Rename sso -> auth

lunny · lunny · commit 3b141e145c24 · 2021-06-09T09:14:45.000+08:00
diff --git a/modules/context/api.go b/modules/context/api.go
@@ -14,11 +14,11 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web/middleware"
+	"code.gitea.io/gitea/services/auth"
 
 	"gitea.com/go-chi/session"
 )
@@ -217,16 +217,16 @@ func (ctx *APIContext) CheckForOTP() {
 	}
 }
 
-// APIAuth converts sso.SingleSignOn as a middleware
-func APIAuth(authMethod sso.SingleSignOn) func(*APIContext) {
+// APIAuth converts auth.Auth as a middleware
+func APIAuth(authMethod auth.Auth) func(*APIContext) {
 	return func(ctx *APIContext) {
 		if !authMethod.IsEnabled() {
 			return
 		}
 		// Get user from session if logged in.
 		ctx.User = authMethod.VerifyAuthData(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if ctx.User != nil {
-			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(sso.Basic).Name()
+			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
 			ctx.Data["SignedUser"] = ctx.User
diff --git a/modules/context/context.go b/modules/context/context.go
@@ -21,14 +21,14 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
 	mc "code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/web/middleware"
+	"code.gitea.io/gitea/services/auth"
 
 	"gitea.com/go-chi/cache"
 	"gitea.com/go-chi/session"
@@ -605,16 +605,16 @@ func getCsrfOpts() CsrfOptions {
 	}
 }
 
-// Auth converts sso.SingleSignOn as a middleware
-func Auth(authMethod sso.SingleSignOn) func(*Context) {
+// Auth converts auth.Auth as a middleware
+func Auth(authMethod auth.Auth) func(*Context) {
 	return func(ctx *Context) {
 		if !authMethod.IsEnabled() {
 			return
 		}
 
 		ctx.User = authMethod.VerifyAuthData(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if ctx.User != nil {
-			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(sso.Basic).Name()
+			ctx.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == new(auth.Basic).Name()
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
 			ctx.Data["SignedUser"] = ctx.User
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
@@ -70,7 +70,6 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -84,6 +83,7 @@ import (
 	"code.gitea.io/gitea/routers/api/v1/settings"
 	_ "code.gitea.io/gitea/routers/api/v1/swagger" // for swagger generation
 	"code.gitea.io/gitea/routers/api/v1/user"
+	"code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/forms"
 
 	"gitea.com/go-chi/binding"
@@ -575,7 +575,7 @@ func Routes() *web.Route {
 	m.Use(context.APIContexter())
 
 	// Get user from session if logged in.
-	m.Use(context.APIAuth(sso.NewGroup(sso.Methods()...)))
+	m.Use(context.APIAuth(auth.NewGroup(auth.Methods()...)))
 
 	m.Use(context.ToggleAPI(&context.ToggleOptions{
 		SignInRequired: setting.Service.RequireSignInView,
diff --git a/routers/init.go b/routers/init.go
@@ -9,7 +9,6 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/cron"
 	"code.gitea.io/gitea/modules/eventsource"
@@ -34,6 +33,7 @@ import (
 	"code.gitea.io/gitea/routers/common"
 	"code.gitea.io/gitea/routers/private"
 	web_routers "code.gitea.io/gitea/routers/web"
+	"code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/mailer"
 	mirror_service "code.gitea.io/gitea/services/mirror"
 	pull_service "code.gitea.io/gitea/services/pull"
@@ -134,7 +134,7 @@ func GlobalInit(ctx context.Context) {
 	} else {
 		ssh.Unused()
 	}
-	sso.Init()
+	auth.Init()
 
 	svg.Init()
 }
diff --git a/routers/web/base.go b/routers/web/base.go
@@ -15,14 +15,14 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/web/middleware"
+	"code.gitea.io/gitea/services/auth"
 
 	"gitea.com/go-chi/session"
 )
@@ -158,7 +158,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					}
 					if user == nil {
 						// Get user from session if logged in - do not attempt to sign-in
-						user = sso.SessionUser(sessionStore)
+						user = auth.SessionUser(sessionStore)
 					}
 					if user != nil {
 						store["IsSigned"] = true
diff --git a/routers/web/user/oauth.go b/routers/web/user/oauth.go
@@ -13,13 +13,13 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/forms"
 
 	"gitea.com/go-chi/binding"
@@ -228,7 +228,7 @@ func InfoOAuth(ctx *context.Context) {
 		ctx.HandleText(http.StatusUnauthorized, "no valid auth token authorization")
 		return
 	}
-	uid := sso.CheckOAuthAccessToken(auths[1])
+	uid := auth.CheckOAuthAccessToken(auths[1])
 	if uid == 0 {
 		handleBearerTokenError(ctx, BearerTokenError{
 			ErrorCode:        BearerTokenErrorCodeInvalidToken,
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -11,7 +11,6 @@ import (
 	"path"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/httpcache"
 	"code.gitea.io/gitea/modules/log"
@@ -32,6 +31,7 @@ import (
 	"code.gitea.io/gitea/routers/web/repo"
 	"code.gitea.io/gitea/routers/web/user"
 	userSetting "code.gitea.io/gitea/routers/web/user/setting"
+	"code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/forms"
 	"code.gitea.io/gitea/services/lfs"
 	"code.gitea.io/gitea/services/mailer"
@@ -151,7 +151,7 @@ func Routes() *web.Route {
 	common = append(common, context.Contexter())
 
 	// Get user from session if logged in.
-	common = append(common, context.Auth(sso.NewGroup(sso.Methods()...)))
+	common = append(common, context.Auth(auth.NewGroup(auth.Methods()...)))
 
