Revert "Fix windows build error (#14263)"

This reverts commit a1c9e8f

Author: CirnoT

modules/auth/sso/basic.go

@@ -47,7 +47,7 @@ func (b *Basic) IsEnabled() bool {
 // "Authorization" header of the request and returns the corresponding user object for that
 // name/token on successful validation.
 // Returns nil if header is empty or validation fails.
-func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (b *Basic) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User {
 	baHead := req.Header.Get("Authorization")
 	if len(baHead) == 0 {
 		return nil

modules/auth/sso/interface.go

@@ -40,5 +40,5 @@ type SingleSignOn interface {
 	// or a new user object (with id = 0) populated with the information that was found
 	// in the authentication data (username or email).
 	// Returns nil if verification fails.
-	VerifyAuthData(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User
+	VerifyAuthData(http *http.Request, store DataStore, sess SessionStore) *models.User
 }

modules/auth/sso/oauth2.go

@@ -114,7 +114,7 @@ func (o *OAuth2) IsEnabled() bool {
 // or the "Authorization" header and returns the corresponding user object for that ID.
 // If verification is successful returns an existing user object.
 // Returns nil if verification fails.
-func (o *OAuth2) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (o *OAuth2) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User {
 	if !models.HasEngine {
 		return nil
 	}

modules/auth/sso/reverseproxy.go

@@ -60,7 +60,7 @@ func (r *ReverseProxy) IsEnabled() bool {
 // If a username is available in the "setting.ReverseProxyAuthUser" header an existing
 // user object is returned (populated with username or email found in header).
 // Returns nil if header is empty.
-func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (r *ReverseProxy) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User {
 	username := r.getUserName(req)
 	if len(username) == 0 {
 		return nil

modules/auth/sso/session.go

@@ -39,7 +39,7 @@ func (s *Session) IsEnabled() bool {
 // VerifyAuthData checks if there is a user uid stored in the session and returns the user
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
-func (s *Session) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
+func (s *Session) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User {
 	user := SessionUser(sess)
 	if user != nil {
 		return user

modules/auth/sso/sspi_windows.go

@@ -7,17 +7,19 @@ package sso
 import (
 	"errors"
 	"net/http"
+	"reflect"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
+
+	"gitea.com/macaron/macaron"
+	"gitea.com/macaron/session"
 
 	gouuid "github.com/google/uuid"
 	"github.com/quasoft/websspi"
-	"github.com/unrolled/render"
 )
 
 const (
@@ -39,26 +41,14 @@ var (
 // On successful authentication returns a valid user object.
 // Returns nil if authentication fails.
 type SSPI struct {
-	rnd *render.Render
 }
 
 // Init creates a new global websspi.Authenticator object
 func (s *SSPI) Init() error {
 	config := websspi.NewConfig()
 	var err error
 	sspiAuth, err = websspi.New(config)
-	if err != nil {
-		return err
-	}
-	s.rnd = render.New(render.Options{
-		Extensions:    []string{".tmpl"},
-		Directory:     "templates",
-		Funcs:         templates.NewFuncMap(),
-		Asset:         templates.GetAsset,
-		AssetNames:    templates.GetAssetNames,
-		IsDevelopment: setting.RunMode != "prod",
-	})
-	return nil
+	return err
 }
 
 // Free releases resources used by the global websspi.Authenticator object
@@ -75,8 +65,8 @@ func (s *SSPI) IsEnabled() bool {
 // If authentication is successful, returs the corresponding user object.
 // If negotiation should continue or authentication fails, immediately returns a 401 HTTP
 // response code, as required by the SPNEGO protocol.
-func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
-	if !s.shouldAuthenticate(req) {
+func (s *SSPI) VerifyAuthData(req *http.Request, store DataStore, sess SessionStore) *models.User {
+	if !s.shouldAuthenticate(ctx) {
 		return nil
 	}
 
@@ -86,29 +76,22 @@ func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store Da
 		return nil
 	}
 
-	userInfo, outToken, err := sspiAuth.Authenticate(req, w)
+	userInfo, outToken, err := sspiAuth.Authenticate(req, ctx.Resp)
 	if err != nil {
 		log.Warn("Authentication failed with error: %v\n", err)
-		sspiAuth.AppendAuthenticateHeader(w, outToken)
+		sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken)
 
