auth

package

v2.0.6+incompatible Latest Latest Go to latest Published: Apr 23, 2020 License: AGPL-3.0 Imports: 41 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/EngineerIG/cells

Documentation ¶

Overview ¶

Package auth provides tools related to authentication of pydio services

Index ¶

func AddContextVerifier(v ContextVerifier)
func FromMetadata(ctx context.Context) (c claim.Claims, o bool)
func RegisterDexProvider(c common.ConfigValues)
func RegisterGRPCProvider(service string)
func RegisterOryProvider(o fosite.OAuth2Provider)
func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)
func ToMetadata(ctx context.Context, claims claim.Claims) context.Context
func VerifyContext(ctx context.Context, user *idm.User) error
func WithImpersonate(ctx context.Context, user *idm.User) context.Context
type BasicAuthenticator
- func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator
- func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc
type ContextVerifier
type Exchanger
type IDToken
type JWTVerifier
- func DefaultJWTVerifier() *JWTVerifier
- func (j *JWTVerifier) Exchange(ctx context.Context, code string) (*oauth2.Token, error)
- func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)
- func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)
type LockVerifier
- func (l LockVerifier) Verify(ctx context.Context, user *idm.User) error
type MappingRule
- func (m MappingRule) AddPrefix(prefix string, strs []string) []string
- func (m MappingRule) ConvertDNtoName(strs []string) []string
- func (m MappingRule) FilterList(list []string, strs []string) []string
- func (m MappingRule) FilterPreg(preg string, strs []string) []string
- func (m MappingRule) IsDnFormat(str string) bool
- func (m MappingRule) RemoveLdapEscape(strs []string) []string
- func (m MappingRule) SanitizeValues(strs []string) []string
type OIDCPoliciesVerifier
- func (O OIDCPoliciesVerifier) Verify(ctx context.Context, user *idm.User) error
type PasswordCredentialsTokenExchanger
type Provider
type ProviderType
type PydioPW
- func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)
- func (p PydioPW) CreateHash(password string) (base64Pw string)
type Verifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AddContextVerifier ¶

func AddContextVerifier(v ContextVerifier)

AddContextVerifier registers an additional verifier

func FromMetadata ¶

func FromMetadata(ctx context.Context) (c claim.Claims, o bool)

FromMetadata loads Claims from metadata (be passed along by grpc queries)

func RegisterDexProvider ¶

func RegisterDexProvider(c common.ConfigValues)

func RegisterGRPCProvider ¶

func RegisterGRPCProvider(service string)

func RegisterOryProvider ¶

func RegisterOryProvider(o fosite.OAuth2Provider)

func SubjectsForResourcePolicyQuery ¶

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func ToMetadata ¶

func ToMetadata(ctx context.Context, claims claim.Claims) context.Context

ToMetadata stores Claims in metadata (to be passed along by grpc queries)

func VerifyContext ¶

func VerifyContext(ctx context.Context, user *idm.User) error

func WithImpersonate ¶

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types ¶

type BasicAuthenticator ¶

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator ¶

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap ¶

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type ContextVerifier ¶

type ContextVerifier interface {
	Verify(ctx context.Context, user *idm.User) error
}

type Exchanger ¶

type Exchanger interface {
	Exchange(context.Context, string) (*oauth2.Token, error)
}

type IDToken ¶

type IDToken interface {
	Claims(interface{}) error
}

type JWTVerifier ¶

type JWTVerifier struct{}

func DefaultJWTVerifier ¶

func DefaultJWTVerifier() *JWTVerifier

DefaultJWTVerifier creates a ready to use JWTVerifier

func (*JWTVerifier) Exchange ¶

func (j *JWTVerifier) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

Exchange retrives a oauth2 Token from a code

func (*JWTVerifier) PasswordCredentialsToken ¶

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify ¶

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type LockVerifier ¶

type LockVerifier struct{}

func (LockVerifier) Verify ¶

func (l LockVerifier) Verify(ctx context.Context, user *idm.User) error

type MappingRule ¶

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, sql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix ¶

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName ¶

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like:

user01
user02
user03

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg ¶

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat ¶

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape ¶

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues ¶

func (m MappingRule) SanitizeValues(strs []string) []string

type OIDCPoliciesVerifier ¶

type OIDCPoliciesVerifier struct{}

func (OIDCPoliciesVerifier) Verify ¶

func (O OIDCPoliciesVerifier) Verify(ctx context.Context, user *idm.User) error

type PasswordCredentialsTokenExchanger ¶

type PasswordCredentialsTokenExchanger interface {
	PasswordCredentialsToken(context.Context, string, string) (*oauth2.Token, error)
	PasswordCredentialsTokenVerify(context.Context, string) (IDToken, error)
}

type Provider ¶

type Provider interface {
	GetType() ProviderType
}

type ProviderType ¶

type ProviderType int

const (
	ProviderTypeDex ProviderType = iota
	ProviderTypeOry
	ProviderTypeGrpc
)

type PydioPW ¶

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd ¶

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash ¶

func (p PydioPW) CreateHash(password string) (base64Pw string)

type Verifier ¶

type Verifier interface {
	Verify(context.Context, string) (IDToken, error)
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
claim Package claim wraps the JWT claims with util functions	Package claim wraps the JWT claims with util functions
dex Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol	Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL