Documentation
¶
Index ¶
- Constants
- Variables
- func TOTPLink(secret *otp.Key, width, height int) (string, error)
- type Auth
- func (auth *Auth) CheckPasswordPolicy(candidate string, username string) error
- func (auth *Auth) CheckScope(param string, scope component.Scope, r *http.Request) error
- func (auth *Auth) CreateUser(ctx context.Context, name string) (user *AuthUser, err error)
- func (auth *Auth) HandleRoute(ctx context.Context, route string) (http.Handler, error)
- func (auth *Auth) Login(w http.ResponseWriter, r *http.Request, user *AuthUser) error
- func (auth *Auth) Logout(w http.ResponseWriter, r *http.Request) error
- func (auth *Auth) Menu(r *http.Request) []component.MenuItem
- func (auth *Auth) Protect(handler http.Handler, AllowToken bool, scope component.Scope, ...) http.Handler
- func (auth *Auth) Require(allowToken bool, scope component.Scope, param func(*http.Request) string) func(http.Handler) http.Handler
- func (auth *Auth) Routes() component.Routes
- func (auth *Auth) Scopes() map[component.Scope]component.ScopeInfo
- func (auth *Auth) SessionOf(r *http.Request) (session component.SessionInfo, user *AuthUser, err error)
- func (auth *Auth) TableInfo() component.TableInfo
- func (auth *Auth) User(ctx context.Context, name string) (user *AuthUser, err error)
- func (auth *Auth) UserOfSession(r *http.Request) (user *AuthUser, err error)
- func (auth *Auth) UserOfToken(r *http.Request) (user *AuthUser, err error)
- func (auth *Auth) Users(ctx context.Context) (users []*AuthUser, err error)
- type AuthUser
- func (au *AuthUser) CheckCredentials(ctx context.Context, password []byte, passcode string) error
- func (au *AuthUser) CheckPassword(ctx context.Context, password []byte) error
- func (au *AuthUser) CheckPasswordPolicy(candidate string) error
- func (au *AuthUser) CheckTOTP(passcode string) error
- func (au *AuthUser) Delete(ctx context.Context) error
- func (au *AuthUser) DisableTOTP(ctx context.Context) (err error)
- func (au *AuthUser) EnableTOTP(ctx context.Context, passcode string) error
- func (au *AuthUser) MakeAdmin(ctx context.Context) error
- func (au *AuthUser) MakeRegular(ctx context.Context) error
- func (au *AuthUser) NewTOTP(ctx context.Context) (*otp.Key, error)
- func (au *AuthUser) Save(ctx context.Context) error
- func (au *AuthUser) SetPassword(ctx context.Context, password []byte) (err error)
- func (au *AuthUser) String() string
- func (au *AuthUser) TOTP() (*otp.Key, error)
- func (au *AuthUser) UnsetPassword(ctx context.Context) error
Constants ¶
const MinPasswordLength = 8
Variables ¶
var ( ErrUnknownScope = errors.New("unknown scope") ErrParamRequired = errors.New("scope requires parameter") ErrNoParam = errors.New("scope does not take parameter") )
var ( ErrTOTPEnabled = errors.New("TOTP is enabled") ErrTOTPDisabled = errors.New("TOTP is disabled") ErrTOTPFailed = errors.New("TOTP failed") )
var ( ErrPolicyBlank = errors.New("password is blank") ErrPolicyTooShort = errors.New(fmt.Sprintf("password is too short: minimum length %d", MinPasswordLength)) ErrPolicyKnown = errors.New("password is on the list of known passwords") ErrPolicyUsername = errors.New("password may not be identical to username") )
var ( ErrNoUser = errors.New("user is nil") ErrUserDisabled = errors.New("user is disabled") ErrUserBlank = errors.New("user has no password set") )
var ErrUserNotFound = errors.New("user not found")
ErrUserNotFound is returned when a user is not found
Functions ¶
Types ¶
type Auth ¶
type Auth struct {
component.Base
Dependencies struct {
SQL *sql.SQL
UserDeleteHooks []component.UserDeleteHook
Templating *templating.Templating
ScopeProviders []component.ScopeProvider
Tokens *tokens.Tokens
}
// contains filtered or unexported fields
}
func (*Auth) CheckPasswordPolicy ¶
CheckPasswordPolicy checks if the given password would pass the password policy.
The password policy checks that the password has a minimum length of MinPasswordLength and that it is not a common password. It also checks that password and username are not identical.
func (*Auth) CheckScope ¶
CheckScope checks if the given request is associated with the given request. A request can be one of two types: - A signed in user with an implicitly associated set of scopes - A session authorized with a token only If the request is denied a scope, the error will be of type AccessDeniedError.
func (*Auth) CreateUser ¶
CreateUser creates a new user and returns it. The user is not associated to any WissKIs, and has no password set.
func (*Auth) HandleRoute ¶
func (*Auth) Login ¶
Login logs a user into the given request.
If a user was previously logged into this session, UserOf may not return the correct user until the user makes a new request.
It is recommended to send a HTTP redirect to make sure a new request is made.
func (*Auth) Logout ¶
Logout logs out the user from the given session.
UserOf may return incorrect results until the user makes a new request. It is recommended to send a HTTP redirect to make sure a new request is made.
func (*Auth) Protect ¶
func (auth *Auth) Protect(handler http.Handler, AllowToken bool, scope component.Scope, param func(*http.Request) string) http.Handler
Protect returns a new handler which requires a user to be logged in and have the provided scope.
AllowToken determines if a token is allowed instead of a user session.
If an unauthenticated user attempts to access the returned handler, they are redirected to the login endpoint. If an authenticated user is missing the given scope, a Forbidden response is called. If an authenticated calls the endpoint, and they have the given permissions, the original handler is called.
func (*Auth) Require ¶
func (auth *Auth) Require(allowToken bool, scope component.Scope, param func(*http.Request) string) func(http.Handler) http.Handler
Require returns a slice containing one decorator that acts like auth.Protect(allowToken,scope,param) on every request.
func (*Auth) SessionOf ¶
func (auth *Auth) SessionOf(r *http.Request) (session component.SessionInfo, user *AuthUser, err error)
SessionOf returns the session and user logged into the provided request. token indicates if the user used a token to authenticate, or a browser session was used. A token takes priority over a user in a session.
If there is no user associated with the given request, user and error are nil, and token is false. An invalid session, expired token, or disabled user all result in user = nil.
When no SessionOf exists in the given session returns nil.
func (*Auth) User ¶
User returns a single user. If the user does not exist, returns ErrUserNotFound.
func (*Auth) UserOfSession ¶
UserOfSession returns the user of the session associated with r.
func (*Auth) UserOfToken ¶
UserOfToken returns the user associated with the token in request. To check the user of a token or session, use SessionOf.
type AuthUser ¶
AuthUser represents an authorized user
func (*AuthUser) CheckCredentials ¶
func (*AuthUser) CheckPassword ¶
CheckPassword checks if this user can login with the provided password. Returns nil on success, an error otherwise.
func (*AuthUser) CheckPasswordPolicy ¶
func (*AuthUser) CheckTOTP ¶
CheckTOTP validates the given totp passcode against the saved secret. If totp is not enabled, any passcode will pass the check.
func (*AuthUser) DisableTOTP ¶
DisableTOTP disables totp for the given user
func (*AuthUser) EnableTOTP ¶
EnableTOTP enables totp for the given user
func (*AuthUser) MakeAdmin ¶
MakeAdmin makes this user an admin, and saves the update in the database. If the user is already an admin, does not return an error.
func (*AuthUser) MakeRegular ¶
MakeRegular removes admin rights from this user. If this user is not an dmin, does not return an error.
func (*AuthUser) SetPassword ¶
SetPassword sets the password for this user and turns the user on
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api implements a common handler used by the api routes
|
Package api implements a common handler used by the api routes |
|
Package scopes implements and provides scopes used by the API
|
Package scopes implements and provides scopes used by the API |