Documentation
¶
Index ¶
- Variables
- func AuthKeyPresent(key string, authKeys []AuthKey) bool
- func BytesToID(buf []byte) uint
- func CreateAuthKey(k *AuthKey) error
- func CreateCredential(c *Credential) error
- func CreateUser(u *User) error
- func DeleteAuthKey(key string) error
- func DeleteCredentialByID(credentialID string) error
- func Setup(config *util.Config) error
- func UpdateAuthenticatorSignCount(c *Credential, count uint32) error
- func UpdateCredential(c *Credential) error
- func UpdateUser(u *User) error
- type AuthKey
- type Authenticator
- type Credential
- type User
Constants ¶
This section is empty.
Variables ¶
var ErrUsernameTaken = errors.New("username already taken")
ErrUsernameTaken is thrown when a user attempts to register a username that is taken.
Functions ¶
func AuthKeyPresent ¶
func BytesToID ¶
BytesToID converts a byte slice to a uint. This is needed because the WebAuthn specification deals with byte buffers, while the primary keys in our database are uints.
func CreateAuthKey ¶
CreateAuthKey creates a new AuthKey object in the database
func CreateCredential ¶
func CreateCredential(c *Credential) error
CreateCredential creates a new credential object
func DeleteAuthKey ¶
DeleteAuthKey deletes an AuthKey using its key. This should only be called by the authorized user, after they have logged in (so at the finish part of a FIDO2 login).
func DeleteCredentialByID ¶
DeleteCredentialByID gets a credential by its ID. In practice, this would be a bad function without some other checks (like what user is logged in) because someone could hypothetically delete ANY credential.
func UpdateAuthenticatorSignCount ¶
func UpdateAuthenticatorSignCount(c *Credential, count uint32) error
func UpdateCredential ¶
func UpdateCredential(c *Credential) error
UpdateCredential updates the credential with new attributes.
Types ¶
type AuthKey ¶
When signing authenticator certificates, we will only sign a CSR if the public key is valid for the account.
func GetAuthKeysForUser ¶
GetAuthKeysForUser retrieves all AuthKeys for a provided user
type Authenticator ¶
The model for an Authenticator. Not implemented in gorm. Separate for readability.
func MakeAuthenticator ¶
func MakeAuthenticator(a *webauthn.Authenticator) Authenticator
type Credential ¶
type Credential struct {
gorm.Model
CredentialID string `json:"credential_id"`
Auth Authenticator `gorm:"embedded" json:"authenticator"`
PublicKey []byte `json:"public_key,omitempty"`
UserID uint
}
Credential is the stored credential for Auth
func GetCredentialForUser ¶
func GetCredentialForUser(user *User, credentialID string) (Credential, error)
GetCredentialForUser retrieves a specific credential for a user.
func GetCredentialsForUser ¶
func GetCredentialsForUser(user *User) ([]Credential, error)
GetCredentialsForUser retrieves all credentials for a provided user regardless of relying party.
type User ¶
type User struct {
gorm.Model
Username string `json:"name" gorm:"not null" validate:"required,min=2,max=25,alphanumunicode"`
DisplayName string `json:"display_name" gorm:"not null"`
Credentials []Credential `json:"credentials"`
}
User represents the user model
func GetUser ¶
GetUser returns the user that the given id corresponds to. If no user is found, an error is thrown.
func GetUserByUsername ¶
GetUserByUsername returns the user that the given username corresponds to. If no user is found, an error is thrown.
func (User) CredentialExcludeList ¶
func (u User) CredentialExcludeList() []protocol.CredentialDescriptor
CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials
func (User) WebAuthnCredentials ¶
func (u User) WebAuthnCredentials() []webauthn.Credential
WebAuthnCredentials helps implement the webauthn.User interface by loading the user's credentials from the underlying database.
func (User) WebAuthnDisplayName ¶
WebAuthnDisplayName returns the user's display name
func (User) WebAuthnIcon ¶
WebAuthnIcon is not (yet) implemented
func (User) WebAuthnName ¶
WebAuthnName returns the user's username
Source Files