forgejo/services
Lunny Xiao 900e158064
refactor auth interface to return error when verify failure (#22119) (#22259)
backport #22119

This PR changed the Auth interface signature from `Verify(http
*http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to 
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.

There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.

Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.

This will fix #20563

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
2022-12-29 13:50:09 +08:00
..
agit Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
asymkey Refactor AssertExistsAndLoadBean to use generics (#20797) 2022-08-16 10:22:25 +08:00
attachment Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
auth refactor auth interface to return error when verify failure (#22119) (#22259) 2022-12-29 13:50:09 +08:00
automerge Add more linters to improve code readability (#19989) 2022-06-20 12:02:49 +02:00
comments
context
cron Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
externalaccount
forms Revert unrelated changes for SMTP auth (#21767) (#21768) 2022-11-10 16:11:56 -05:00
gitdiff Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
issue Fix issue/PR numbers (#22037) (#22044) 2022-12-07 14:20:12 +08:00
lfs Prevent Authorization header for presigned LFS urls (#21531) 2022-10-22 21:36:44 +08:00
mailer Correct the fallbacks for mailer configuration (#21945) (#21953) 2022-11-27 19:45:59 +00:00
markup Link mentioned user in markdown only if they are visible to viewer (#21554) 2022-10-23 17:13:52 +08:00
migrations Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
mirror Refactor git command arguments and make all arguments to be safe to be used (#21535) 2022-10-23 22:44:45 +08:00
org Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
packages refactor auth interface to return error when verify failure (#22119) (#22259) 2022-12-29 13:50:09 +08:00
pull Use complete SHA to create and query commit status (#22244) (#22257) 2022-12-28 11:03:21 +01:00
release Revert "Do not send notifications for draft releases (#21451)" (#21594) 2022-10-26 00:00:00 +02:00
repository Use complete SHA to create and query commit status (#22244) (#22257) 2022-12-28 11:03:21 +01:00
task Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
user Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
webhook Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00
wiki Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551) 2022-10-24 20:29:17 +01:00