)
 			assert.NoError(t, err)
 			assert.True(t, u.IsActive)
 		})
 
 		t.Run("expired", func(t *testing.T) {
-			err := source.refresh(context.Background(), provider, &user_model.ExternalLoginUser{
+			err := source.refresh(t.Context(), provider, &user_model.ExternalLoginUser{
 				ExternalID:    "external",
 				UserID:        user.ID,
 				LoginSourceID: user.LoginSource,
@@ -86,13 +87,13 @@ func TestSource(t *testing.T) {
 				LoginSourceID: e.LoginSourceID,
 			}
 
-			ok, err := user_model.GetExternalLogin(context.Background(), e)
+			ok, err := user_model.GetExternalLogin(t.Context(), e)
 			assert.NoError(t, err)
 			assert.True(t, ok)
-			assert.Equal(t, "", e.RefreshToken)
-			assert.Equal(t, "", e.AccessToken)
+			assert.Empty(t, e.RefreshToken)
+			assert.Empty(t, e.AccessToken)
 
-			u, err := user_model.GetUserByID(context.Background(), user.ID)
+			u, err := user_model.GetUserByID(t.Context(), user.ID)
 			assert.NoError(t, err)
 			assert.False(t, u.IsActive)
 		})
diff --git a/services/auth/source/oauth2/urlmapping.go b/services/auth/source/oauth2/urlmapping.go
index d0442d58a8..b9f445caa7 100644
--- a/services/auth/source/oauth2/urlmapping.go
+++ b/services/auth/source/oauth2/urlmapping.go
@@ -14,11 +14,11 @@ type CustomURLMapping struct {
 
 // CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
 type CustomURLSettings struct {
-	AuthURL    Attribute `json:",omitempty"`
-	TokenURL   Attribute `json:",omitempty"`
-	ProfileURL Attribute `json:",omitempty"`
-	EmailURL   Attribute `json:",omitempty"`
-	Tenant     Attribute `json:",omitempty"`
+	AuthURL    Attribute
+	TokenURL   Attribute
+	ProfileURL Attribute
+	EmailURL   Attribute
+	Tenant     Attribute
 }
 
 // Attribute describes the availability, and required status for a custom url configuration