authentication

package

Version: v4.35.2 Latest Latest Go to latest Published: May 6, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more

Repository

github.com/authelia/authelia

Links

Documentation ¶

Overview ¶

Package authentication is a generated GoMock package.

Index ¶

Constants
Variables
func CheckPassword(password, hash string) (ok bool, err error)
func HashPassword(password, salt string, algorithm CryptAlgo, ...) (hash string, err error)
type CryptAlgo
- func ConfigAlgoToCryptoAlgo(fromConfig string) (CryptAlgo, error)
type DatabaseModel
type FileUserProvider
- func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider
- func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)
- func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)
- func (p *FileUserProvider) StartupCheck() (err error)
- func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error
type LDAPConnection
type LDAPConnectionFactory
type LDAPUserProvider
- func NewLDAPUserProvider(config schema.AuthenticationBackendConfiguration, certPool *x509.CertPool) (provider *LDAPUserProvider)
- func (p *LDAPUserProvider) CheckUserPassword(inputUsername string, password string) (valid bool, err error)
- func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)
- func (p *LDAPUserProvider) StartupCheck() (err error)
- func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
type Level
type MockLDAPConnection
- func NewMockLDAPConnection(ctrl *gomock.Controller) *MockLDAPConnection
- func (m *MockLDAPConnection) Bind(arg0, arg1 string) error
- func (m *MockLDAPConnection) Close()
- func (m *MockLDAPConnection) EXPECT() *MockLDAPConnectionMockRecorder
- func (m *MockLDAPConnection) Modify(arg0 *ldap.ModifyRequest) error
- func (m *MockLDAPConnection) PasswordModify(arg0 *ldap.PasswordModifyRequest) (*ldap.PasswordModifyResult, error)
- func (m *MockLDAPConnection) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)
- func (m *MockLDAPConnection) StartTLS(arg0 *tls.Config) error
type MockLDAPConnectionFactory
- func NewMockLDAPConnectionFactory(ctrl *gomock.Controller) *MockLDAPConnectionFactory
- func (m *MockLDAPConnectionFactory) DialURL(arg0 string, arg1 ...v3.DialOpt) (LDAPConnection, error)
- func (m *MockLDAPConnectionFactory) EXPECT() *MockLDAPConnectionFactoryMockRecorder
type MockLDAPConnectionFactoryMockRecorder
- func (mr *MockLDAPConnectionFactoryMockRecorder) DialURL(arg0 interface{}, arg1 ...interface{}) *gomock.Call
type MockLDAPConnectionMockRecorder
- func (mr *MockLDAPConnectionMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call
- func (mr *MockLDAPConnectionMockRecorder) Close() *gomock.Call
- func (mr *MockLDAPConnectionMockRecorder) Modify(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPConnectionMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPConnectionMockRecorder) Search(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPConnectionMockRecorder) StartTLS(arg0 interface{}) *gomock.Call
type PasswordHash
- func ParseHash(hash string) (passwordHash *PasswordHash, err error)
type ProductionLDAPConnectionFactory
- func NewProductionLDAPConnectionFactory() *ProductionLDAPConnectionFactory
- func (f *ProductionLDAPConnectionFactory) DialURL(addr string, opts ...ldap.DialOpt) (conn LDAPConnection, err error)
type UserDetails
type UserDetailsModel
type UserProvider

Constants ¶

View Source

const (
	HashingDefaultArgon2idTime        = 1
	HashingDefaultArgon2idMemory      = 32 * 1024
	HashingDefaultArgon2idParallelism = 4
	HashingDefaultArgon2idKeyLength   = 32
	HashingDefaultSHA512Iterations    = 5000
)

These are the default values from the upstream crypt module we use them to for GetInt and they need to be checked when updating github.com/simia-tech/crypt.

Variables ¶

View Source

var ErrUserNotFound = errors.New("user not found")

ErrUserNotFound indicates the user wasn't found in the authentication backend.

View Source

var HashingPossibleSaltCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/"

HashingPossibleSaltCharacters represents valid hashing runes.

Functions ¶

func CheckPassword ¶

func CheckPassword(password, hash string) (ok bool, err error)

CheckPassword check a password against a hash.

func HashPassword ¶

func HashPassword(password, salt string, algorithm CryptAlgo, iterations, memory, parallelism, keyLength, saltLength int) (hash string, err error)

HashPassword generate a salt and hash the password with the salt and a constant number of rounds.

Types ¶

type CryptAlgo ¶

type CryptAlgo string

CryptAlgo the crypt representation of an algorithm used in the prefix of the hash.

const (
	// HashingAlgorithmArgon2id Argon2id hash identifier.
	HashingAlgorithmArgon2id CryptAlgo = argon2id
	// HashingAlgorithmSHA512 SHA512 hash identifier.
	HashingAlgorithmSHA512 CryptAlgo = "6"
)

func ConfigAlgoToCryptoAlgo ¶

func ConfigAlgoToCryptoAlgo(fromConfig string) (CryptAlgo, error)

ConfigAlgoToCryptoAlgo returns a CryptAlgo and nil error if valid, otherwise it returns argon2id and an error.

type DatabaseModel ¶

type DatabaseModel struct {
	Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}

DatabaseModel is the model of users file database.

type FileUserProvider ¶

type FileUserProvider struct {
	// contains filtered or unexported fields
}

FileUserProvider is a provider reading details from a file.

func NewFileUserProvider ¶

func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider

NewFileUserProvider creates a new instance of FileUserProvider.

func (*FileUserProvider) CheckUserPassword ¶

func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)

CheckUserPassword checks if provided password matches for the given user.

func (*FileUserProvider) GetDetails ¶

func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)

GetDetails retrieve the groups a user belongs to.

func (*FileUserProvider) StartupCheck ¶ added in v4.31.0

func (p *FileUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*FileUserProvider) UpdatePassword ¶

func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error

UpdatePassword update the password of the given user.

type LDAPConnection ¶

type LDAPConnection interface {
	Bind(username, password string) (err error)
	Close()
	StartTLS(config *tls.Config) (err error)

	Search(searchRequest *ldap.SearchRequest) (searchResult *ldap.SearchResult, err error)

	Modify(modifyRequest *ldap.ModifyRequest) (err error)
	PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) (result *ldap.PasswordModifyResult, err error)
}

LDAPConnection interface representing a connection to the ldap.

type LDAPConnectionFactory ¶

type LDAPConnectionFactory interface {
	DialURL(addr string, opts ...ldap.DialOpt) (LDAPConnection, error)
}

LDAPConnectionFactory an interface of factory of ldap connections.

type LDAPUserProvider ¶

type LDAPUserProvider struct {
	// contains filtered or unexported fields
}

LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.

func NewLDAPUserProvider ¶

func NewLDAPUserProvider(config schema.AuthenticationBackendConfiguration, certPool *x509.CertPool) (provider *LDAPUserProvider)

NewLDAPUserProvider creates a new instance of LDAPUserProvider.

func (*LDAPUserProvider) CheckUserPassword ¶

func (p *LDAPUserProvider) CheckUserPassword(inputUsername string, password string) (valid bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*LDAPUserProvider) GetDetails ¶

func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*LDAPUserProvider) StartupCheck ¶ added in v4.31.0

func (p *LDAPUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*LDAPUserProvider) UpdatePassword ¶

func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)

UpdatePassword update the password of the given user.

type Level ¶

type Level int

Level is the type representing a level of authentication.

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota
	// OneFactor if the user has passed first factor only.
	OneFactor Level = iota
	// TwoFactor if the user has passed two factors.
	TwoFactor Level = iota
)

type MockLDAPConnection ¶

type MockLDAPConnection struct {
	// contains filtered or unexported fields
}

MockLDAPConnection is a mock of LDAPConnection interface.

func NewMockLDAPConnection ¶

func NewMockLDAPConnection(ctrl *gomock.Controller) *MockLDAPConnection

NewMockLDAPConnection creates a new mock instance.

func (*MockLDAPConnection) Bind ¶

func (m *MockLDAPConnection) Bind(arg0, arg1 string) error

Bind mocks base method.

func (*MockLDAPConnection) Close ¶

func (m *MockLDAPConnection) Close()

Close mocks base method.

func (*MockLDAPConnection) EXPECT ¶

func (m *MockLDAPConnection) EXPECT() *MockLDAPConnectionMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockLDAPConnection) Modify ¶

func (m *MockLDAPConnection) Modify(arg0 *ldap.ModifyRequest) error

Modify mocks base method.

func (*MockLDAPConnection) PasswordModify ¶

func (m *MockLDAPConnection) PasswordModify(arg0 *ldap.PasswordModifyRequest) (*ldap.PasswordModifyResult, error)

PasswordModify mocks base method.

func (*MockLDAPConnection) Search ¶

func (m *MockLDAPConnection) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)

Search mocks base method.

func (*MockLDAPConnection) StartTLS ¶

func (m *MockLDAPConnection) StartTLS(arg0 *tls.Config) error

StartTLS mocks base method.

type MockLDAPConnectionFactory ¶

type MockLDAPConnectionFactory struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionFactory is a mock of LDAPConnectionFactory interface.

func NewMockLDAPConnectionFactory ¶

func NewMockLDAPConnectionFactory(ctrl *gomock.Controller) *MockLDAPConnectionFactory

NewMockLDAPConnectionFactory creates a new mock instance.

func (*MockLDAPConnectionFactory) DialURL ¶

func (m *MockLDAPConnectionFactory) DialURL(arg0 string, arg1 ...v3.DialOpt) (LDAPConnection, error)

DialURL mocks base method.

func (*MockLDAPConnectionFactory) EXPECT ¶

func (m *MockLDAPConnectionFactory) EXPECT() *MockLDAPConnectionFactoryMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

type MockLDAPConnectionFactoryMockRecorder ¶

type MockLDAPConnectionFactoryMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionFactoryMockRecorder is the mock recorder for MockLDAPConnectionFactory.

func (*MockLDAPConnectionFactoryMockRecorder) DialURL ¶

func (mr *MockLDAPConnectionFactoryMockRecorder) DialURL(arg0 interface{}, arg1 ...interface{}) *gomock.Call

DialURL indicates an expected call of DialURL.

type MockLDAPConnectionMockRecorder ¶

type MockLDAPConnectionMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPConnectionMockRecorder is the mock recorder for MockLDAPConnection.

func (*MockLDAPConnectionMockRecorder) Bind ¶

func (mr *MockLDAPConnectionMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call

Bind indicates an expected call of Bind.

func (*MockLDAPConnectionMockRecorder) Close ¶

func (mr *MockLDAPConnectionMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockLDAPConnectionMockRecorder) Modify ¶

func (mr *MockLDAPConnectionMockRecorder) Modify(arg0 interface{}) *gomock.Call

Modify indicates an expected call of Modify.

func (*MockLDAPConnectionMockRecorder) PasswordModify ¶

func (mr *MockLDAPConnectionMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call

PasswordModify indicates an expected call of PasswordModify.

func (*MockLDAPConnectionMockRecorder) Search ¶

func (mr *MockLDAPConnectionMockRecorder) Search(arg0 interface{}) *gomock.Call

Search indicates an expected call of Search.

func (*MockLDAPConnectionMockRecorder) StartTLS ¶

func (mr *MockLDAPConnectionMockRecorder) StartTLS(arg0 interface{}) *gomock.Call

StartTLS indicates an expected call of StartTLS.

type PasswordHash ¶

type PasswordHash struct {
	Algorithm   CryptAlgo
	Iterations  int
	Salt        string
	Key         string
	KeyLength   int
	Memory      int
	Parallelism int
}

PasswordHash represents all characteristics of a password hash. Authelia only supports salted SHA512 or salted argon2id method, i.e., $6$ mode or $argon2id$ mode.

func ParseHash ¶

func ParseHash(hash string) (passwordHash *PasswordHash, err error)

ParseHash extracts all characteristics of a hash given its string representation.

type ProductionLDAPConnectionFactory ¶ added in v4.35.2

type ProductionLDAPConnectionFactory struct{}

ProductionLDAPConnectionFactory the production implementation of an ldap connection factory.

func NewProductionLDAPConnectionFactory ¶ added in v4.35.2

func NewProductionLDAPConnectionFactory() *ProductionLDAPConnectionFactory

NewProductionLDAPConnectionFactory create a concrete ldap connection factory.

func (*ProductionLDAPConnectionFactory) DialURL ¶ added in v4.35.2

func (f *ProductionLDAPConnectionFactory) DialURL(addr string, opts ...ldap.DialOpt) (conn LDAPConnection, err error)

DialURL creates a connection from an LDAP URL when successful.

type UserDetails ¶

type UserDetails struct {
	Username    string
	DisplayName string
	Emails      []string
	Groups      []string
}

UserDetails represent the details retrieved for a given user.

type UserDetailsModel ¶

type UserDetailsModel struct {
	HashedPassword string   `yaml:"password" valid:"required"`
	DisplayName    string   `yaml:"displayname" valid:"required"`
	Email          string   `yaml:"email"`
	Groups         []string `yaml:"groups"`
}

UserDetailsModel is the model of user details in the file database.

type UserProvider ¶

type UserProvider interface {
	model.StartupCheck

	CheckUserPassword(username string, password string) (valid bool, err error)
	GetDetails(username string) (details *UserDetails, err error)
	UpdatePassword(username string, newPassword string) (err error)
}

UserProvider is the interface for checking user password and gathering user details.

Source Files ¶

View all

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL