Oauth2 consumer (#679)

* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)

vendor/github.com/markbates/goth/provider.go

@@ -0,0 +1,75 @@
+package goth
+
+import (
+	"fmt"
+	"net/http"
+
+	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
+)
+
+// Provider needs to be implemented for each 3rd party authentication provider
+// e.g. Facebook, Twitter, etc...
+type Provider interface {
+	Name() string
+	SetName(name string)
+	BeginAuth(state string) (Session, error)
+	UnmarshalSession(string) (Session, error)
+	FetchUser(Session) (User, error)
+	Debug(bool)
+	RefreshToken(refreshToken string) (*oauth2.Token, error) //Get new access token based on the refresh token
+	RefreshTokenAvailable() bool                             //Refresh token is provided by auth provider or not
+}
+
+const NoAuthUrlErrorMessage = "an AuthURL has not been set"
+
+// Providers is list of known/available providers.
+type Providers map[string]Provider
+
+var providers = Providers{}
+
+// UseProviders adds a list of available providers for use with Goth.
+// Can be called multiple times. If you pass the same provider more
+// than once, the last will be used.
+func UseProviders(viders ...Provider) {
+	for _, provider := range viders {
+		providers[provider.Name()] = provider
+	}
+}
+
+// GetProviders returns a list of all the providers currently in use.
+func GetProviders() Providers {
+	return providers
+}
+
+// GetProvider returns a previously created provider. If Goth has not
+// been told to use the named provider it will return an error.
+func GetProvider(name string) (Provider, error) {
+	provider := providers[name]
+	if provider == nil {
+		return nil, fmt.Errorf("no provider for %s exists", name)
+	}
+	return provider, nil
+}
+
+// ClearProviders will remove all providers currently in use.
+// This is useful, mostly, for testing purposes.
+func ClearProviders() {
+	providers = Providers{}
+}
+
+// ContextForClient provides a context for use with oauth2.
+func ContextForClient(h *http.Client) context.Context {
+	if h == nil {
+		return oauth2.NoContext
+	}
+	return context.WithValue(oauth2.NoContext, oauth2.HTTPClient, h)
+}
+
+// HTTPClientWithFallBack to be used in all fetch operations.
+func HTTPClientWithFallBack(h *http.Client) *http.Client {
+	if h != nil {
+		return h
+	}
+	return http.DefaultClient
+}