Documentation ¶
Overview ¶
Package handlers is a generated GoMock package.
Package handlers is a generated GoMock package.
Index ¶
- Constants
- Variables
- func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)
- func ConfigurationGet(ctx *middlewares.AutheliaCtx)
- func FirstFactorPost(msInitialDelay time.Duration, delayEnabled bool) middlewares.RequestHandler
- func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, ...)
- func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)
- func HealthGet(ctx *middlewares.AutheliaCtx)
- func LogoutPost(ctx *middlewares.AutheliaCtx)
- func MethodPreferencePost(ctx *middlewares.AutheliaCtx)
- func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)
- func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
- func SecondFactorTOTPPost(totpVerifier TOTPVerifier) middlewares.RequestHandler
- func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)
- func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)
- func SecondFactorU2FSignPost(u2fVerifier U2FVerifier) middlewares.RequestHandler
- func StateGet(ctx *middlewares.AutheliaCtx)
- func UserInfoGet(ctx *middlewares.AutheliaCtx)
- func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler
- type ConfigurationBody
- type ConsentPostRequestBody
- type ConsentPostResponseBody
- type MethodBody
- type MethodList
- type MockTOTPVerifier
- type MockTOTPVerifierMockRecorder
- type MockU2FVerifier
- type MockU2FVerifierMockRecorder
- type StateResponse
- type TOTPKeyResponse
- type TOTPVerifier
- type TOTPVerifierImpl
- type U2FVerifier
- type U2FVerifierImpl
- type UserInfo
Constants ¶
const ( // ActionTOTPRegistration is the string representation of the action for which the token has been produced. ActionTOTPRegistration = "RegisterTOTPDevice" // ActionU2FRegistration is the string representation of the action for which the token has been produced. ActionU2FRegistration = "RegisterU2FDevice" // ActionResetPassword is the string representation of the action for which the token has been produced. ActionResetPassword = "ResetPassword" )
const ( // HeaderProxyAuthorization is the basic-auth HTTP header Authelia utilises. HeaderProxyAuthorization = "Proxy-Authorization" // HeaderAuthorization is the basic-auth HTTP header Authelia utilises with "auth=basic" query param. HeaderAuthorization = "Authorization" // HeaderSessionUsername is used as additional protection to validate a user for things like pam_exec. HeaderSessionUsername = "Session-Username" )
const ( // Forbidden means the user is forbidden the access to a resource. Forbidden authorizationMatching = iota // NotAuthorized means the user can access the resource with more permissions. NotAuthorized authorizationMatching = iota // Authorized means the user is authorized given her current permissions. Authorized authorizationMatching = iota )
const InternalError = "Internal error."
InternalError is the error message sent when there was an internal error but it should be hidden to the end user. In that case the error should be in the server logs.
UnauthorizedError is the error message sent when the user is not authorized.
Variables ¶
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)
ResetPasswordIdentityFinish the handler for finishing the identity validation.
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Reset your password", MailButtonContent: "Reset", TargetEndpoint: "/reset-password/step2", ActionClaim: ActionResetPassword, IdentityRetrieverFunc: identityRetrieverFromStorage, })
ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: ActionTOTPRegistration, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, secondFactorTOTPIdentityFinish)
SecondFactorTOTPIdentityFinish the handler for finishing the identity validation.
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Register your mobile", MailButtonContent: "Register", TargetEndpoint: "/one-time-password/register", ActionClaim: ActionTOTPRegistration, IdentityRetrieverFunc: identityRetrieverFromSession, })
SecondFactorTOTPIdentityStart the handler for initiating the identity validation.
var SecondFactorU2FIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: ActionU2FRegistration, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, secondFactorU2FIdentityFinish)
SecondFactorU2FIdentityFinish the handler for finishing the identity validation.
var SecondFactorU2FIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Register your key", MailButtonContent: "Register", TargetEndpoint: "/security-key/register", ActionClaim: ActionU2FRegistration, IdentityRetrieverFunc: identityRetrieverFromSession, })
SecondFactorU2FIdentityStart the handler for initiating the identity validation.
Functions ¶
func CheckSafeRedirection ¶
func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)
CheckSafeRedirection handler checking whether the redirection to a given URL provided in body is safe.
func ConfigurationGet ¶
func ConfigurationGet(ctx *middlewares.AutheliaCtx)
ConfigurationGet get the configuration accessible to authenticated users.
func FirstFactorPost ¶
func FirstFactorPost(msInitialDelay time.Duration, delayEnabled bool) middlewares.RequestHandler
FirstFactorPost is the handler performing the first factory.
func Handle1FAResponse ¶
func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)
Handle1FAResponse handle the redirection upon 1FA authentication.
func Handle2FAResponse ¶
func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)
Handle2FAResponse handle the redirection upon 2FA authentication.
func HealthGet ¶
func HealthGet(ctx *middlewares.AutheliaCtx)
HealthGet can be used by health checks.
func LogoutPost ¶
func LogoutPost(ctx *middlewares.AutheliaCtx)
LogoutPost is the handler logging out the user attached to the given cookie.
func MethodPreferencePost ¶
func MethodPreferencePost(ctx *middlewares.AutheliaCtx)
MethodPreferencePost update the user preferences regarding 2FA method.
func RegisterOIDC ¶
func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)
RegisterOIDC registers the handlers with the fasthttp *router.Router. TODO: Add paths for UserInfo, Flush, Logout.
func ResetPasswordPost ¶
func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
ResetPasswordPost handler for resetting passwords.
func SecondFactorDuoPost ¶
func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
SecondFactorDuoPost handler for sending a push notification via duo api.
func SecondFactorTOTPPost ¶
func SecondFactorTOTPPost(totpVerifier TOTPVerifier) middlewares.RequestHandler
SecondFactorTOTPPost validate the TOTP passcode provided by the user.
func SecondFactorU2FRegister ¶
func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)
SecondFactorU2FRegister handler validating the client has successfully validated the challenge to complete the U2F registration.
func SecondFactorU2FSignGet ¶
func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)
SecondFactorU2FSignGet handler for initiating a signing request.
func SecondFactorU2FSignPost ¶
func SecondFactorU2FSignPost(u2fVerifier U2FVerifier) middlewares.RequestHandler
SecondFactorU2FSignPost handler for completing a signing request.
func StateGet ¶
func StateGet(ctx *middlewares.AutheliaCtx)
StateGet is the handler serving the user state.
func UserInfoGet ¶
func UserInfoGet(ctx *middlewares.AutheliaCtx)
UserInfoGet get the info related to the user identified by the session.
func VerifyGet ¶
func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler
VerifyGet returns the handler verifying if a request is allowed to go through.
Types ¶
type ConfigurationBody ¶
type ConfigurationBody struct { AvailableMethods MethodList `json:"available_methods"` SecondFactorEnabled bool `json:"second_factor_enabled"` // whether second factor is enabled or not. TOTPPeriod int `json:"totp_period"` }
ConfigurationBody the content returned by the configuration endpoint.
type ConsentPostRequestBody ¶
type ConsentPostRequestBody struct { ClientID string `json:"client_id"` AcceptOrReject string `json:"accept_or_reject"` }
ConsentPostRequestBody schema of the request body of the consent POST endpoint.
type ConsentPostResponseBody ¶
type ConsentPostResponseBody struct {
RedirectURI string `json:"redirect_uri"`
}
ConsentPostResponseBody schema of the response body of the consent POST endpoint.
type MethodBody ¶
type MethodBody struct {
Method string `json:"method" valid:"required"`
}
MethodBody the selected 2FA method.
type MockTOTPVerifier ¶
type MockTOTPVerifier struct {
// contains filtered or unexported fields
}
MockTOTPVerifier is a mock of TOTPVerifier interface
func NewMockTOTPVerifier ¶
func NewMockTOTPVerifier(ctrl *gomock.Controller) *MockTOTPVerifier
NewMockTOTPVerifier creates a new mock instance
func (*MockTOTPVerifier) EXPECT ¶
func (m *MockTOTPVerifier) EXPECT() *MockTOTPVerifierMockRecorder
EXPECT returns an object that allows the caller to indicate expected use
type MockTOTPVerifierMockRecorder ¶
type MockTOTPVerifierMockRecorder struct {
// contains filtered or unexported fields
}
MockTOTPVerifierMockRecorder is the mock recorder for MockTOTPVerifier
func (*MockTOTPVerifierMockRecorder) Verify ¶
func (mr *MockTOTPVerifierMockRecorder) Verify(token, secret interface{}) *gomock.Call
Verify indicates an expected call of Verify
type MockU2FVerifier ¶
type MockU2FVerifier struct {
// contains filtered or unexported fields
}
MockU2FVerifier is a mock of U2FVerifier interface
func NewMockU2FVerifier ¶
func NewMockU2FVerifier(ctrl *gomock.Controller) *MockU2FVerifier
NewMockU2FVerifier creates a new mock instance
func (*MockU2FVerifier) EXPECT ¶
func (m *MockU2FVerifier) EXPECT() *MockU2FVerifierMockRecorder
EXPECT returns an object that allows the caller to indicate expected use
func (*MockU2FVerifier) Verify ¶
func (m *MockU2FVerifier) Verify(keyHandle, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error
Verify mocks base method
type MockU2FVerifierMockRecorder ¶
type MockU2FVerifierMockRecorder struct {
// contains filtered or unexported fields
}
MockU2FVerifierMockRecorder is the mock recorder for MockU2FVerifier
func (*MockU2FVerifierMockRecorder) Verify ¶
func (mr *MockU2FVerifierMockRecorder) Verify(keyHandle, publicKey, signResponse, challenge interface{}) *gomock.Call
Verify indicates an expected call of Verify
type StateResponse ¶
type StateResponse struct { Username string `json:"username"` AuthenticationLevel authentication.Level `json:"authentication_level"` DefaultRedirectionURL string `json:"default_redirection_url"` }
StateResponse represents the response sent by the state endpoint.
type TOTPKeyResponse ¶
type TOTPKeyResponse struct { Base32Secret string `json:"base32_secret"` OTPAuthURL string `json:"otpauth_url"` }
TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.
type TOTPVerifier ¶
TOTPVerifier is the interface for verifying TOTPs.
type TOTPVerifierImpl ¶
TOTPVerifierImpl the production implementation for TOTP verification.
type U2FVerifier ¶
type U2FVerifier interface {
Verify(keyHandle []byte, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error
}
U2FVerifier is the interface for verifying U2F keys.
type U2FVerifierImpl ¶
type U2FVerifierImpl struct{}
U2FVerifierImpl the production implementation for U2F key verification.
func (*U2FVerifierImpl) Verify ¶
func (uv *U2FVerifierImpl) Verify(keyHandle []byte, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error
Verify verifies U2F keys.
type UserInfo ¶
type UserInfo struct { // The users display name. DisplayName string `json:"display_name"` // The preferred 2FA method. Method string `json:"method" valid:"required"` // True if a security key has been registered. HasU2F bool `json:"has_u2f" valid:"required"` // True if a TOTP device has been registered. HasTOTP bool `json:"has_totp" valid:"required"` }
UserInfo is the model of user info and second factor preferences.
Source Files ¶
- const.go
- errors.go
- handler_checks_safe_redirection.go
- handler_configuration.go
- handler_firstfactor.go
- handler_health.go
- handler_logout.go
- handler_oidc_authorization.go
- handler_oidc_consent.go
- handler_oidc_introspection.go
- handler_oidc_jwks.go
- handler_oidc_revocation.go
- handler_oidc_token.go
- handler_oidc_userinfo.go
- handler_oidc_wellknown.go
- handler_register_totp.go
- handler_register_u2f_step1.go
- handler_register_u2f_step2.go
- handler_reset_password_step1.go
- handler_reset_password_step2.go
- handler_sign_duo.go
- handler_sign_totp.go
- handler_sign_u2f_step1.go
- handler_sign_u2f_step2.go
- handler_state.go
- handler_user_info.go
- handler_verify.go
- oidc.go
- oidc_register.go
- response.go
- totp.go
- totp_mock.go
- types.go
- types_oidc.go
- u2f.go
- u2f_mock.go