handlers

package
v4.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2021 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Overview

Package handlers is a generated GoMock package.

Package handlers is a generated GoMock package.

Index

Constants

View Source 
const (
	// ActionTOTPRegistration is the string representation of the action for which the token has been produced.
	ActionTOTPRegistration = "RegisterTOTPDevice"

	// ActionU2FRegistration is the string representation of the action for which the token has been produced.
	ActionU2FRegistration = "RegisterU2FDevice"

	// ActionResetPassword is the string representation of the action for which the token has been produced.
	ActionResetPassword = "ResetPassword"
)
View Source 
const (
	// HeaderProxyAuthorization is the basic-auth HTTP header Authelia utilises.
	HeaderProxyAuthorization = "Proxy-Authorization"

	// HeaderAuthorization is the basic-auth HTTP header Authelia utilises with "auth=basic" query param.
	HeaderAuthorization = "Authorization"

	// HeaderSessionUsername is used as additional protection to validate a user for things like pam_exec.
	HeaderSessionUsername = "Session-Username"
)
View Source 
const (
	// Forbidden means the user is forbidden the access to a resource.
	Forbidden authorizationMatching = iota
	// NotAuthorized means the user can access the resource with more permissions.
	NotAuthorized authorizationMatching = iota
	// Authorized means the user is authorized given her current permissions.
	Authorized authorizationMatching = iota
)
View Source 
const InternalError = "Internal error."

InternalError is the error message sent when there was an internal error but it should be hidden to the end user. In that case the error should be in the server logs.

View Source 
const UnauthorizedError = "You're not authorized."

UnauthorizedError is the error message sent when the user is not authorized.

Variables

View Source 
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)

ResetPasswordIdentityFinish the handler for finishing the identity validation.

View Source 
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Reset your password",
	MailButtonContent:     "Reset",
	TargetEndpoint:        "/reset-password/step2",
	ActionClaim:           ActionResetPassword,
	IdentityRetrieverFunc: identityRetrieverFromStorage,
})

ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.

View Source 
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          ActionTOTPRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, secondFactorTOTPIdentityFinish)

SecondFactorTOTPIdentityFinish the handler for finishing the identity validation.

View Source 
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your mobile",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/one-time-password/register",
	ActionClaim:           ActionTOTPRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
})

SecondFactorTOTPIdentityStart the handler for initiating the identity validation.

View Source 
var SecondFactorU2FIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          ActionU2FRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, secondFactorU2FIdentityFinish)

SecondFactorU2FIdentityFinish the handler for finishing the identity validation.

View Source 
var SecondFactorU2FIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your key",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/security-key/register",
	ActionClaim:           ActionU2FRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
})

SecondFactorU2FIdentityStart the handler for initiating the identity validation.

Functions

func CheckSafeRedirection 

func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)

CheckSafeRedirection handler checking whether the redirection to a given URL provided in body is safe.

func ConfigurationGet 

func ConfigurationGet(ctx *middlewares.AutheliaCtx)

ConfigurationGet get the configuration accessible to authenticated users.

func FirstFactorPost 

func FirstFactorPost(msInitialDelay time.Duration, delayEnabled bool) middlewares.RequestHandler

FirstFactorPost is the handler performing the first factory.

func Handle1FAResponse 

func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)

Handle1FAResponse handle the redirection upon 1FA authentication.

func Handle2FAResponse 

func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)

Handle2FAResponse handle the redirection upon 2FA authentication.

func HealthGet 

func HealthGet(ctx *middlewares.AutheliaCtx)

HealthGet can be used by health checks.

func LogoutPost 

func LogoutPost(ctx *middlewares.AutheliaCtx)

LogoutPost is the handler logging out the user attached to the given cookie.

func MethodPreferencePost 

func MethodPreferencePost(ctx *middlewares.AutheliaCtx)

MethodPreferencePost update the user preferences regarding 2FA method.

func RegisterOIDC 

func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)

RegisterOIDC registers the handlers with the fasthttp *router.Router. TODO: Add paths for UserInfo, Flush, Logout.

func ResetPasswordPost 

func ResetPasswordPost(ctx *middlewares.AutheliaCtx)

ResetPasswordPost handler for resetting passwords.

func SecondFactorDuoPost 

func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler

SecondFactorDuoPost handler for sending a push notification via duo api.

func SecondFactorTOTPPost 

func SecondFactorTOTPPost(totpVerifier TOTPVerifier) middlewares.RequestHandler

SecondFactorTOTPPost validate the TOTP passcode provided by the user.

func SecondFactorU2FRegister 

func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)

SecondFactorU2FRegister handler validating the client has successfully validated the challenge to complete the U2F registration.

func SecondFactorU2FSignGet 

func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)

SecondFactorU2FSignGet handler for initiating a signing request.

func SecondFactorU2FSignPost 

func SecondFactorU2FSignPost(u2fVerifier U2FVerifier) middlewares.RequestHandler

SecondFactorU2FSignPost handler for completing a signing request.

func StateGet 

func StateGet(ctx *middlewares.AutheliaCtx)

StateGet is the handler serving the user state.

func UserInfoGet 

func UserInfoGet(ctx *middlewares.AutheliaCtx)

UserInfoGet get the info related to the user identified by the session.

func VerifyGet 

func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler

VerifyGet returns the handler verifying if a request is allowed to go through.

Types

type ConfigurationBody 

type ConfigurationBody struct {
	AvailableMethods    MethodList `json:"available_methods"`
	SecondFactorEnabled bool       `json:"second_factor_enabled"` // whether second factor is enabled or not.
	TOTPPeriod          int        `json:"totp_period"`
}

ConfigurationBody the content returned by the configuration endpoint.

type ConsentPostRequestBody 

type ConsentPostRequestBody struct {
	ClientID       string `json:"client_id"`
	AcceptOrReject string `json:"accept_or_reject"`
}

ConsentPostRequestBody schema of the request body of the consent POST endpoint.

type ConsentPostResponseBody 

type ConsentPostResponseBody struct {
	RedirectURI string `json:"redirect_uri"`
}

ConsentPostResponseBody schema of the response body of the consent POST endpoint.

type MethodBody 

type MethodBody struct {
	Method string `json:"method" valid:"required"`
}

MethodBody the selected 2FA method.

type MethodList 

type MethodList = []string

MethodList is the list of available methods.

type MockTOTPVerifier 

type MockTOTPVerifier struct {
	// contains filtered or unexported fields
}

MockTOTPVerifier is a mock of TOTPVerifier interface

func NewMockTOTPVerifier 

func NewMockTOTPVerifier(ctrl *gomock.Controller) *MockTOTPVerifier

NewMockTOTPVerifier creates a new mock instance

func (*MockTOTPVerifier) EXPECT 

func (m *MockTOTPVerifier) EXPECT() *MockTOTPVerifierMockRecorder

EXPECT returns an object that allows the caller to indicate expected use

func (*MockTOTPVerifier) Verify 

func (m *MockTOTPVerifier) Verify(token, secret string) (bool, error)

Verify mocks base method

type MockTOTPVerifierMockRecorder 

type MockTOTPVerifierMockRecorder struct {
	// contains filtered or unexported fields
}

MockTOTPVerifierMockRecorder is the mock recorder for MockTOTPVerifier

func (*MockTOTPVerifierMockRecorder) Verify 

func (mr *MockTOTPVerifierMockRecorder) Verify(token, secret interface{}) *gomock.Call

Verify indicates an expected call of Verify

type MockU2FVerifier 

type MockU2FVerifier struct {
	// contains filtered or unexported fields
}

MockU2FVerifier is a mock of U2FVerifier interface

func NewMockU2FVerifier 

func NewMockU2FVerifier(ctrl *gomock.Controller) *MockU2FVerifier

NewMockU2FVerifier creates a new mock instance

func (*MockU2FVerifier) EXPECT 

func (m *MockU2FVerifier) EXPECT() *MockU2FVerifierMockRecorder

EXPECT returns an object that allows the caller to indicate expected use

func (*MockU2FVerifier) Verify 

func (m *MockU2FVerifier) Verify(keyHandle, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error

Verify mocks base method

type MockU2FVerifierMockRecorder 

type MockU2FVerifierMockRecorder struct {
	// contains filtered or unexported fields
}

MockU2FVerifierMockRecorder is the mock recorder for MockU2FVerifier

func (*MockU2FVerifierMockRecorder) Verify 

func (mr *MockU2FVerifierMockRecorder) Verify(keyHandle, publicKey, signResponse, challenge interface{}) *gomock.Call

Verify indicates an expected call of Verify

type StateResponse 

type StateResponse struct {
	Username              string               `json:"username"`
	AuthenticationLevel   authentication.Level `json:"authentication_level"`
	DefaultRedirectionURL string               `json:"default_redirection_url"`
}

StateResponse represents the response sent by the state endpoint.

type TOTPKeyResponse 

type TOTPKeyResponse struct {
	Base32Secret string `json:"base32_secret"`
	OTPAuthURL   string `json:"otpauth_url"`
}

TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.

type TOTPVerifier 

type TOTPVerifier interface {
	Verify(token, secret string) (bool, error)
}

TOTPVerifier is the interface for verifying TOTPs.

type TOTPVerifierImpl 

type TOTPVerifierImpl struct {
	Period uint
	Skew   uint
}

TOTPVerifierImpl the production implementation for TOTP verification.

func (*TOTPVerifierImpl) Verify 

func (tv *TOTPVerifierImpl) Verify(token, secret string) (bool, error)

Verify verifies TOTPs.

type U2FVerifier 

type U2FVerifier interface {
	Verify(keyHandle []byte, publicKey []byte, signResponse u2f.SignResponse, challenge u2f.Challenge) error
}

U2FVerifier is the interface for verifying U2F keys.

type U2FVerifierImpl 

type U2FVerifierImpl struct{}

U2FVerifierImpl the production implementation for U2F key verification.

func (*U2FVerifierImpl) Verify 

func (uv *U2FVerifierImpl) Verify(keyHandle []byte, publicKey []byte,
	signResponse u2f.SignResponse, challenge u2f.Challenge) error

Verify verifies U2F keys.

type UserInfo 

type UserInfo struct {
	// The users display name.
	DisplayName string `json:"display_name"`

	// The preferred 2FA method.
	Method string `json:"method" valid:"required"`

	// True if a security key has been registered.
	HasU2F bool `json:"has_u2f" valid:"required"`

	// True if a TOTP device has been registered.
	HasTOTP bool `json:"has_totp" valid:"required"`
}

UserInfo is the model of user info and second factor preferences.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.