 	// GetHead allows a HEAD request redirect to GET if HEAD method is not defined for that route
 	common = append(common, middleware.GetHead)
diff --git a/services/auth/auth.go b/services/auth/auth.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"fmt"
@@ -18,7 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/web/middleware"
 )
 
-// ssoMethods contains the list of SSO authentication plugins in the order they are expected to be
+// authMethods contains the list of authentication plugins in the order they are expected to be
 // executed.
 //
 // The OAuth2 plugin is expected to be executed first, as it must ignore the user id stored
@@ -27,7 +27,7 @@ import (
 //
 // The Session plugin is expected to be executed second, in order to skip authentication
 // for users that have already signed in.
-var ssoMethods = []SingleSignOn{
+var authMethods = []Auth{
 	&OAuth2{},
 	&Basic{},
 	&Session{},
@@ -40,34 +40,34 @@ var (
 	_ = handleSignIn
 )
 
-// Methods returns the instances of all registered SSO methods
-func Methods() []SingleSignOn {
-	return ssoMethods
+// Methods returns the instances of all registered methods
+func Methods() []Auth {
+	return authMethods
 }
 
-// Register adds the specified instance to the list of available SSO methods
-func Register(method SingleSignOn) {
-	ssoMethods = append(ssoMethods, method)
+// Register adds the specified instance to the list of available methods
+func Register(method Auth) {
+	authMethods = append(authMethods, method)
 }
 
-// Init should be called exactly once when the application starts to allow SSO plugins
+// Init should be called exactly once when the application starts to allow plugins
 // to allocate necessary resources
 func Init() {
 	for _, method := range Methods() {
 		err := method.Init()
 		if err != nil {
-			log.Error("Could not initialize '%s' SSO method, error: %s", reflect.TypeOf(method).String(), err)
+			log.Error("Could not initialize '%s' auth method, error: %s", reflect.TypeOf(method).String(), err)
 		}
 	}
 }
 
-// Free should be called exactly once when the application is terminating to allow SSO plugins
+// Free should be called exactly once when the application is terminating to allow Auth plugins
 // to release necessary resources
 func Free() {
 	for _, method := range Methods() {
 		err := method.Free()
 		if err != nil {
-			log.Error("Could not free '%s' SSO method, error: %s", reflect.TypeOf(method).String(), err)
+			log.Error("Could not free '%s' auth method, error: %s", reflect.TypeOf(method).String(), err)
 		}
 	}
 }
diff --git a/services/auth/auth_test.go b/services/auth/auth_test.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"net/http"
diff --git a/services/auth/basic.go b/services/auth/basic.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"net/http"
@@ -19,10 +19,10 @@ import (
 
 // Ensure the struct implements the interface.
 var (
-	_ SingleSignOn = &Basic{}
+	_ Auth = &Basic{}
 )
 
-// Basic implements the SingleSignOn interface and authenticates requests (API requests
+// Basic implements the Auth interface and authenticates requests (API requests
 // only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
 // header.
 type Basic struct {
diff --git a/services/auth/group.go b/services/auth/group.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"net/http"
@@ -12,16 +12,16 @@ import (
 
 // Ensure the struct implements the interface.
 var (
-	_ SingleSignOn = &Group{}
+	_ Auth = &Group{}
 )
 
-// Group implements the SingleSignOn interface with serval SingleSignOn.
+// Group implements the Auth interface with serval Auth.
 type Group struct {
-	methods []SingleSignOn
+	methods []Auth
 }
 
 // NewGroup creates a new auth group
-func NewGroup(methods ...SingleSignOn) *Group {
+func NewGroup(methods ...Auth) *Group {
 	return &Group{
 		methods: methods,
 	}
diff --git a/services/auth/interface.go b/services/auth/interface.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"net/http"
@@ -18,8 +18,8 @@ type DataStore middleware.DataStore
 // SessionStore represents a session store
 type SessionStore session.Store
 
-// SingleSignOn represents a SSO authentication method (plugin) for HTTP requests.
-type SingleSignOn interface {
+// Auth represents an authentication method (plugin) for HTTP requests.
+type Auth interface {
 	Name() string
 
 	// Init should be called exactly once before using any of the other methods,
@@ -30,10 +30,10 @@ type SingleSignOn interface {
 	// give chance to the plugin to free any allocated resources
 	Free() error
 
-	// IsEnabled checks if the current SSO method has been enabled in settings.
+	// IsEnabled checks if the current auth method has been enabled in settings.
 	IsEnabled() bool
 
-	// VerifyAuthData tries to verify the SSO authentication data contained in the request.
+	// VerifyAuthData tries to verify the authentication data contained in the request.
 	// If verification is successful returns either an existing user object (with id > 0)
 	// or a new user object (with id = 0) populated with the information that was found
 	// in the authentication data (username or email).
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package sso
+package auth
 
 import (
 	"net/http"
@@ -18,7 +18,7 @@ import (
 
 // Ensure the struct implements the interface.
 var (
-	_ SingleSignOn = &OAuth2{}
+	_ Auth = &OAuth2{}
 )
 
 // CheckOAuthAccessToken returns uid of user from oauth token
@@ -45,7 +45,7 @@ func CheckOAuthAccessToken(accessToken string) int64 {
 	return grant.UserID
 }
 
-// OAuth2 implements the SingleSignOn interface and authenticates requests
+// OAuth2 implements the Auth interface and authenticates requests
 // (API requests only) by looking for an OAuth token in query parameters or the
 // "Authorization" header.
 type OAuth2 struct {
diff --git a/services/auth/reverseproxy.go b/services/auth/reverseproxy.go
diff --git a/services/auth/session.go b/services/auth/session.go
diff --git a/services/auth/sspi_windows.go b/services/auth/sspi_windows.go