 		// Include the user login page in the 401 response to allow the user
 		// to login with another authentication method if SSPI authentication
 		// fails
-		store.GetData()["Flash"] = map[string]string{
-			"ErrMsg": err.Error(),
-		}
-		store.GetData()["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
-		store.GetData()["EnableSSPI"] = true
-
-		err := s.rnd.HTML(w, 401, string(tplSignIn), templates.BaseVars().Merge(store.GetData()))
-		if err != nil {
-			log.Error("%v", err)
-		}
-
+		addFlashErr(ctx, ctx.Tr("auth.sspi_auth_failed"))
+		ctx.Data["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
+		ctx.Data["EnableSSPI"] = true
+		ctx.HTML(401, string(tplSignIn))
 		return nil
 	}
 	if outToken != "" {
-		sspiAuth.AppendAuthenticateHeader(w, outToken)
+		sspiAuth.AppendAuthenticateHeader(ctx.Resp, outToken)
 	}
 
 	username := sanitizeUsername(userInfo.Username, cfg)
@@ -127,16 +110,16 @@ func (s *SSPI) VerifyAuthData(req *http.Request, w http.ResponseWriter, store Da
 			log.Error("User '%s' not found", username)
 			return nil
 		}
-		user, err = s.newUser(username, cfg)
+		user, err = s.newUser(ctx, username, cfg)
 		if err != nil {
 			log.Error("CreateUser: %v", err)
 			return nil
 		}
 	}
 
 	// Make sure requests to API paths and PWA resources do not create a new session
-	if !isAPIPath(req) && !isAttachmentDownload(req) {
-		handleSignIn(w, req, sess, user)
+	if !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
+		handleSignIn(ctx, sess, user)
 	}
 
 	return user
@@ -163,7 +146,7 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) {
 	if path == "/user/login" {
 		if req.FormValue("user_name") != "" && req.FormValue("password") != "" {
 			shouldAuth = false
-		} else if req.FormValue("auth_with_sspi") == "1" {
+		} else if ctx.Req.FormValue("auth_with_sspi") == "1" {
 			shouldAuth = true
 		}
 	} else if isInternalPath(req) {
@@ -234,6 +217,20 @@ func sanitizeUsername(username string, cfg *models.SSPIConfig) string {
 	return username
 }
 
+// addFlashErr adds an error message to the Flash object mapped to a macaron.Context
+func addFlashErr(ctx *macaron.Context, err string) {
+	fv := ctx.GetVal(reflect.TypeOf(&session.Flash{}))
+	if !fv.IsValid() {
+		return
+	}
+	flash, ok := fv.Interface().(*session.Flash)
+	if !ok {
+		return
+	}
+	flash.Error(err)
+	ctx.Data["Flash"] = flash
+}
+
 // init registers the SSPI auth method as the last method in the list.
 // The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation
 // fails (or if negotiation should continue), which would prevent other authentication methods

modules/auth/sso/user.go

@@ -12,7 +12,7 @@ import (
 
 // SignedInUser returns the user object of signed user.
 // It returns a bool value to indicate whether user uses basic auth or not.
-func SignedInUser(req *http.Request, w http.ResponseWriter, ds DataStore, sess SessionStore) (*models.User, bool) {
+func SignedInUser(req *http.Request, ds DataStore, sess SessionStore) (*models.User, bool) {
 	if !models.HasEngine {
 		return nil, false
 	}
@@ -22,7 +22,7 @@ func SignedInUser(req *http.Request, w http.ResponseWriter, ds DataStore, sess S
 		if !ssoMethod.IsEnabled() {
 			continue
 		}
-		user := ssoMethod.VerifyAuthData(req, w, ds, sess)
+		user := ssoMethod.VerifyAuthData(req, ds, sess)
 		if user != nil {
 			_, isBasic := ssoMethod.(*Basic)
 			return user, isBasic

modules/context/context.go

@@ -309,7 +309,7 @@ func Contexter() macaron.Handler {
 		}
 
 		// Get user from session if logged in.
-		ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req.Request, c.Resp, ctx, ctx.Session)
+		ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req.Request, ctx, ctx.Session)
 
 		if ctx.User != nil {
 			ctx.IsSigned = true

routers/routes/recovery.go

@@ -75,7 +75,7 @@ func Recovery() func(next http.Handler) http.Handler {
 					}
 
 					// Get user from session if logged in.
-					user, _ := sso.SignedInUser(req, w, &store, sess)
+					user, _ := sso.SignedInUser(req, &store, sess)
 					if user != nil {
 						store.Data["IsSigned"] = true
 						store.Data["SignedUser"] = user