Documentation ¶
Index ¶
- Constants
- Variables
- func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)
- func ConfigurationGet(ctx *middlewares.AutheliaCtx)
- func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.RequestHandler
- func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, ...)
- func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)
- func HandleAllow(ctx *middlewares.AutheliaCtx, targetURL string)
- func HandleAutoSelection(ctx *middlewares.AutheliaCtx, devices []DuoDevice, username string) (string, string, error)
- func HandleInitialDeviceSelection(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, ...) (device string, method string, err error)
- func HandlePreferredDeviceCheck(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, ...) (string, string, error)
- func HealthGet(ctx *middlewares.AutheliaCtx)
- func LogoutPost(ctx *middlewares.AutheliaCtx)
- func MethodPreferencePost(ctx *middlewares.AutheliaCtx)
- func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)
- func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorDuoDeviceDelete(ctx *middlewares.AutheliaCtx)
- func SecondFactorDuoDevicePost(ctx *middlewares.AutheliaCtx)
- func SecondFactorDuoDevicesGet(duoAPI duo.API) middlewares.RequestHandler
- func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
- func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorWebauthnAssertionGET(ctx *middlewares.AutheliaCtx)
- func SecondFactorWebauthnAssertionPOST(ctx *middlewares.AutheliaCtx)
- func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string)
- func SecondFactorWebauthnAttestationPOST(ctx *middlewares.AutheliaCtx)
- func SetValues(userSession session.UserSession, device string, method string, remoteIP string, ...) (url.Values, error)
- func StateGet(ctx *middlewares.AutheliaCtx)
- func UserInfoGet(ctx *middlewares.AutheliaCtx)
- func UserTOTPGet(ctx *middlewares.AutheliaCtx)
- func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler
- type ConsentPostRequestBody
- type ConsentPostResponseBody
- type DuoDevice
- type DuoDeviceBody
- type DuoDevicesResponse
- type DuoSignResponse
- type MethodList
- type StateResponse
- type TOTPKeyResponse
Constants ¶
const ( // ActionTOTPRegistration is the string representation of the action for which the token has been produced. ActionTOTPRegistration = "RegisterTOTPDevice" // ActionWebauthnRegistration is the string representation of the action for which the token has been produced. ActionWebauthnRegistration = "RegisterWebauthnDevice" // ActionResetPassword is the string representation of the action for which the token has been produced. ActionResetPassword = "ResetPassword" )
const ( // Forbidden means the user is forbidden the access to a resource. Forbidden authorizationMatching = iota // NotAuthorized means the user can access the resource with more permissions. NotAuthorized authorizationMatching = iota // Authorized means the user is authorized given her current permissions. Authorized authorizationMatching = iota )
Variables ¶
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)
ResetPasswordIdentityFinish the handler for finishing the identity validation.
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Reset your password", MailButtonContent: "Reset", TargetEndpoint: "/reset-password/step2", ActionClaim: ActionResetPassword, IdentityRetrieverFunc: identityRetrieverFromStorage, }, middlewares.TimingAttackDelay(10, 250, 85, time.Millisecond*500))
ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: ActionTOTPRegistration, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, secondFactorTOTPIdentityFinish)
SecondFactorTOTPIdentityFinish the handler for finishing the identity validation.
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Register your mobile", MailButtonContent: "Register", TargetEndpoint: "/one-time-password/register", ActionClaim: ActionTOTPRegistration, IdentityRetrieverFunc: identityRetrieverFromSession, }, nil)
SecondFactorTOTPIdentityStart the handler for initiating the identity validation.
var SecondFactorWebauthnIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: ActionWebauthnRegistration, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, SecondFactorWebauthnAttestationGET)
SecondFactorWebauthnIdentityFinish the handler for finishing the identity validation.
var SecondFactorWebauthnIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailTitle: "Register your key", MailButtonContent: "Register", TargetEndpoint: "/webauthn/register", ActionClaim: ActionWebauthnRegistration, IdentityRetrieverFunc: identityRetrieverFromSession, }, nil)
SecondFactorWebauthnIdentityStart the handler for initiating the identity validation.
