storage

package
v4.38.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 30, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ErrFmtMigrateUpTargetLessThanCurrent      = "schema up migration target version %d is less then the current version %d"
	ErrFmtMigrateUpTargetGreaterThanLatest    = "schema up migration target version %d is greater then the latest version %d which indicates it doesn't exist"
	ErrFmtMigrateDownTargetGreaterThanCurrent = "schema down migration target version %d is greater than the current version %d"
	ErrFmtMigrateDownTargetLessThanMinimum    = "schema down migration target version %d is less than the minimum version"
	ErrFmtMigrateAlreadyOnTargetVersion       = "schema migration target version %d is the same current version %d"
)

Error formats for the storage provider.

View Source
const (
	// SchemaLatest represents the value expected for a "migrate to latest" migration. It's the maximum 32bit signed integer.
	SchemaLatest = 2147483647
)

Variables

View Source
var (
	// ErrNoAuthenticationLogs error thrown when no matching authentication logs have been found in DB.
	ErrNoAuthenticationLogs = errors.New("no matching authentication logs found")

	// ErrNoTOTPConfiguration error thrown when no TOTP configuration has been found in DB.
	ErrNoTOTPConfiguration = errors.New("no TOTP configuration for user")

	// ErrNoWebAuthnCredential error thrown when no WebAuthn credential handle has been found in DB.
	ErrNoWebAuthnCredential = errors.New("no WebAuthn credential found")

	// ErrNoDuoDevice error thrown when no Duo device and method has been found in DB.
	ErrNoDuoDevice = errors.New("no Duo device and method saved")

	// ErrNoAvailableMigrations is returned when no available migrations can be found.
	ErrNoAvailableMigrations = errors.New("no available migrations")

	// ErrMigrateCurrentVersionSameAsTarget is returned when the target version is the same as the current.
	ErrMigrateCurrentVersionSameAsTarget = errors.New("current version is same as migration target, no action being taken")

	// ErrSchemaAlreadyUpToDate is returned when the schema is already up to date.
	ErrSchemaAlreadyUpToDate = errors.New("schema already up to date")

	// ErrNoMigrationsFound is returned when no migrations were found.
	ErrNoMigrationsFound = errors.New("no schema migrations found")

	// ErrSchemaEncryptionVersionUnsupported is returned when the schema is checked if the encryption key is valid for
	// the database but the schema doesn't support encryption.
	ErrSchemaEncryptionVersionUnsupported = errors.New("schema version doesn't support encryption")

	// ErrSchemaEncryptionInvalidKey is returned when the schema is checked if the encryption key is valid for
	// the database but the key doesn't appear to be valid.
	ErrSchemaEncryptionInvalidKey = errors.New("the configured encryption key does not appear to be valid for this database which may occur if the encryption key was changed in the configuration without using the cli to change it in the database")
)

Functions

func SchemaVersionToString added in v4.33.0

func SchemaVersionToString(version int) (versionStr string)

SchemaVersionToString returns a version string given a version number.

Types

type ConsentPreConfigRows added in v4.37.0

type ConsentPreConfigRows struct {
	// contains filtered or unexported fields
}

ConsentPreConfigRows holds and assists with retrieving multiple model.OAuth2ConsentSession rows.

func (*ConsentPreConfigRows) Close added in v4.37.0

func (r *ConsentPreConfigRows) Close() (err error)

Close the rows.

func (*ConsentPreConfigRows) Get added in v4.37.0

func (r *ConsentPreConfigRows) Get() (config *model.OAuth2ConsentPreConfig, err error)

Get returns the *model.OAuth2ConsentSession or scan error.

func (*ConsentPreConfigRows) Next added in v4.37.0

func (r *ConsentPreConfigRows) Next() bool

Next is the row iterator.

type EncryptionChangeKeyFunc added in v4.37.3

type EncryptionChangeKeyFunc func(ctx context.Context, provider *SQLProvider, tx *sqlx.Tx, key [32]byte) (err error)

EncryptionChangeKeyFunc handles encryption key changes for a specific table or tables.

type EncryptionCheckKeyFunc added in v4.37.3

type EncryptionCheckKeyFunc func(ctx context.Context, provider *SQLProvider) (table string, result EncryptionValidationTableResult)

EncryptionCheckKeyFunc handles encryption key checking for a specific table or tables.

type EncryptionValidationResult added in v4.37.3

type EncryptionValidationResult struct {
	InvalidCheckValue bool
	Tables            map[string]EncryptionValidationTableResult
}

EncryptionValidationResult contains information about the success of a schema encryption validation.

func (EncryptionValidationResult) Checked added in v4.37.3

func (r EncryptionValidationResult) Checked() bool

Checked returns true the validation completed all phases even if there were errors.

func (EncryptionValidationResult) Success added in v4.37.3

func (r EncryptionValidationResult) Success() bool

Success returns true if no validation errors occurred.

type EncryptionValidationTableResult added in v4.37.3

type EncryptionValidationTableResult struct {
	Error   error
	Total   int
	Invalid int
}

EncryptionValidationTableResult contains information about the success of a table schema encryption validation.

func (EncryptionValidationTableResult) ResultDescriptor added in v4.37.3

func (r EncryptionValidationTableResult) ResultDescriptor() string

ResultDescriptor returns a string representing the result.

type MySQLProvider

type MySQLProvider struct {
	SQLProvider
}

MySQLProvider is a MySQL provider.

func NewMySQLProvider

func NewMySQLProvider(config *schema.Configuration, caCertPool *x509.CertPool) (provider *MySQLProvider)

NewMySQLProvider a MySQL provider.

type OAuth2SessionType added in v4.35.0

type OAuth2SessionType int

OAuth2SessionType represents the potential OAuth 2.0 session types.

const (
	OAuth2SessionTypeAccessToken OAuth2SessionType = iota
	OAuth2SessionTypeAuthorizeCode
	OAuth2SessionTypeOpenIDConnect
	OAuth2SessionTypePAR
	OAuth2SessionTypePKCEChallenge
	OAuth2SessionTypeRefreshToken
)

Representation of specific OAuth 2.0 session types.

func (OAuth2SessionType) String added in v4.37.3

func (s OAuth2SessionType) String() string

String returns a string representation of this OAuth2SessionType.

func (OAuth2SessionType) Table added in v4.37.3

func (s OAuth2SessionType) Table() string

Table returns the table name for this session type.

type PostgreSQLProvider

type PostgreSQLProvider struct {
	SQLProvider
}

PostgreSQLProvider is a PostgreSQL provider.

func NewPostgreSQLProvider

func NewPostgreSQLProvider(config *schema.Configuration, caCertPool *x509.CertPool) (provider *PostgreSQLProvider)

NewPostgreSQLProvider a PostgreSQL provider.

type Provider

type Provider interface {
	model.StartupCheck

	storage.Transactional

	// Close the underlying storage provider.
	Close() (err error)

	// SavePreferred2FAMethod save the preferred method for 2FA for a username to the storage provider.
	SavePreferred2FAMethod(ctx context.Context, username string, method string) (err error)

	// LoadPreferred2FAMethod load the preferred method for 2FA for a username from the storage provider.
	LoadPreferred2FAMethod(ctx context.Context, username string) (method string, err error)

	// LoadUserInfo loads the model.UserInfo from the storage provider.
	LoadUserInfo(ctx context.Context, username string) (info model.UserInfo, err error)

	// SaveUserOpaqueIdentifier saves a new opaque user identifier to the storage provider.
	SaveUserOpaqueIdentifier(ctx context.Context, subject model.UserOpaqueIdentifier) (err error)

	// LoadUserOpaqueIdentifier selects an opaque user identifier from the storage provider.
	LoadUserOpaqueIdentifier(ctx context.Context, identifier uuid.UUID) (subject *model.UserOpaqueIdentifier, err error)

	// LoadUserOpaqueIdentifiers selects an opaque user identifiers from the storage provider.
	LoadUserOpaqueIdentifiers(ctx context.Context) (identifiers []model.UserOpaqueIdentifier, err error)

	// LoadUserOpaqueIdentifierBySignature selects an opaque user identifier from the storage provider given a service
	// name, sector id, and username.
	LoadUserOpaqueIdentifierBySignature(ctx context.Context, service, sectorID, username string) (subject *model.UserOpaqueIdentifier, err error)

	// SaveTOTPConfiguration save a TOTP configuration of a given user in the storage provider.
	SaveTOTPConfiguration(ctx context.Context, config model.TOTPConfiguration) (err error)

	// UpdateTOTPConfigurationSignIn updates a registered TOTP configuration in the storage provider with the relevant
	// sign in information.
	UpdateTOTPConfigurationSignIn(ctx context.Context, id int, lastUsedAt sql.NullTime) (err error)

	// DeleteTOTPConfiguration delete a TOTP configuration from the storage provider given a username.
	DeleteTOTPConfiguration(ctx context.Context, username string) (err error)

	// LoadTOTPConfiguration load a TOTP configuration given a username from the storage provider.
	LoadTOTPConfiguration(ctx context.Context, username string) (config *model.TOTPConfiguration, err error)

	// LoadTOTPConfigurations load a set of TOTP configurations from the storage provider.
	LoadTOTPConfigurations(ctx context.Context, limit, page int) (configs []model.TOTPConfiguration, err error)

	// SaveTOTPHistory saves a TOTP history item in the storage provider.
	SaveTOTPHistory(ctx context.Context, username string, step uint64) (err error)

	// ExistsTOTPHistory checks if a TOTP history item exists in the storage provider.
	ExistsTOTPHistory(ctx context.Context, username string, step uint64) (exists bool, err error)

	// SaveWebAuthnUser saves a registered WebAuthn user to the storage provider.
	SaveWebAuthnUser(ctx context.Context, user model.WebAuthnUser) (err error)

	// LoadWebAuthnUser loads a registered WebAuthn user from the storage provider.
	LoadWebAuthnUser(ctx context.Context, rpid, username string) (user *model.WebAuthnUser, err error)

	// SaveWebAuthnCredential saves a registered WebAuthn credential to the storage provider.
	SaveWebAuthnCredential(ctx context.Context, credential model.WebAuthnCredential) (err error)

	// UpdateWebAuthnCredentialDescription updates a registered WebAuthn credential in the storage provider changing the
	// description.
	UpdateWebAuthnCredentialDescription(ctx context.Context, username string, credentialID int, description string) (err error)

	// UpdateWebAuthnCredentialSignIn updates a registered WebAuthn credential in the storage provider changing the
	// information that should be changed in the event of a successful sign in.
	UpdateWebAuthnCredentialSignIn(ctx context.Context, credential model.WebAuthnCredential) (err error)

	// DeleteWebAuthnCredential deletes a registered WebAuthn credential from the storage provider.
	DeleteWebAuthnCredential(ctx context.Context, kid string) (err error)

	// DeleteWebAuthnCredentialByUsername deletes registered WebAuthn credential from the storage provider by username
	// or username and description.
	DeleteWebAuthnCredentialByUsername(ctx context.Context, username, description string) (err error)

	// LoadWebAuthnCredentials loads WebAuthn credential registrations from the storage provider.
	LoadWebAuthnCredentials(ctx context.Context, limit, page int) (credentials []model.WebAuthnCredential, err error)

	// LoadWebAuthnCredentialsByUsername loads all WebAuthn credential registrations from the storage provider for a
	// given username.
	LoadWebAuthnCredentialsByUsername(ctx context.Context, rpid, username string) (credential []model.WebAuthnCredential, err error)

	// LoadWebAuthnCredentialByID loads a WebAuthn credential registration from the storage provider for a given id.
	LoadWebAuthnCredentialByID(ctx context.Context, id int) (credential *model.WebAuthnCredential, err error)

	// SavePreferredDuoDevice saves a Duo device to the storage provider.
	SavePreferredDuoDevice(ctx context.Context, device model.DuoDevice) (err error)

	// DeletePreferredDuoDevice deletes a Duo device from the storage provider for a given username.
	DeletePreferredDuoDevice(ctx context.Context, username string) (err error)

	// LoadPreferredDuoDevice loads a Duo device from the storage provider for a given username.
	LoadPreferredDuoDevice(ctx context.Context, username string) (device *model.DuoDevice, err error)

	// SaveIdentityVerification save an identity verification record to the storage provider.
	SaveIdentityVerification(ctx context.Context, verification model.IdentityVerification) (err error)

	// ConsumeIdentityVerification marks an identity verification record in the storage provider as consumed.
	ConsumeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)

	// RevokeIdentityVerification marks an identity verification record in the storage provider as revoked.
	RevokeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)

	// FindIdentityVerification checks if an identity verification record is in the storage provider and active.
	FindIdentityVerification(ctx context.Context, jti string) (found bool, err error)

	// LoadIdentityVerification loads an Identity Verification but does not do any validation.
	// For easy validation you should use FindIdentityVerification which ensures the JWT is still valid.
	LoadIdentityVerification(ctx context.Context, jti string) (verification *model.IdentityVerification, err error)

	// SaveOneTimeCode saves a one-time code to the storage provider after generating the signature which is returned
	// along with any error.
	SaveOneTimeCode(ctx context.Context, code model.OneTimeCode) (signature string, err error)

	// ConsumeOneTimeCode consumes a one-time code using the signature.
	ConsumeOneTimeCode(ctx context.Context, code *model.OneTimeCode) (err error)

	// RevokeOneTimeCode revokes a one-time code in the storage provider using the public ID.
	RevokeOneTimeCode(ctx context.Context, id uuid.UUID, ip model.IP) (err error)

	// LoadOneTimeCode loads a one-time code from the storage provider given a username, intent, and code.
	LoadOneTimeCode(ctx context.Context, username, intent, raw string) (code *model.OneTimeCode, err error)

	// LoadOneTimeCodeBySignature loads a one-time code from the storage provider given the signature.
	// This method should NOT be used to validate a One-Time Code, LoadOneTimeCode should be used instead.
	LoadOneTimeCodeBySignature(ctx context.Context, signature string) (code *model.OneTimeCode, err error)

	// LoadOneTimeCodeByID loads a one-time code from the storage provider given the id.
	// This does not decrypt the code. This method should NOT be used to validate a One-Time Code,
	// LoadOneTimeCode should be used instead.
	LoadOneTimeCodeByID(ctx context.Context, id int) (code *model.OneTimeCode, err error)

	// LoadOneTimeCodeByPublicID loads a one-time code from the storage provider given the public identifier.
	// This does not decrypt the code. This method SHOULD ONLY be used to find the One-Time Code for the
	// purpose of deletion.
	LoadOneTimeCodeByPublicID(ctx context.Context, id uuid.UUID) (code *model.OneTimeCode, err error)

	// SaveOAuth2ConsentPreConfiguration inserts an OAuth2.0 consent pre-configuration in the storage provider.
	SaveOAuth2ConsentPreConfiguration(ctx context.Context, config model.OAuth2ConsentPreConfig) (insertedID int64, err error)

	// LoadOAuth2ConsentPreConfigurations returns an OAuth2.0 consents pre-configurations from the storage provider given the consent signature.
	LoadOAuth2ConsentPreConfigurations(ctx context.Context, clientID string, subject uuid.UUID) (rows *ConsentPreConfigRows, err error)

	// SaveOAuth2ConsentSession inserts an OAuth2.0 consent session to the storage provider.
	SaveOAuth2ConsentSession(ctx context.Context, consent model.OAuth2ConsentSession) (err error)

	// SaveOAuth2ConsentSessionSubject updates an OAuth2.0 consent session in the storage provider with the subject.
	SaveOAuth2ConsentSessionSubject(ctx context.Context, consent model.OAuth2ConsentSession) (err error)

	// SaveOAuth2ConsentSessionResponse updates an OAuth2.0 consent session in the storage provider with the response.
	SaveOAuth2ConsentSessionResponse(ctx context.Context, consent model.OAuth2ConsentSession, rejection bool) (err error)

	// SaveOAuth2ConsentSessionGranted updates an OAuth2.0 consent session in the storage provider recording that it
	// has been granted by the authorization endpoint.
	SaveOAuth2ConsentSessionGranted(ctx context.Context, id int) (err error)

	// LoadOAuth2ConsentSessionByChallengeID returns an OAuth2.0 consent session in the storage provider given the
	// challenge ID.
	LoadOAuth2ConsentSessionByChallengeID(ctx context.Context, challengeID uuid.UUID) (consent *model.OAuth2ConsentSession, err error)

	// SaveOAuth2Session saves an OAut2.0 session to the storage provider.
	SaveOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, session model.OAuth2Session) (err error)

	// RevokeOAuth2Session marks an OAuth2.0 session as revoked in the storage provider.
	RevokeOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)

	// RevokeOAuth2SessionByRequestID marks an OAuth2.0 session as revoked in the storage provider.
	RevokeOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)

	// DeactivateOAuth2Session marks an OAuth2.0 session as inactive in the storage provider.
	DeactivateOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)

	// DeactivateOAuth2SessionByRequestID marks an OAuth2.0 session as inactive in the storage provider.
	DeactivateOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)

	// LoadOAuth2Session saves an OAuth2.0 session from the storage provider.
	LoadOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (session *model.OAuth2Session, err error)

	// SaveOAuth2PARContext save an OAuth2.0 PAR context to the storage provider.
	SaveOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)

	// LoadOAuth2PARContext loads an OAuth2.0 PAR context from the storage provider.
	LoadOAuth2PARContext(ctx context.Context, signature string) (par *model.OAuth2PARContext, err error)

	// RevokeOAuth2PARContext marks an OAuth2.0 PAR context as revoked in the storage provider.
	RevokeOAuth2PARContext(ctx context.Context, signature string) (err error)

	// UpdateOAuth2PARContext updates an existing OAuth2.0 PAR context in the storage provider.
	UpdateOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)

	// SaveOAuth2BlacklistedJTI saves an OAuth2.0 blacklisted JTI to the storage provider.
	SaveOAuth2BlacklistedJTI(ctx context.Context, blacklistedJTI model.OAuth2BlacklistedJTI) (err error)

	// LoadOAuth2BlacklistedJTI loads an OAuth2.0 blacklisted JTI from the storage provider.
	LoadOAuth2BlacklistedJTI(ctx context.Context, signature string) (blacklistedJTI *model.OAuth2BlacklistedJTI, err error)

	// SchemaTables returns a list of tables from the storage provider.
	SchemaTables(ctx context.Context) (tables []string, err error)

	// SchemaVersion returns the version of the schema from the storage provider.
	SchemaVersion(ctx context.Context) (version int, err error)

	// SchemaLatestVersion returns the latest version available for migration for the storage provider.
	SchemaLatestVersion() (version int, err error)

	// SchemaMigrationHistory returns the storage provider migration history rows.
	SchemaMigrationHistory(ctx context.Context) (migrations []model.Migration, err error)

	// SchemaMigrationsUp returns a list of storage provider up migrations available between the current version
	// and the provided version.
	SchemaMigrationsUp(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)

	// SchemaMigrationsDown returns a list of storage provider down migrations available between the current version
	// and the provided version.
	SchemaMigrationsDown(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)

	// SchemaMigrate migrates from the storage provider's current schema version to the provided schema version.
	SchemaMigrate(ctx context.Context, up bool, version int) (err error)

	// SchemaEncryptionChangeKey uses the currently configured key to decrypt values in the storage provider and the key
	// provided by this command to encrypt the values again and update them using a transaction.
	SchemaEncryptionChangeKey(ctx context.Context, key string) (err error)

	// SchemaEncryptionCheckKey checks the encryption key configured is valid for the storage provider.
	SchemaEncryptionCheckKey(ctx context.Context, verbose bool) (result EncryptionValidationResult, err error)

	RegulatorProvider
}

Provider is an interface providing storage capabilities for persisting any kind of data related to Authelia.

type RegulatorProvider added in v4.33.0

type RegulatorProvider interface {
	// AppendAuthenticationLog saves an authentication attempt to the storage provider.
	AppendAuthenticationLog(ctx context.Context, attempt model.AuthenticationAttempt) (err error)

	// LoadAuthenticationLogs loads authentication attempts from the storage provider (paginated).
	LoadAuthenticationLogs(ctx context.Context, username string, fromDate time.Time, limit, page int) (attempts []model.AuthenticationAttempt, err error)
}

RegulatorProvider is an interface providing storage capabilities for persisting any kind of data related to the regulator.

type SQLProvider

type SQLProvider struct {
	// contains filtered or unexported fields
}

SQLProvider is a storage provider persisting data in a SQL database.

func NewSQLProvider added in v4.33.0

func NewSQLProvider(config *schema.Configuration, name, driverName, dataSourceName string) (provider SQLProvider)

NewSQLProvider generates a generic SQLProvider to be used with other SQL provider NewUp's.

func (*SQLProvider) AppendAuthenticationLog

func (p *SQLProvider) AppendAuthenticationLog(ctx context.Context, attempt model.AuthenticationAttempt) (err error)

AppendAuthenticationLog saves an authentication attempt to the storage provider.

func (*SQLProvider) BeginTX added in v4.35.0

func (p *SQLProvider) BeginTX(ctx context.Context) (c context.Context, err error)

BeginTX begins a transaction with the storage provider when applicable.

func (*SQLProvider) Close added in v4.33.0

func (p *SQLProvider) Close() (err error)

Close the underlying storage provider.

func (*SQLProvider) Commit added in v4.35.0

func (p *SQLProvider) Commit(ctx context.Context) (err error)

Commit performs a storage provider commit when applicable.

func (*SQLProvider) ConsumeIdentityVerification added in v4.33.0

func (p *SQLProvider) ConsumeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)

ConsumeIdentityVerification marks an identity verification record in the storage provider as consumed.

func (*SQLProvider) ConsumeOneTimeCode added in v4.38.0

func (p *SQLProvider) ConsumeOneTimeCode(ctx context.Context, code *model.OneTimeCode) (err error)

ConsumeOneTimeCode consumes a one-time code using the signature.

func (*SQLProvider) DeactivateOAuth2Session added in v4.35.0

func (p *SQLProvider) DeactivateOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)

DeactivateOAuth2Session marks an OAuth2.0 session as inactive in the storage provider.

func (*SQLProvider) DeactivateOAuth2SessionByRequestID added in v4.35.0

func (p *SQLProvider) DeactivateOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)

DeactivateOAuth2SessionByRequestID marks an OAuth2.0 session as inactive in the storage provider.

func (*SQLProvider) DeletePreferredDuoDevice added in v4.33.0

func (p *SQLProvider) DeletePreferredDuoDevice(ctx context.Context, username string) (err error)

DeletePreferredDuoDevice deletes a Duo device from the storage provider for a given username.

func (*SQLProvider) DeleteTOTPConfiguration added in v4.33.0

func (p *SQLProvider) DeleteTOTPConfiguration(ctx context.Context, username string) (err error)

DeleteTOTPConfiguration delete a TOTP configuration from the storage provider given a username.

func (*SQLProvider) DeleteWebAuthnCredential added in v4.38.0

func (p *SQLProvider) DeleteWebAuthnCredential(ctx context.Context, kid string) (err error)

DeleteWebAuthnCredential deletes a registered WebAuthn credential from the storage provider.

func (*SQLProvider) DeleteWebAuthnCredentialByUsername added in v4.38.0

func (p *SQLProvider) DeleteWebAuthnCredentialByUsername(ctx context.Context, username, displayname string) (err error)

DeleteWebAuthnCredentialByUsername deletes registered WebAuthn credential from the storage provider by username or username and description.

func (*SQLProvider) ExistsTOTPHistory added in v4.38.0

func (p *SQLProvider) ExistsTOTPHistory(ctx context.Context, username string, step uint64) (exists bool, err error)

ExistsTOTPHistory checks if a TOTP history item exists in the storage provider.

func (*SQLProvider) FindIdentityVerification added in v4.33.0

func (p *SQLProvider) FindIdentityVerification(ctx context.Context, jti string) (found bool, err error)

FindIdentityVerification checks if an identity verification record is in the storage provider and active.

func (*SQLProvider) LoadAuthenticationLogs added in v4.33.0

func (p *SQLProvider) LoadAuthenticationLogs(ctx context.Context, username string, fromDate time.Time, limit, page int) (attempts []model.AuthenticationAttempt, err error)

LoadAuthenticationLogs loads authentication attempts from the storage provider (paginated).

func (*SQLProvider) LoadIdentityVerification added in v4.38.0

func (p *SQLProvider) LoadIdentityVerification(ctx context.Context, jti string) (verification *model.IdentityVerification, err error)

LoadIdentityVerification loads an Identity Verification but does not do any validation. For easy validation you should use FindIdentityVerification which ensures the JWT is still valid.

func (*SQLProvider) LoadOAuth2BlacklistedJTI added in v4.35.0

func (p *SQLProvider) LoadOAuth2BlacklistedJTI(ctx context.Context, signature string) (blacklistedJTI *model.OAuth2BlacklistedJTI, err error)

LoadOAuth2BlacklistedJTI loads an OAuth2.0 blacklisted JTI from the storage provider.

func (*SQLProvider) LoadOAuth2ConsentPreConfigurations added in v4.37.0

func (p *SQLProvider) LoadOAuth2ConsentPreConfigurations(ctx context.Context, clientID string, subject uuid.UUID) (rows *ConsentPreConfigRows, err error)

LoadOAuth2ConsentPreConfigurations returns an OAuth2.0 consents pre-configurations from the storage provider given the consent signature.

func (*SQLProvider) LoadOAuth2ConsentSessionByChallengeID added in v4.35.0

func (p *SQLProvider) LoadOAuth2ConsentSessionByChallengeID(ctx context.Context, challengeID uuid.UUID) (consent *model.OAuth2ConsentSession, err error)

LoadOAuth2ConsentSessionByChallengeID returns an OAuth2.0 consent session in the storage provider given the challenge ID.

func (*SQLProvider) LoadOAuth2PARContext added in v4.38.0

func (p *SQLProvider) LoadOAuth2PARContext(ctx context.Context, signature string) (par *model.OAuth2PARContext, err error)

LoadOAuth2PARContext loads an OAuth2.0 PAR context from the storage provider.

func (*SQLProvider) LoadOAuth2Session added in v4.35.0

func (p *SQLProvider) LoadOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (session *model.OAuth2Session, err error)

LoadOAuth2Session saves an OAuth2.0 session from the storage provider.

func (*SQLProvider) LoadOneTimeCode added in v4.38.0

func (p *SQLProvider) LoadOneTimeCode(ctx context.Context, username, intent, raw string) (code *model.OneTimeCode, err error)

LoadOneTimeCode loads a one-time code from the storage provider given a username, intent, and code.

func (*SQLProvider) LoadOneTimeCodeByID added in v4.38.0

func (p *SQLProvider) LoadOneTimeCodeByID(ctx context.Context, id int) (code *model.OneTimeCode, err error)

LoadOneTimeCodeByID loads a one-time code from the storage provider given the id. This does not decrypt the code. This method should NOT be used to validate a One-Time Code, LoadOneTimeCode should be used instead.

func (*SQLProvider) LoadOneTimeCodeByPublicID added in v4.38.0

func (p *SQLProvider) LoadOneTimeCodeByPublicID(ctx context.Context, id uuid.UUID) (code *model.OneTimeCode, err error)

LoadOneTimeCodeByPublicID loads a one-time code from the storage provider given the public identifier. This does not decrypt the code. This method SHOULD ONLY be used to find the One-Time Code for the purpose of deletion.

func (*SQLProvider) LoadOneTimeCodeBySignature added in v4.38.0

func (p *SQLProvider) LoadOneTimeCodeBySignature(ctx context.Context, signature string) (code *model.OneTimeCode, err error)

LoadOneTimeCodeBySignature loads a one-time code from the storage provider given the signature. This method should NOT be used to validate a One-Time Code, LoadOneTimeCode should be used instead.

func (*SQLProvider) LoadPreferred2FAMethod

func (p *SQLProvider) LoadPreferred2FAMethod(ctx context.Context, username string) (method string, err error)

LoadPreferred2FAMethod load the preferred method for 2FA for a username from the storage provider.

func (*SQLProvider) LoadPreferredDuoDevice added in v4.33.0

func (p *SQLProvider) LoadPreferredDuoDevice(ctx context.Context, username string) (device *model.DuoDevice, err error)

LoadPreferredDuoDevice loads a Duo device from the storage provider for a given username.

func (*SQLProvider) LoadTOTPConfiguration added in v4.33.0

func (p *SQLProvider) LoadTOTPConfiguration(ctx context.Context, username string) (config *model.TOTPConfiguration, err error)

LoadTOTPConfiguration load a TOTP configuration given a username from the storage provider.

func (*SQLProvider) LoadTOTPConfigurations added in v4.33.0

func (p *SQLProvider) LoadTOTPConfigurations(ctx context.Context, limit, page int) (configs []model.TOTPConfiguration, err error)

LoadTOTPConfigurations load a set of TOTP configurations from the storage provider.

func (*SQLProvider) LoadUserInfo added in v4.33.0

func (p *SQLProvider) LoadUserInfo(ctx context.Context, username string) (info model.UserInfo, err error)

LoadUserInfo loads the model.UserInfo from the storage provider.

func (*SQLProvider) LoadUserOpaqueIdentifier added in v4.35.0

func (p *SQLProvider) LoadUserOpaqueIdentifier(ctx context.Context, identifier uuid.UUID) (subject *model.UserOpaqueIdentifier, err error)

LoadUserOpaqueIdentifier selects an opaque user identifier from the storage provider.

func (*SQLProvider) LoadUserOpaqueIdentifierBySignature added in v4.35.0

func (p *SQLProvider) LoadUserOpaqueIdentifierBySignature(ctx context.Context, service, sectorID, username string) (subject *model.UserOpaqueIdentifier, err error)

LoadUserOpaqueIdentifierBySignature selects an opaque user identifier from the storage provider given a service name, sector id, and username.

func (*SQLProvider) LoadUserOpaqueIdentifiers added in v4.35.0

func (p *SQLProvider) LoadUserOpaqueIdentifiers(ctx context.Context) (identifiers []model.UserOpaqueIdentifier, err error)

LoadUserOpaqueIdentifiers selects an opaque user identifiers from the storage provider.

func (*SQLProvider) LoadWebAuthnCredentialByID added in v4.38.0

func (p *SQLProvider) LoadWebAuthnCredentialByID(ctx context.Context, id int) (credential *model.WebAuthnCredential, err error)

LoadWebAuthnCredentialByID loads a WebAuthn credential registration from the storage provider for a given id.

func (*SQLProvider) LoadWebAuthnCredentials added in v4.38.0

func (p *SQLProvider) LoadWebAuthnCredentials(ctx context.Context, limit, page int) (credentials []model.WebAuthnCredential, err error)

LoadWebAuthnCredentials loads WebAuthn credential registrations from the storage provider.

func (*SQLProvider) LoadWebAuthnCredentialsByUsername added in v4.38.0

func (p *SQLProvider) LoadWebAuthnCredentialsByUsername(ctx context.Context, rpid, username string) (credentials []model.WebAuthnCredential, err error)

LoadWebAuthnCredentialsByUsername loads all WebAuthn credential registrations from the storage provider for a given username.

func (*SQLProvider) LoadWebAuthnUser added in v4.38.0

func (p *SQLProvider) LoadWebAuthnUser(ctx context.Context, rpid, username string) (user *model.WebAuthnUser, err error)

LoadWebAuthnUser loads a registered WebAuthn user from the storage provider.

func (*SQLProvider) RevokeIdentityVerification added in v4.38.0

func (p *SQLProvider) RevokeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)

RevokeIdentityVerification marks an identity verification record in the storage provider as revoked.

func (*SQLProvider) RevokeOAuth2PARContext added in v4.38.0

func (p *SQLProvider) RevokeOAuth2PARContext(ctx context.Context, signature string) (err error)

RevokeOAuth2PARContext marks an OAuth2.0 PAR context as revoked in the storage provider.

func (*SQLProvider) RevokeOAuth2Session added in v4.35.0

func (p *SQLProvider) RevokeOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)

RevokeOAuth2Session marks an OAuth2.0 session as revoked in the storage provider.

func (*SQLProvider) RevokeOAuth2SessionByRequestID added in v4.35.0

func (p *SQLProvider) RevokeOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)

RevokeOAuth2SessionByRequestID marks an OAuth2.0 session as revoked in the storage provider.

func (*SQLProvider) RevokeOneTimeCode added in v4.38.0

func (p *SQLProvider) RevokeOneTimeCode(ctx context.Context, publicID uuid.UUID, ip model.IP) (err error)

RevokeOneTimeCode revokes a one-time code in the storage provider using the public ID.

func (*SQLProvider) Rollback added in v4.35.0

func (p *SQLProvider) Rollback(ctx context.Context) (err error)

Rollback performs a storage provider rollback when applicable.

func (*SQLProvider) SaveIdentityVerification added in v4.33.0

func (p *SQLProvider) SaveIdentityVerification(ctx context.Context, verification model.IdentityVerification) (err error)

SaveIdentityVerification save an identity verification record to the storage provider.

func (*SQLProvider) SaveOAuth2BlacklistedJTI added in v4.35.0

func (p *SQLProvider) SaveOAuth2BlacklistedJTI(ctx context.Context, blacklistedJTI model.OAuth2BlacklistedJTI) (err error)

SaveOAuth2BlacklistedJTI saves an OAuth2.0 blacklisted JTI to the storage provider.

func (*SQLProvider) SaveOAuth2ConsentPreConfiguration added in v4.37.0

func (p *SQLProvider) SaveOAuth2ConsentPreConfiguration(ctx context.Context, config model.OAuth2ConsentPreConfig) (insertedID int64, err error)

SaveOAuth2ConsentPreConfiguration inserts an OAuth2.0 consent pre-configuration in the storage provider.

func (*SQLProvider) SaveOAuth2ConsentSession added in v4.35.0

func (p *SQLProvider) SaveOAuth2ConsentSession(ctx context.Context, consent model.OAuth2ConsentSession) (err error)

SaveOAuth2ConsentSession inserts an OAuth2.0 consent session to the storage provider.

func (*SQLProvider) SaveOAuth2ConsentSessionGranted added in v4.35.0

func (p *SQLProvider) SaveOAuth2ConsentSessionGranted(ctx context.Context, id int) (err error)

SaveOAuth2ConsentSessionGranted updates an OAuth2.0 consent session in the storage provider recording that it has been granted by the authorization endpoint.

func (*SQLProvider) SaveOAuth2ConsentSessionResponse added in v4.35.0

func (p *SQLProvider) SaveOAuth2ConsentSessionResponse(ctx context.Context, consent model.OAuth2ConsentSession, authorized bool) (err error)

SaveOAuth2ConsentSessionResponse updates an OAuth2.0 consent session in the storage provider with the response.

func (*SQLProvider) SaveOAuth2ConsentSessionSubject added in v4.35.1

func (p *SQLProvider) SaveOAuth2ConsentSessionSubject(ctx context.Context, consent model.OAuth2ConsentSession) (err error)

SaveOAuth2ConsentSessionSubject updates an OAuth2.0 consent session in the storage provider with the subject.

func (*SQLProvider) SaveOAuth2PARContext added in v4.38.0

func (p *SQLProvider) SaveOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)

SaveOAuth2PARContext save an OAuth2.0 PAR context to the storage provider.

func (*SQLProvider) SaveOAuth2Session added in v4.35.0

func (p *SQLProvider) SaveOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, session model.OAuth2Session) (err error)

SaveOAuth2Session saves an OAut2.0 session to the storage provider.

func (*SQLProvider) SaveOneTimeCode added in v4.38.0

func (p *SQLProvider) SaveOneTimeCode(ctx context.Context, code model.OneTimeCode) (signature string, err error)

SaveOneTimeCode saves a One-Time Code to the storage provider after generating the signature which is returned along with any error.

func (*SQLProvider) SavePreferred2FAMethod

func (p *SQLProvider) SavePreferred2FAMethod(ctx context.Context, username string, method string) (err error)

SavePreferred2FAMethod save the preferred method for 2FA for a username to the storage provider.

func (*SQLProvider) SavePreferredDuoDevice added in v4.33.0

func (p *SQLProvider) SavePreferredDuoDevice(ctx context.Context, device model.DuoDevice) (err error)

SavePreferredDuoDevice saves a Duo device to the storage provider.

func (*SQLProvider) SaveTOTPConfiguration added in v4.33.0

func (p *SQLProvider) SaveTOTPConfiguration(ctx context.Context, config model.TOTPConfiguration) (err error)

SaveTOTPConfiguration save a TOTP configuration of a given user in the storage provider.

func (*SQLProvider) SaveTOTPHistory added in v4.38.0

func (p *SQLProvider) SaveTOTPHistory(ctx context.Context, username string, step uint64) (err error)

SaveTOTPHistory saves a TOTP history item in the storage provider.

func (*SQLProvider) SaveUserOpaqueIdentifier added in v4.35.0

func (p *SQLProvider) SaveUserOpaqueIdentifier(ctx context.Context, subject model.UserOpaqueIdentifier) (err error)

SaveUserOpaqueIdentifier saves a new opaque user identifier to the storage provider.

func (*SQLProvider) SaveWebAuthnCredential added in v4.38.0

func (p *SQLProvider) SaveWebAuthnCredential(ctx context.Context, credential model.WebAuthnCredential) (err error)

SaveWebAuthnCredential saves a registered WebAuthn credential to the storage provider.

func (*SQLProvider) SaveWebAuthnUser added in v4.38.0

func (p *SQLProvider) SaveWebAuthnUser(ctx context.Context, user model.WebAuthnUser) (err error)

SaveWebAuthnUser saves a registered WebAuthn user to the storage provider.

func (*SQLProvider) SchemaEncryptionChangeKey added in v4.33.0

func (p *SQLProvider) SchemaEncryptionChangeKey(ctx context.Context, rawKey string) (err error)

SchemaEncryptionChangeKey uses the currently configured key to decrypt values in the storage provider and the key provided by this command to encrypt the values again and update them using a transaction.

func (*SQLProvider) SchemaEncryptionCheckKey added in v4.33.0

func (p *SQLProvider) SchemaEncryptionCheckKey(ctx context.Context, verbose bool) (result EncryptionValidationResult, err error)

SchemaEncryptionCheckKey checks the encryption key configured is valid for the database.

func (*SQLProvider) SchemaLatestVersion added in v4.33.0

func (p *SQLProvider) SchemaLatestVersion() (version int, err error)

SchemaLatestVersion returns the latest version available for migration for the storage provider.

func (*SQLProvider) SchemaMigrate added in v4.33.0

func (p *SQLProvider) SchemaMigrate(ctx context.Context, up bool, version int) (err error)

SchemaMigrate migrates from the storage provider's current schema version to the provided schema version.

func (*SQLProvider) SchemaMigrationHistory added in v4.33.0

func (p *SQLProvider) SchemaMigrationHistory(ctx context.Context) (migrations []model.Migration, err error)

SchemaMigrationHistory returns the storage provider migration history rows.

func (*SQLProvider) SchemaMigrationsDown added in v4.33.0

func (p *SQLProvider) SchemaMigrationsDown(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)

SchemaMigrationsDown returns a list of storage provider down migrations available between the current version and the provided version.

func (*SQLProvider) SchemaMigrationsUp added in v4.33.0

func (p *SQLProvider) SchemaMigrationsUp(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)

SchemaMigrationsUp returns a list of storage provider up migrations available between the current version and the provided version.

func (*SQLProvider) SchemaTables added in v4.33.0

func (p *SQLProvider) SchemaTables(ctx context.Context) (tables []string, err error)

SchemaTables returns a list of tables from the storage provider.

func (*SQLProvider) SchemaVersion added in v4.33.0

func (p *SQLProvider) SchemaVersion(ctx context.Context) (version int, err error)

SchemaVersion returns the version of the schema from the storage provider.

func (*SQLProvider) StartupCheck added in v4.33.0

func (p *SQLProvider) StartupCheck() (err error)

StartupCheck implements the provider startup check interface.

func (*SQLProvider) UpdateOAuth2PARContext added in v4.38.0

func (p *SQLProvider) UpdateOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)

UpdateOAuth2PARContext updates an existing OAuth2.0 PAR context in the storage provider.

func (*SQLProvider) UpdateTOTPConfigurationSignIn added in v4.34.0

func (p *SQLProvider) UpdateTOTPConfigurationSignIn(ctx context.Context, id int, lastUsedAt sql.NullTime) (err error)

UpdateTOTPConfigurationSignIn updates a registered TOTP configuration in the storage provider with the relevant sign in information.

func (*SQLProvider) UpdateWebAuthnCredentialDescription added in v4.38.0

func (p *SQLProvider) UpdateWebAuthnCredentialDescription(ctx context.Context, username string, credentialID int, description string) (err error)

UpdateWebAuthnCredentialDescription updates a registered WebAuthn credential in the storage provider changing the description.

func (*SQLProvider) UpdateWebAuthnCredentialSignIn added in v4.38.0

func (p *SQLProvider) UpdateWebAuthnCredentialSignIn(ctx context.Context, credential model.WebAuthnCredential) (err error)

UpdateWebAuthnCredentialSignIn updates a registered WebAuthn credential in the storage provider changing the information that should be changed in the event of a successful sign in.

type SQLProviderKeys added in v4.38.0

type SQLProviderKeys struct {
	// contains filtered or unexported fields
}

SQLProviderKeys are the cryptography keys used by a SQLProvider.

type SQLXConnection added in v4.37.3

SQLXConnection is a *sqlx.DB or *sqlx.Tx.

type SQLiteProvider

type SQLiteProvider struct {
	SQLProvider
}

SQLiteProvider is a SQLite3 provider.

func NewSQLiteProvider

func NewSQLiteProvider(config *schema.Configuration) (provider *SQLiteProvider)

NewSQLiteProvider constructs a SQLite provider.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL