v4.35.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2022 License: Apache-2.0 Imports: 31 Imported by: 0




View Source
const (
	// ActionTOTPRegistration is the string representation of the action for which the token has been produced.
	ActionTOTPRegistration = "RegisterTOTPDevice"

	// ActionWebauthnRegistration is the string representation of the action for which the token has been produced.
	ActionWebauthnRegistration = "RegisterWebauthnDevice"

	// ActionResetPassword is the string representation of the action for which the token has been produced.
	ActionResetPassword = "ResetPassword"
View Source
const (
	// Forbidden means the user is forbidden the access to a resource.
	Forbidden authorizationMatching = iota
	// NotAuthorized means the user can access the resource with more permissions.
	NotAuthorized authorizationMatching = iota
	// Authorized means the user is authorized given her current permissions.
	Authorized authorizationMatching = iota


View Source
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)

ResetPasswordIdentityFinish the handler for finishing the identity validation.

View Source
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Reset your password",
	MailButtonContent:     "Reset",
	TargetEndpoint:        "/reset-password/step2",
	ActionClaim:           ActionResetPassword,
	IdentityRetrieverFunc: identityRetrieverFromStorage,
}, middlewares.TimingAttackDelay(10, 250, 85, time.Millisecond*500))

ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.

View Source
var TOTPIdentityFinish = middlewares.IdentityVerificationFinish(
		ActionClaim:          ActionTOTPRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, totpIdentityFinish)

TOTPIdentityFinish the handler for finishing the identity validation.

View Source
var TOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your mobile",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/one-time-password/register",
	ActionClaim:           ActionTOTPRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
}, nil)

TOTPIdentityStart the handler for initiating the identity validation.

View Source
var WebauthnIdentityFinish = middlewares.IdentityVerificationFinish(
		ActionClaim:          ActionWebauthnRegistration,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, SecondFactorWebauthnAttestationGET)

WebauthnIdentityFinish the handler for finishing the identity validation.

View Source
var WebauthnIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:             "Register your key",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/webauthn/register",
	ActionClaim:           ActionWebauthnRegistration,
	IdentityRetrieverFunc: identityRetrieverFromSession,
}, nil)

WebauthnIdentityStart the handler for initiating the identity validation.


func CheckSafeRedirectionPOST added in v4.35.0

func CheckSafeRedirectionPOST(ctx *middlewares.AutheliaCtx)

CheckSafeRedirectionPOST handler checking whether the redirection to a given URL provided in body is safe.

func ConfigurationGET added in v4.35.0

func ConfigurationGET(ctx *middlewares.AutheliaCtx)

ConfigurationGET get the configuration accessible to authenticated users.

func DuoDevicePOST added in v4.35.0

func DuoDevicePOST(ctx *middlewares.AutheliaCtx)

DuoDevicePOST update the user preferences regarding Duo device and method.

func DuoDevicesGET added in v4.35.0

func DuoDevicesGET(duoAPI duo.API) middlewares.RequestHandler

DuoDevicesGET handler for retrieving available devices and capabilities from duo api.

func DuoPOST added in v4.35.0

func DuoPOST(duoAPI duo.API) middlewares.RequestHandler

DuoPOST handler for sending a push notification via duo api.

func FirstFactorPOST added in v4.35.0

FirstFactorPOST is the handler performing the first factory.

func Handle1FAResponse

func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)

Handle1FAResponse handle the redirection upon 1FA authentication.

func Handle2FAResponse

func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)

Handle2FAResponse handle the redirection upon 2FA authentication.

func HandleAllow added in v4.33.0

func HandleAllow(ctx *middlewares.AutheliaCtx, targetURL string)

HandleAllow handler for successful logins.

func HandleAutoSelection added in v4.33.0

func HandleAutoSelection(ctx *middlewares.AutheliaCtx, devices []DuoDevice, username string) (string, string, error)

HandleAutoSelection handler automatically selects preferred device if there is only one suitable option.

func HandleInitialDeviceSelection added in v4.33.0

func HandleInitialDeviceSelection(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, targetURL string) (device string, method string, err error)

HandleInitialDeviceSelection handler for retrieving all available devices.

func HandlePreferredDeviceCheck added in v4.33.0

func HandlePreferredDeviceCheck(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, device string, method string, targetURL string) (string, string, error)

HandlePreferredDeviceCheck handler to check if the saved device and method is still valid.

func HealthGET added in v4.35.0

func HealthGET(ctx *middlewares.AutheliaCtx)

HealthGET can be used by health checks.

func JSONWebKeySetGET added in v4.35.0

func JSONWebKeySetGET(ctx *middlewares.AutheliaCtx)

JSONWebKeySetGET returns the JSON Web Key Set. Used in OAuth 2.0 and OpenID Connect 1.0.

func LogoutPOST added in v4.35.0

func LogoutPOST(ctx *middlewares.AutheliaCtx)

LogoutPOST is the handler logging out the user attached to the given cookie.

func MethodPreferencePOST added in v4.35.0

func MethodPreferencePOST(ctx *middlewares.AutheliaCtx)

MethodPreferencePOST update the user preferences regarding 2FA method.

func OAuthAuthorizationServerWellKnownGET added in v4.35.0

func OAuthAuthorizationServerWellKnownGET(ctx *middlewares.AutheliaCtx)

OAuthAuthorizationServerWellKnownGET handles requests to a .well-known endpoint (RFC5785) which returns the OAuth 2.0 Authorization Server Metadata (RFC8414).



func OAuthIntrospectionPOST added in v4.35.0

func OAuthIntrospectionPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OAuthIntrospectionPOST handles POST requests to the OAuth 2.0 Introspection endpoint.


func OAuthRevocationPOST added in v4.35.0

func OAuthRevocationPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OAuthRevocationPOST handles POST requests to the OAuth 2.0 Revocation endpoint.


func OpenIDConnectAuthorizationGET added in v4.35.0

func OpenIDConnectAuthorizationGET(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, r *http.Request)

OpenIDConnectAuthorizationGET handles GET requests to the OpenID Connect 1.0 Authorization endpoint.


func OpenIDConnectConfigurationWellKnownGET added in v4.35.0

func OpenIDConnectConfigurationWellKnownGET(ctx *middlewares.AutheliaCtx)

OpenIDConnectConfigurationWellKnownGET handles requests to a .well-known endpoint (RFC5785) which returns the OpenID Connect Discovery 1.0 metadata.



func OpenIDConnectConsentGET added in v4.35.0

func OpenIDConnectConsentGET(ctx *middlewares.AutheliaCtx)

OpenIDConnectConsentGET handles requests to provide consent for OpenID Connect.

func OpenIDConnectConsentPOST added in v4.35.0

func OpenIDConnectConsentPOST(ctx *middlewares.AutheliaCtx)

OpenIDConnectConsentPOST handles consent responses for OpenID Connect.

func OpenIDConnectTokenPOST added in v4.35.0

func OpenIDConnectTokenPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OpenIDConnectTokenPOST handles POST requests to the OpenID Connect 1.0 Token endpoint.


func OpenIDConnectUserinfo added in v4.35.0

func OpenIDConnectUserinfo(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OpenIDConnectUserinfo handles GET/POST requests to the OpenID Connect 1.0 UserInfo endpoint.


func PasswordPolicyConfigurationGet added in v4.35.0

func PasswordPolicyConfigurationGet(ctx *middlewares.AutheliaCtx)

PasswordPolicyConfigurationGet get the password policy configuration.

func ResetPasswordPOST added in v4.35.0

func ResetPasswordPOST(ctx *middlewares.AutheliaCtx)

ResetPasswordPOST handler for resetting passwords.

func SecondFactorDuoDeviceDelete added in v4.33.0

func SecondFactorDuoDeviceDelete(ctx *middlewares.AutheliaCtx)

SecondFactorDuoDeviceDelete deletes the useres preferred Duo device and method.

func SecondFactorWebauthnAttestationGET added in v4.34.0

func SecondFactorWebauthnAttestationGET(ctx *middlewares.AutheliaCtx, _ string)

SecondFactorWebauthnAttestationGET returns the attestation challenge from the server.

func SetStatusCodeResponse added in v4.35.0

func SetStatusCodeResponse(ctx responseWriter, statusCode int)

SetStatusCodeResponse writes a response status code and an appropriate body on either a *fasthttp.RequestCtx or *middlewares.AutheliaCtx.

func SetValues added in v4.33.0

func SetValues(userSession session.UserSession, device string, method string, remoteIP string, targetURL string, passcode string) (url.Values, error)

SetValues sets all appropriate Values for the Auth Request.

func StateGET added in v4.35.0

func StateGET(ctx *middlewares.AutheliaCtx)

StateGET is the handler serving the user state.

func TimeBasedOneTimePasswordPOST added in v4.35.0

func TimeBasedOneTimePasswordPOST(ctx *middlewares.AutheliaCtx)

TimeBasedOneTimePasswordPOST validate the TOTP passcode provided by the user.

func UserInfoGET added in v4.34.6

func UserInfoGET(ctx *middlewares.AutheliaCtx)

UserInfoGET get the info related to the user identified by the session.

func UserInfoPOST added in v4.34.6

func UserInfoPOST(ctx *middlewares.AutheliaCtx)

UserInfoPOST handles setting up info for users if necessary when they login.

func UserTOTPInfoGET added in v4.35.0

func UserTOTPInfoGET(ctx *middlewares.AutheliaCtx)

UserTOTPInfoGET returns the users TOTP configuration.

func VerifyGET added in v4.35.0

VerifyGET returns the handler verifying if a request is allowed to go through.

func WebauthnAssertionGET added in v4.35.0

func WebauthnAssertionGET(ctx *middlewares.AutheliaCtx)

WebauthnAssertionGET handler starts the assertion ceremony.

func WebauthnAssertionPOST added in v4.35.0

func WebauthnAssertionPOST(ctx *middlewares.AutheliaCtx)

WebauthnAssertionPOST handler completes the assertion ceremony after verifying the challenge.

func WebauthnAttestationPOST added in v4.35.0

func WebauthnAttestationPOST(ctx *middlewares.AutheliaCtx)

WebauthnAttestationPOST processes the attestation challenge response from the client.


type DuoDevice added in v4.33.0

type DuoDevice struct {
	Device       string   `json:"device"`
	DisplayName  string   `json:"display_name"`
	Capabilities []string `json:"capabilities"`

DuoDevice represents Duo devices and methods.

func DuoPreAuth added in v4.33.0

func DuoPreAuth(ctx *middlewares.AutheliaCtx, duoAPI duo.API) (string, string, []DuoDevice, string, error)

DuoPreAuth helper function for retrieving supported devices and capabilities from duo api.

type DuoDeviceBody added in v4.33.0

type DuoDeviceBody struct {
	Device string `json:"device" valid:"required"`
	Method string `json:"method" valid:"required"`

DuoDeviceBody the selected Duo device and method.

type DuoDevicesResponse added in v4.33.0

type DuoDevicesResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`

DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.

type DuoSignResponse added in v4.33.0

type DuoSignResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	Redirect  string      `json:"redirect,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`

DuoSignResponse represents a result of the preauth and or auth call with further optional info.

type MethodList

type MethodList = []string

MethodList is the list of available methods.

type PassworPolicyBody added in v4.35.0

type PassworPolicyBody struct {
	Mode             string `json:"mode"`
	MinLength        int    `json:"min_length"`
	MaxLength        int    `json:"max_length"`
	MinScore         int    `json:"min_score"`
	RequireUppercase bool   `json:"require_uppercase"`
	RequireLowercase bool   `json:"require_lowercase"`
	RequireNumber    bool   `json:"require_number"`
	RequireSpecial   bool   `json:"require_special"`

PassworPolicyBody represents the response sent by the password reset step 2.

type StateResponse

type StateResponse struct {
	Username              string               `json:"username"`
	AuthenticationLevel   authentication.Level `json:"authentication_level"`
	DefaultRedirectionURL string               `json:"default_redirection_url"`

StateResponse represents the response sent by the state endpoint.

type TOTPKeyResponse

type TOTPKeyResponse struct {
	Base32Secret string `json:"base32_secret"`
	OTPAuthURL   string `json:"otpauth_url"`

TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL