authentication

package
v4.34.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 10, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Code generated by MockGen. DO NOT EDIT. Source: ldap_connection_factory.go

Index

Constants

View Source
const (
	// TOTP Method using Time-Based One-Time Password applications like Google Authenticator.
	TOTP = "totp"
	// Webauthn Method using Webauthn devices like YubiKeys.
	Webauthn = "webauthn"
	// Push Method using Duo application to receive push notifications.
	Push = "mobile_push"
)
View Source
const (
	HashingDefaultArgon2idTime        = 1
	HashingDefaultArgon2idMemory      = 32 * 1024
	HashingDefaultArgon2idParallelism = 4
	HashingDefaultArgon2idKeyLength   = 32
	HashingDefaultSHA512Iterations    = 5000
)

These are the default values from the upstream crypt module we use them to for GetInt and they need to be checked when updating github.com/simia-tech/crypt.

Variables

View Source
var ErrUserNotFound = errors.New("user not found")

ErrUserNotFound indicates the user wasn't found in the authentication backend.

View Source
var HashingPossibleSaltCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/"

HashingPossibleSaltCharacters represents valid hashing runes.

View Source
var PossibleMethods = []string{TOTP, Webauthn, Push}

PossibleMethods is the set of all possible 2FA methods.

Functions

func CheckPassword

func CheckPassword(password, hash string) (ok bool, err error)

CheckPassword check a password against a hash.

func HashPassword

func HashPassword(password, salt string, algorithm CryptAlgo, iterations, memory, parallelism, keyLength, saltLength int) (hash string, err error)

HashPassword generate a salt and hash the password with the salt and a constant number of rounds.

Types

type CryptAlgo

type CryptAlgo string

CryptAlgo the crypt representation of an algorithm used in the prefix of the hash.

const (
	// HashingAlgorithmArgon2id Argon2id hash identifier.
	HashingAlgorithmArgon2id CryptAlgo = argon2id
	// HashingAlgorithmSHA512 SHA512 hash identifier.
	HashingAlgorithmSHA512 CryptAlgo = "6"
)

func ConfigAlgoToCryptoAlgo

func ConfigAlgoToCryptoAlgo(fromConfig string) (CryptAlgo, error)

ConfigAlgoToCryptoAlgo returns a CryptAlgo and nil error if valid, otherwise it returns argon2id and an error.

type DatabaseModel

type DatabaseModel struct {
	Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}

DatabaseModel is the model of users file database.

type FileUserProvider

type FileUserProvider struct {
	// contains filtered or unexported fields
}

FileUserProvider is a provider reading details from a file.

func NewFileUserProvider

func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider

NewFileUserProvider creates a new instance of FileUserProvider.

func (*FileUserProvider) CheckUserPassword

func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)

CheckUserPassword checks if provided password matches for the given user.

func (*FileUserProvider) GetDetails

func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)

GetDetails retrieve the groups a user belongs to.

func (*FileUserProvider) StartupCheck added in v4.31.0

func (p *FileUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*FileUserProvider) UpdatePassword

func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error

UpdatePassword update the password of the given user.

type LDAPConnection

type LDAPConnection interface {
	Bind(username, password string) error
	Close()

	Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)
	Modify(modifyRequest *ldap.ModifyRequest) error
	PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) error
	StartTLS(config *tls.Config) error
}

LDAPConnection interface representing a connection to the ldap.

type LDAPConnectionFactory

type LDAPConnectionFactory interface {
	DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error)
}

LDAPConnectionFactory an interface of factory of ldap connections.

type LDAPConnectionFactoryImpl

type LDAPConnectionFactoryImpl struct{}

LDAPConnectionFactoryImpl the production implementation of an ldap connection factory.

func NewLDAPConnectionFactoryImpl

func NewLDAPConnectionFactoryImpl() *LDAPConnectionFactoryImpl

NewLDAPConnectionFactoryImpl create a concrete ldap connection factory.

func (*LDAPConnectionFactoryImpl) DialURL

func (lcf *LDAPConnectionFactoryImpl) DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error)

DialURL creates a connection from an LDAP URL when successful.

type LDAPConnectionImpl

type LDAPConnectionImpl struct {
	// contains filtered or unexported fields
}

LDAPConnectionImpl the production implementation of an ldap connection.

func NewLDAPConnectionImpl

func NewLDAPConnectionImpl(conn *ldap.Conn) *LDAPConnectionImpl

NewLDAPConnectionImpl create a new ldap connection.

func (*LDAPConnectionImpl) Bind

func (lc *LDAPConnectionImpl) Bind(username, password string) error

Bind binds ldap connection to a username/password.

func (*LDAPConnectionImpl) Close

func (lc *LDAPConnectionImpl) Close()

Close closes a ldap connection.

func (*LDAPConnectionImpl) Modify

func (lc *LDAPConnectionImpl) Modify(modifyRequest *ldap.ModifyRequest) error

Modify modifies an ldap object.

func (*LDAPConnectionImpl) PasswordModify

func (lc *LDAPConnectionImpl) PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) error

PasswordModify modifies an ldap objects password.

func (*LDAPConnectionImpl) Search

func (lc *LDAPConnectionImpl) Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)

Search searches a ldap server.

func (*LDAPConnectionImpl) StartTLS

func (lc *LDAPConnectionImpl) StartTLS(config *tls.Config) error

StartTLS requests the LDAP server upgrades to TLS encryption.

type LDAPUserProvider

type LDAPUserProvider struct {
	// contains filtered or unexported fields
}

LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.

func NewLDAPUserProvider

func NewLDAPUserProvider(configuration schema.AuthenticationBackendConfiguration, certPool *x509.CertPool) (provider *LDAPUserProvider)

NewLDAPUserProvider creates a new instance of LDAPUserProvider.

func (*LDAPUserProvider) CheckUserPassword

func (p *LDAPUserProvider) CheckUserPassword(inputUsername string, password string) (bool, error)

CheckUserPassword checks if provided password matches for the given user.

func (*LDAPUserProvider) GetDetails

func (p *LDAPUserProvider) GetDetails(inputUsername string) (*UserDetails, error)

GetDetails retrieve the groups a user belongs to.

func (*LDAPUserProvider) StartupCheck added in v4.31.0

func (p *LDAPUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*LDAPUserProvider) UpdatePassword

func (p *LDAPUserProvider) UpdatePassword(inputUsername string, newPassword string) error

UpdatePassword update the password of the given user.

type Level

type Level int

Level is the type representing a level of authentication.

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota
	// OneFactor if the user has passed first factor only.
	OneFactor Level = iota
	// TwoFactor if the user has passed two factors.
	TwoFactor Level = iota
)

type MockLDAPConnection

type MockLDAPConnection struct {
	// contains filtered or unexported fields
}

MockLDAPConnection is a mock of LDAPConnection interface.

func NewMockLDAPConnection

func NewMockLDAPConnection(ctrl *gomock.Controller) *MockLDAPConnection

NewMockLDAPConnection creates a new mock instance.

func (*MockLDAPConnection) Bind

func (m *MockLDAPConnection) Bind(username, password string) error

Bind mocks base method.

func (*MockLDAPConnection) Close

func (m *MockLDAPConnection) Close()

Close mocks base method.

func (*MockLDAPConnection) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockLDAPConnection) Modify

func (m *MockLDAPConnection) Modify(modifyRequest *ldap.ModifyRequest) error

Modify mocks base method.

func (*MockLDAPConnection) PasswordModify

func (m *MockLDAPConnection) PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) error

PasswordModify mocks base method.

func (*MockLDAPConnection) Search

func (m *MockLDAPConnection) Search(searchRequest *ldap.SearchRequest) (*ldap.SearchResult, error)

Search mocks base method.

func (*MockLDAPConnection) StartTLS

func (m *MockLDAPConnection) StartTLS(config *tls.Config) error

StartTLS mocks base method.

type MockLDAPConnectionFactory

type MockLDAPConnectionFactory struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionFactory is a mock of LDAPConnectionFactory interface.

func NewMockLDAPConnectionFactory

func NewMockLDAPConnectionFactory(ctrl *gomock.Controller) *MockLDAPConnectionFactory

NewMockLDAPConnectionFactory creates a new mock instance.

func (*MockLDAPConnectionFactory) DialURL

func (m *MockLDAPConnectionFactory) DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error)

DialURL mocks base method.

func (*MockLDAPConnectionFactory) EXPECT

EXPECT returns an object that allows the caller to indicate expected use.

type MockLDAPConnectionFactoryMockRecorder

type MockLDAPConnectionFactoryMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionFactoryMockRecorder is the mock recorder for MockLDAPConnectionFactory.

func (*MockLDAPConnectionFactoryMockRecorder) DialURL

func (mr *MockLDAPConnectionFactoryMockRecorder) DialURL(addr interface{}, opts ...interface{}) *gomock.Call

DialURL indicates an expected call of DialURL.

type MockLDAPConnectionMockRecorder

type MockLDAPConnectionMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionMockRecorder is the mock recorder for MockLDAPConnection.

func (*MockLDAPConnectionMockRecorder) Bind

func (mr *MockLDAPConnectionMockRecorder) Bind(username, password interface{}) *gomock.Call

Bind indicates an expected call of Bind.

func (*MockLDAPConnectionMockRecorder) Close

Close indicates an expected call of Close.

func (*MockLDAPConnectionMockRecorder) Modify

func (mr *MockLDAPConnectionMockRecorder) Modify(modifyRequest interface{}) *gomock.Call

Modify indicates an expected call of Modify.

func (*MockLDAPConnectionMockRecorder) PasswordModify

func (mr *MockLDAPConnectionMockRecorder) PasswordModify(pwdModifyRequest interface{}) *gomock.Call

PasswordModify indicates an expected call of PasswordModify.

func (*MockLDAPConnectionMockRecorder) Search

func (mr *MockLDAPConnectionMockRecorder) Search(searchRequest interface{}) *gomock.Call

Search indicates an expected call of Search.

func (*MockLDAPConnectionMockRecorder) StartTLS

func (mr *MockLDAPConnectionMockRecorder) StartTLS(config interface{}) *gomock.Call

StartTLS indicates an expected call of StartTLS.

type PasswordHash

type PasswordHash struct {
	Algorithm   CryptAlgo
	Iterations  int
	Salt        string
	Key         string
	KeyLength   int
	Memory      int
	Parallelism int
}

PasswordHash represents all characteristics of a password hash. Authelia only supports salted SHA512 or salted argon2id method, i.e., $6$ mode or $argon2id$ mode.

func ParseHash

func ParseHash(hash string) (passwordHash *PasswordHash, err error)

ParseHash extracts all characteristics of a hash given its string representation.

type UserDetails

type UserDetails struct {
	Username    string
	DisplayName string
	Emails      []string
	Groups      []string
}

UserDetails represent the details retrieved for a given user.

type UserDetailsModel

type UserDetailsModel struct {
	HashedPassword string   `yaml:"password" valid:"required"`
	DisplayName    string   `yaml:"displayname" valid:"required"`
	Email          string   `yaml:"email"`
	Groups         []string `yaml:"groups"`
}

UserDetailsModel is the model of user details in the file database.

type UserProvider

type UserProvider interface {
	model.StartupCheck

	CheckUserPassword(username string, password string) (valid bool, err error)
	GetDetails(username string) (details *UserDetails, err error)
	UpdatePassword(username string, newPassword string) (err error)
}

UserProvider is the interface for checking user password and gathering user details.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL