summaryrefslogtreecommitdiffstats
path: root/services/auth/source
diff options
context:
space:
mode:
Diffstat (limited to 'services/auth/source')
-rw-r--r--services/auth/source/db/authenticate.go12
-rw-r--r--services/auth/source/db/source.go4
-rw-r--r--services/auth/source/ldap/source_authenticate.go15
-rw-r--r--services/auth/source/ldap/source_sync.go13
-rw-r--r--services/auth/source/oauth2/providers.go9
-rw-r--r--services/auth/source/oauth2/source_authenticate.go4
-rw-r--r--services/auth/source/pam/source_authenticate.go9
-rw-r--r--services/auth/source/smtp/auth.go10
-rw-r--r--services/auth/source/smtp/source_authenticate.go16
9 files changed, 51 insertions, 41 deletions
diff --git a/services/auth/source/db/authenticate.go b/services/auth/source/db/authenticate.go
index af7b719a63..e0e439c2fe 100644
--- a/services/auth/source/db/authenticate.go
+++ b/services/auth/source/db/authenticate.go
@@ -5,19 +5,19 @@
package db
import (
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
)
// Authenticate authenticates the provided user against the DB
-func Authenticate(user *models.User, login, password string) (*models.User, error) {
+func Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
if user == nil {
- return nil, models.ErrUserNotExist{Name: login}
+ return nil, user_model.ErrUserNotExist{Name: login}
}
if !user.IsPasswordSet() || !user.ValidatePassword(password) {
- return nil, models.ErrUserNotExist{UID: user.ID, Name: user.Name}
+ return nil, user_model.ErrUserNotExist{UID: user.ID, Name: user.Name}
}
// Update password hash if server password hash algorithm have changed
@@ -25,7 +25,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
if err := user.SetPassword(password); err != nil {
return nil, err
}
- if err := models.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
return nil, err
}
}
@@ -33,7 +33,7 @@ func Authenticate(user *models.User, login, password string) (*models.User, erro
// WARN: DON'T check user.IsActive, that will be checked on reqSign so that
// user could be hint to resend confirm email.
if user.ProhibitLogin {
- return nil, models.ErrUserProhibitLogin{
+ return nil, user_model.ErrUserProhibitLogin{
UID: user.ID,
Name: user.Name,
}
diff --git a/services/auth/source/db/source.go b/services/auth/source/db/source.go
index 2fedff3a7e..5ae2107a3b 100644
--- a/services/auth/source/db/source.go
+++ b/services/auth/source/db/source.go
@@ -5,8 +5,8 @@
package db
import (
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
+ user_model "code.gitea.io/gitea/models/user"
)
// Source is a password authentication service
@@ -24,7 +24,7 @@ func (source *Source) ToDB() ([]byte, error) {
// Authenticate queries if login/password is valid against the PAM,
// and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
return Authenticate(user, login, password)
}
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index 99a99801a4..9bb07d244f 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -11,27 +11,28 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/login"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/services/mailer"
user_service "code.gitea.io/gitea/services/user"
)
// Authenticate queries if login/password is valid against the LDAP directory pool,
// and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
sr := source.SearchEntry(userName, password, source.loginSource.Type == login.DLDAP)
if sr == nil {
// User not in LDAP, do nothing
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
}
isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
// Update User admin flag if exist
- if isExist, err := models.IsUserExist(0, sr.Username); err != nil {
+ if isExist, err := user_model.IsUserExist(0, sr.Username); err != nil {
return nil, err
} else if isExist {
if user == nil {
- user, err = models.GetUserByName(sr.Username)
+ user, err = user_model.GetUserByName(sr.Username)
if err != nil {
return nil, err
}
@@ -49,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
cols = append(cols, "is_restricted")
}
if len(cols) > 0 {
- err = models.UpdateUserCols(db.DefaultContext, user, cols...)
+ err = user_model.UpdateUserCols(db.DefaultContext, user, cols...)
if err != nil {
return nil, err
}
@@ -74,7 +75,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
sr.Mail = fmt.Sprintf("%s@localhost", sr.Username)
}
- user = &models.User{
+ user = &user_model.User{
LowerName: strings.ToLower(sr.Username),
Name: sr.Username,
FullName: composeFullName(sr.Name, sr.Surname, sr.Username),
@@ -87,7 +88,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
IsRestricted: sr.IsRestricted,
}
- err := models.CreateUser(user)
+ err := user_model.CreateUser(user)
if err != nil {
return user, err
}
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 89f84ae20c..9c504476c0 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -12,6 +12,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/db"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/log"
user_service "code.gitea.io/gitea/services/user"
)
@@ -25,7 +26,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
var sshKeysNeedUpdate bool
// Find all users with this login type - FIXME: Should this be an iterator?
- users, err := models.GetUsersBySource(source.loginSource)
+ users, err := user_model.GetUsersBySource(source.loginSource)
if err != nil {
log.Error("SyncExternalUsers: %v", err)
return err
@@ -83,7 +84,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
su.Mail = fmt.Sprintf("%s@localhost", su.Username)
}
- var usr *models.User
+ var usr *user_model.User
for userPos < len(users) && users[userPos].LowerName < su.LowerName {
userPos++
}
@@ -97,7 +98,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
if usr == nil {
log.Trace("SyncExternalUsers[%s]: Creating user %s", source.loginSource.Name, su.Username)
- usr = &models.User{
+ usr = &user_model.User{
LowerName: su.LowerName,
Name: su.Username,
FullName: fullName,
@@ -110,7 +111,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
IsActive: true,
}
- err = models.CreateUser(usr)
+ err = user_model.CreateUser(usr)
if err != nil {
log.Error("SyncExternalUsers[%s]: Error creating user %s: %v", source.loginSource.Name, su.Username, err)
@@ -153,7 +154,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
}
usr.IsActive = true
- err = models.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
+ err = user_model.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
if err != nil {
log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.loginSource.Name, usr.Name, err)
}
@@ -194,7 +195,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.loginSource.Name, usr.Name)
usr.IsActive = false
- err = models.UpdateUserCols(db.DefaultContext, usr, "is_active")
+ err = user_model.UpdateUserCols(db.DefaultContext, usr, "is_active")
if err != nil {
log.Error("SyncExternalUsers[%s]: Error deactivating user %s: %v", source.loginSource.Name, usr.Name, err)
}
diff --git a/services/auth/source/oauth2/providers.go b/services/auth/source/oauth2/providers.go
index 0fd57a8dbd..18879e917b 100644
--- a/services/auth/source/oauth2/providers.go
+++ b/services/auth/source/oauth2/providers.go
@@ -5,10 +5,10 @@
package oauth2
import (
+ "errors"
"net/url"
"sort"
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
@@ -139,6 +139,11 @@ func ClearProviders() {
goth.ClearProviders()
}
+var (
+ // ErrLoginSourceNotActived login source is not actived error
+ ErrLoginSourceNotActived = errors.New("Login source is not actived")
+)
+
// used to create different types of goth providers
func createProvider(providerName string, source *Source) (goth.Provider, error) {
callbackURL := setting.AppURL + "user/oauth2/" + url.PathEscape(providerName) + "/callback"
@@ -148,7 +153,7 @@ func createProvider(providerName string, source *Source) (goth.Provider, error)
p, ok := gothProviders[source.Provider]
if !ok {
- return nil, models.ErrLoginSourceNotActived
+ return nil, ErrLoginSourceNotActived
}
provider, err = p.CreateGothProvider(providerName, callbackURL, source)
diff --git a/services/auth/source/oauth2/source_authenticate.go b/services/auth/source/oauth2/source_authenticate.go
index be2ff05356..fdc18411a7 100644
--- a/services/auth/source/oauth2/source_authenticate.go
+++ b/services/auth/source/oauth2/source_authenticate.go
@@ -5,12 +5,12 @@
package oauth2
import (
- "code.gitea.io/gitea/models"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/services/auth/source/db"
)
// Authenticate falls back to the db authenticator
-func (source *Source) Authenticate(user *models.User, login, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error) {
return db.Authenticate(user, login, password)
}
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index 6998241ad7..8553653ea0 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -8,7 +8,6 @@ import (
"fmt"
"strings"
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/auth/pam"
@@ -20,11 +19,11 @@ import (
// Authenticate queries if login/password is valid against the PAM,
// and create a local user if success when enabled.
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
pamLogin, err := pam.Auth(source.ServiceName, userName, password)
if err != nil {
if strings.Contains(err.Error(), "Authentication failure") {
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
}
return nil, err
}
@@ -51,7 +50,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
}
}
- user = &models.User{
+ user = &user_model.User{
LowerName: strings.ToLower(username),
Name: username,
Email: email,
@@ -62,7 +61,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
IsActive: true,
}
- if err := models.CreateUser(user); err != nil {
+ if err := user_model.CreateUser(user); err != nil {
return user, err
}
diff --git a/services/auth/source/smtp/auth.go b/services/auth/source/smtp/auth.go
index d797982da1..c5bd09b0a7 100644
--- a/services/auth/source/smtp/auth.go
+++ b/services/auth/source/smtp/auth.go
@@ -6,13 +6,12 @@ package smtp
import (
"crypto/tls"
+ "errors"
"fmt"
"net"
"net/smtp"
"os"
"strconv"
-
- "code.gitea.io/gitea/models"
)
// _________ __________________________
@@ -52,6 +51,11 @@ const (
// Authenticators contains available SMTP authentication type names.
var Authenticators = []string{PlainAuthentication, LoginAuthentication, CRAMMD5Authentication}
+var (
+ // ErrUnsupportedLoginType login source is unknown error
+ ErrUnsupportedLoginType = errors.New("Login source is unknown")
+)
+
// Authenticate performs an SMTP authentication.
func Authenticate(a smtp.Auth, source *Source) error {
tlsConfig := &tls.Config{
@@ -101,5 +105,5 @@ func Authenticate(a smtp.Auth, source *Source) error {
return client.Auth(a)
}
- return models.ErrUnsupportedLoginType
+ return ErrUnsupportedLoginType
}
diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go
index f51c884c3a..c32d638b54 100644
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@@ -10,22 +10,22 @@ import (
"net/textproto"
"strings"
- "code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
+ user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/services/mailer"
)
// Authenticate queries if the provided login/password is authenticates against the SMTP server
// Users will be autoregistered as required
-func (source *Source) Authenticate(user *models.User, userName, password string) (*models.User, error) {
+func (source *Source) Authenticate(user *user_model.User, userName, password string) (*user_model.User, error) {
// Verify allowed domains.
if len(source.AllowedDomains) > 0 {
idx := strings.Index(userName, "@")
if idx == -1 {
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
} else if !util.IsStringInSlice(userName[idx+1:], strings.Split(source.AllowedDomains, ","), true) {
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
}
}
@@ -47,11 +47,11 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
tperr, ok := err.(*textproto.Error)
if (ok && tperr.Code == 535) ||
strings.Contains(err.Error(), "Username and Password not accepted") {
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
}
if (ok && tperr.Code == 534) ||
strings.Contains(err.Error(), "Application-specific password required") {
- return nil, models.ErrUserNotExist{Name: userName}
+ return nil, user_model.ErrUserNotExist{Name: userName}
}
return nil, err
}
@@ -66,7 +66,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
username = userName[:idx]
}
- user = &models.User{
+ user = &user_model.User{
LowerName: strings.ToLower(username),
Name: strings.ToLower(username),
Email: userName,
@@ -77,7 +77,7 @@ func (source *Source) Authenticate(user *models.User, userName, password string)
IsActive: true,
}
- if err := models.CreateUser(user); err != nil {
+ if err := user_model.CreateUser(user); err != nil {
return user, err
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-04 22:21:46 +0000