Functions ¶
func CheckSafeRedirection ¶
func CheckSafeRedirection(ctx *middlewares.AutheliaCtx)
CheckSafeRedirection handler checking whether the redirection to a given URL provided in body is safe.
func ConfigurationGet ¶
func ConfigurationGet(ctx *middlewares.AutheliaCtx)
ConfigurationGet get the configuration accessible to authenticated users.
func FirstFactorPost ¶
func FirstFactorPost(delayFunc middlewares.TimingAttackDelayFunc) middlewares.RequestHandler
FirstFactorPost is the handler performing the first factory.
func Handle1FAResponse ¶
func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)
Handle1FAResponse handle the redirection upon 1FA authentication.
func Handle2FAResponse ¶
func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)
Handle2FAResponse handle the redirection upon 2FA authentication.
func HandleAllow ¶ added in v4.33.0
func HandleAllow(ctx *middlewares.AutheliaCtx, targetURL string)
HandleAllow handler for successful logins.
func HandleAutoSelection ¶ added in v4.33.0
func HandleAutoSelection(ctx *middlewares.AutheliaCtx, devices []DuoDevice, username string) (string, string, error)
HandleAutoSelection handler automatically selects preferred device if there is only one suitable option.
func HandleInitialDeviceSelection ¶ added in v4.33.0
func HandleInitialDeviceSelection(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, targetURL string) (device string, method string, err error)
HandleInitialDeviceSelection handler for retrieving all available devices.
func HandlePreferredDeviceCheck ¶ added in v4.33.0
func HandlePreferredDeviceCheck(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, device string, method string, targetURL string) (string, string, error)
HandlePreferredDeviceCheck handler to check if the saved device and method is still valid.
func HealthGet ¶
func HealthGet(ctx *middlewares.AutheliaCtx)
HealthGet can be used by health checks.
func LogoutPost ¶
func LogoutPost(ctx *middlewares.AutheliaCtx)
LogoutPost is the handler logging out the user attached to the given cookie.
func MethodPreferencePost ¶
func MethodPreferencePost(ctx *middlewares.AutheliaCtx)
MethodPreferencePost update the user preferences regarding 2FA method.
func RegisterOIDC ¶
func RegisterOIDC(router *router.Router, middleware middlewares.RequestHandlerBridge)
RegisterOIDC registers the handlers with the fasthttp *router.Router. TODO: Add paths for Flush, Logout.
func ResetPasswordPost ¶
func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
ResetPasswordPost handler for resetting passwords.
func SecondFactorDuoDeviceDelete ¶ added in v4.33.0
func SecondFactorDuoDeviceDelete(ctx *middlewares.AutheliaCtx)
SecondFactorDuoDeviceDelete deletes the useres preferred Duo device and method.
func SecondFactorDuoDevicePost ¶ added in v4.33.0
func SecondFactorDuoDevicePost(ctx *middlewares.AutheliaCtx)
SecondFactorDuoDevicePost update the user preferences regarding Duo device and method.
func SecondFactorDuoDevicesGet ¶ added in v4.33.0
func SecondFactorDuoDevicesGet(duoAPI duo.API) middlewares.RequestHandler
SecondFactorDuoDevicesGet handler for retrieving available devices and capabilities from duo api.
func SecondFactorDuoPost ¶
func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
SecondFactorDuoPost handler for sending a push notification via duo api.
func SecondFactorTOTPPost ¶
func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)
SecondFactorTOTPPost validate the TOTP passcode provided by the user.
func SecondFactorWebauthnAssertionGET ¶ added in v4.34.0
func SecondFactorWebauthnAssertionGET(ctx *middlewares.AutheliaCtx)
SecondFactorWebauthnAssertionGET handler starts the assertion ceremony.
func SecondFactorWebauthnAssertionPOST ¶ added in v4.34.0
func SecondFactorWebauthnAssertionPOST(ctx *middlewares.AutheliaCtx)
SecondFactorWebauthnAssertionPOST handler completes the assertion ceremony after verifying the challenge.
func SecondFactorWebauthnAttestationGET ¶ added in v4.34.0
func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string)
SecondFactorWebauthnAttestationGET returns the attestation challenge from the server.
func SecondFactorWebauthnAttestationPOST ¶ added in v4.34.0
func SecondFactorWebauthnAttestationPOST(ctx *middlewares.AutheliaCtx)
SecondFactorWebauthnAttestationPOST processes the attestation challenge response from the client.
func SetValues ¶ added in v4.33.0
func SetValues(userSession session.UserSession, device string, method string, remoteIP string, targetURL string, passcode string) (url.Values, error)
SetValues sets all appropriate Values for the Auth Request.
func StateGet ¶
func StateGet(ctx *middlewares.AutheliaCtx)
StateGet is the handler serving the user state.
func UserInfoGet ¶
func UserInfoGet(ctx *middlewares.AutheliaCtx)
UserInfoGet get the info related to the user identified by the session.
func UserTOTPGet ¶ added in v4.33.0
func UserTOTPGet(ctx *middlewares.AutheliaCtx)
UserTOTPGet returns the users TOTP configuration.
func VerifyGet ¶
func VerifyGet(cfg schema.AuthenticationBackendConfiguration) middlewares.RequestHandler
VerifyGet returns the handler verifying if a request is allowed to go through.
Types ¶
type ConsentPostRequestBody ¶
type ConsentPostRequestBody struct { ClientID string `json:"client_id"` AcceptOrReject string `json:"accept_or_reject"` }
ConsentPostRequestBody schema of the request body of the consent POST endpoint.
type ConsentPostResponseBody ¶
type ConsentPostResponseBody struct {
RedirectURI string `json:"redirect_uri"`
}
ConsentPostResponseBody schema of the response body of the consent POST endpoint.
type DuoDevice ¶ added in v4.33.0
type DuoDevice struct { Device string `json:"device"` DisplayName string `json:"display_name"` Capabilities []string `json:"capabilities"` }
DuoDevice represents Duo devices and methods.
func DuoPreAuth ¶ added in v4.33.0
func DuoPreAuth(ctx *middlewares.AutheliaCtx, duoAPI duo.API) (string, string, []DuoDevice, string, error)
DuoPreAuth helper function for retrieving supported devices and capabilities from duo api.
type DuoDeviceBody ¶ added in v4.33.0
type DuoDeviceBody struct { Device string `json:"device" valid:"required"` Method string `json:"method" valid:"required"` }
DuoDeviceBody the selected Duo device and method.
type DuoDevicesResponse ¶ added in v4.33.0
type DuoDevicesResponse struct { Result string `json:"result" valid:"required"` Devices []DuoDevice `json:"devices,omitempty"` EnrollURL string `json:"enroll_url,omitempty"` }
DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.
type DuoSignResponse ¶ added in v4.33.0
type DuoSignResponse struct { Result string `json:"result" valid:"required"` Devices []DuoDevice `json:"devices,omitempty"` Redirect string `json:"redirect,omitempty"` EnrollURL string `json:"enroll_url,omitempty"` }
DuoSignResponse represents a result of the preauth and or auth call with further optional info.
type StateResponse ¶
type StateResponse struct { Username string `json:"username"` AuthenticationLevel authentication.Level `json:"authentication_level"` DefaultRedirectionURL string `json:"default_redirection_url"` }
StateResponse represents the response sent by the state endpoint.
type TOTPKeyResponse ¶
type TOTPKeyResponse struct { Base32Secret string `json:"base32_secret"` OTPAuthURL string `json:"otpauth_url"` }
TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.
Source Files ¶
- const.go
- duo.go
- handler_checks_safe_redirection.go
- handler_configuration.go
- handler_firstfactor.go
- handler_health.go
- handler_logout.go
- handler_oidc_authorization.go
- handler_oidc_consent.go
- handler_oidc_introspection.go
- handler_oidc_jwks.go
- handler_oidc_revocation.go
- handler_oidc_token.go
- handler_oidc_userinfo.go
- handler_oidc_wellknown.go
- handler_register_duo_device.go
- handler_register_totp.go
- handler_register_webauthn.go
- handler_reset_password_step1.go
- handler_reset_password_step2.go
- handler_sign_duo.go
- handler_sign_totp.go
- handler_sign_webauthn.go
- handler_state.go
- handler_user_info.go
- handler_user_totp.go
- handler_verify.go
- oidc.go
- oidc_register.go
- response.go
- types.go
- types_oidc.go
- webauthn.go