model

package
v4.35.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 6, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator.
	SecondFactorMethodTOTP = "totp"

	// SecondFactorMethodWebauthn method using Webauthn devices like YubiKey's.
	SecondFactorMethodWebauthn = "webauthn"

	// SecondFactorMethodDuo method using Duo application to receive push notifications.
	SecondFactorMethodDuo = "mobile_push"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthenticationAttempt

type AuthenticationAttempt struct {
	ID            int       `db:"id"`
	Time          time.Time `db:"time"`
	Successful    bool      `db:"successful"`
	Banned        bool      `db:"banned"`
	Username      string    `db:"username"`
	Type          string    `db:"auth_type"`
	RemoteIP      NullIP    `db:"remote_ip"`
	RequestURI    string    `db:"request_uri"`
	RequestMethod string    `db:"request_method"`
}

AuthenticationAttempt represents an authentication attempt row in the database.

type Base64

type Base64 struct {
	// contains filtered or unexported fields
}

Base64 saves bytes to the database as a base64 encoded string.

func NewBase64

func NewBase64(data []byte) Base64

NewBase64 returns a new Base64.

func (Base64) Bytes

func (b Base64) Bytes() []byte

Bytes returns the Base64 string encoded as bytes.

func (*Base64) Scan

func (b *Base64) Scan(src interface{}) (err error)

Scan is the Base64 implementation of the sql.Scanner.

func (Base64) String

func (b Base64) String() string

String returns the Base64 string encoded as base64.

func (Base64) Value

func (b Base64) Value() (value driver.Value, err error)

Value is the Base64 implementation of the databases/sql driver.Valuer.

type DuoDevice

type DuoDevice struct {
	ID       int    `db:"id"`
	Username string `db:"username"`
	Device   string `db:"device"`
	Method   string `db:"method"`
}

DuoDevice represents a DUO Device.

type IP

type IP struct {
	IP net.IP
}

IP is a type specific for storage of a net.IP in the database which can't be NULL.

func NewIP

func NewIP(value net.IP) (ip IP)

NewIP easily constructs a new IP.

func (*IP) Scan

func (ip *IP) Scan(src interface{}) (err error)

Scan is the IP implementation of the sql.Scanner.

func (IP) Value

func (ip IP) Value() (value driver.Value, err error)

Value is the IP implementation of the databases/sql driver.Valuer.

type IdentityVerification

type IdentityVerification struct {
	ID         int        `db:"id"`
	JTI        uuid.UUID  `db:"jti"`
	IssuedAt   time.Time  `db:"iat"`
	IssuedIP   IP         `db:"issued_ip"`
	ExpiresAt  time.Time  `db:"exp"`
	Action     string     `db:"action"`
	Username   string     `db:"username"`
	Consumed   *time.Time `db:"consumed"`
	ConsumedIP NullIP     `db:"consumed_ip"`
}

IdentityVerification represents an identity verification row in the database.

func NewIdentityVerification

func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP) (verification IdentityVerification)

NewIdentityVerification creates a new IdentityVerification from a given username and action.

func (IdentityVerification) ToIdentityVerificationClaim

func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim)

ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.

type IdentityVerificationClaim

type IdentityVerificationClaim struct {
	jwt.RegisteredClaims

	// The action this token has been crafted for.
	Action string `json:"action"`
	// The user this token has been crafted for.
	Username string `json:"username"`
}

IdentityVerificationClaim custom claim for specifying the action claim. The action can be to register a TOTP device, a U2F device or reset one's password.

func (IdentityVerificationClaim) ToIdentityVerification

func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error)

ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.

type Migration

type Migration struct {
	ID      int       `db:"id"`
	Applied time.Time `db:"applied"`
	Before  int       `db:"version_before"`
	After   int       `db:"version_after"`
	Version string    `db:"application_version"`
}

Migration represents a migration row in the database.

type NullIP

type NullIP struct {
	IP net.IP
}

NullIP is a type specific for storage of a net.IP in the database which can also be NULL.

func NewNullIP

func NewNullIP(value net.IP) (ip NullIP)

NewNullIP easily constructs a new NullIP.

func NewNullIPFromString

func NewNullIPFromString(value string) (ip NullIP)

NewNullIPFromString easily constructs a new NullIP from a string.

func (*NullIP) Scan

func (ip *NullIP) Scan(src interface{}) (err error)

Scan is the NullIP implementation of the sql.Scanner.

func (NullIP) Value

func (ip NullIP) Value() (value driver.Value, err error)

Value is the NullIP implementation of the databases/sql driver.Valuer.

type NullUUID added in v4.35.1

type NullUUID struct {
	uuid.UUID
	Valid bool
}

NullUUID is a nullable uuid.UUID.

func (*NullUUID) Scan added in v4.35.1

func (u *NullUUID) Scan(src interface{}) (err error)

Scan is the NullUUID implementation of the sql.Scanner.

func (NullUUID) Value added in v4.35.1

func (u NullUUID) Value() (value driver.Value, err error)

Value is the NullUUID implementation of the databases/sql driver.Valuer.

type OAuth2BlacklistedJTI added in v4.35.0

type OAuth2BlacklistedJTI struct {
	ID        int       `db:"id"`
	Signature string    `db:"signature"`
	ExpiresAt time.Time `db:"expires_at"`
}

OAuth2BlacklistedJTI represents a blacklisted JTI used with OAuth2.0.

func NewOAuth2BlacklistedJTI added in v4.35.0

func NewOAuth2BlacklistedJTI(jti string, exp time.Time) (jtiBlacklist OAuth2BlacklistedJTI)

NewOAuth2BlacklistedJTI creates a new OAuth2BlacklistedJTI.

type OAuth2ConsentSession added in v4.35.0

type OAuth2ConsentSession struct {
	ID          int       `db:"id"`
	ChallengeID uuid.UUID `db:"challenge_id"`
	ClientID    string    `db:"client_id"`
	Subject     NullUUID  `db:"subject"`

	Authorized bool `db:"authorized"`
	Granted    bool `db:"granted"`

	RequestedAt time.Time  `db:"requested_at"`
	RespondedAt *time.Time `db:"responded_at"`
	ExpiresAt   *time.Time `db:"expires_at"`

	Form string `db:"form_data"`

	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`
}

OAuth2ConsentSession stores information about an OAuth2.0 Consent.

func NewOAuth2ConsentSession added in v4.35.0

func NewOAuth2ConsentSession(subject NullUUID, r fosite.Requester) (consent *OAuth2ConsentSession, err error)

NewOAuth2ConsentSession creates a new OAuth2ConsentSession.

func (OAuth2ConsentSession) CanGrant added in v4.35.0

func (s OAuth2ConsentSession) CanGrant() bool

CanGrant returns true if the user has responded to the consent session, it was authorized, and it either hast not previously been granted or the ability to grant has not expired.

func (OAuth2ConsentSession) GetForm added in v4.35.0

func (s OAuth2ConsentSession) GetForm() (form url.Values, err error)

GetForm returns the form.

func (OAuth2ConsentSession) HasExactGrantedAudience added in v4.35.0

func (s OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)

HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.

func (OAuth2ConsentSession) HasExactGrantedScopes added in v4.35.0

func (s OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)

HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.

func (OAuth2ConsentSession) HasExactGrants added in v4.35.0

func (s OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)

HasExactGrants returns true if the granted audience and scopes of this consent matches exactly with another audience and set of scopes.

func (OAuth2ConsentSession) IsAuthorized added in v4.35.0

func (s OAuth2ConsentSession) IsAuthorized() bool

IsAuthorized returns true if the user has responded to the consent session and it was authorized.

func (OAuth2ConsentSession) IsDenied added in v4.35.0

func (s OAuth2ConsentSession) IsDenied() bool

IsDenied returns true if the user has responded to the consent session and it was not authorized.

func (OAuth2ConsentSession) Responded added in v4.35.0

func (s OAuth2ConsentSession) Responded() bool

Responded returns true if the user has responded to the consent session.

type OAuth2Session added in v4.35.0

type OAuth2Session struct {
	ID                int                      `db:"id"`
	ChallengeID       uuid.UUID                `db:"challenge_id"`
	RequestID         string                   `db:"request_id"`
	ClientID          string                   `db:"client_id"`
	Signature         string                   `db:"signature"`
	RequestedAt       time.Time                `db:"requested_at"`
	Subject           string                   `db:"subject"`
	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`
	Active            bool                     `db:"active"`
	Revoked           bool                     `db:"revoked"`
	Form              string                   `db:"form_data"`
	Session           []byte                   `db:"session_data"`
}

OAuth2Session represents a OAuth2.0 session.

func NewOAuth2SessionFromRequest added in v4.35.0

func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error)

NewOAuth2SessionFromRequest creates a new OAuth2Session from a signature and fosite.Requester.

func (*OAuth2Session) SetSubject added in v4.35.0

func (s *OAuth2Session) SetSubject(subject string)

SetSubject implements an interface required for RFC7523.

func (OAuth2Session) ToRequest added in v4.35.0

func (s OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, store fosite.Storage) (request *fosite.Request, err error)

ToRequest converts an OAuth2Session into a fosite.Request given a fosite.Session and fosite.Storage.

type OpenIDSession added in v4.35.0

type OpenIDSession struct {
	*openid.DefaultSession `json:"id_token"`

	ChallengeID uuid.UUID `db:"challenge_id"`
	ClientID    string

	Extra map[string]interface{} `json:"extra"`
}

OpenIDSession holds OIDC Session information.

type SchemaMigration

type SchemaMigration struct {
	Version  int
	Name     string
	Provider string
	Up       bool
	Query    string
}

SchemaMigration represents an intended migration.

func (SchemaMigration) After

func (m SchemaMigration) After() (after int)

After returns the version the schema will be at After the migration is applied.

func (SchemaMigration) Before

func (m SchemaMigration) Before() (before int)

Before returns the version the schema should be at Before the migration is applied.

type StartupCheck

type StartupCheck interface {
	StartupCheck() (err error)
}

StartupCheck represents a provider that has a startup check.

type StringSlicePipeDelimited added in v4.35.0

type StringSlicePipeDelimited []string

StringSlicePipeDelimited is a string slice that is stored in the database delimited by pipes.

func (*StringSlicePipeDelimited) Scan added in v4.35.0

func (s *StringSlicePipeDelimited) Scan(value interface{}) (err error)

Scan is the StringSlicePipeDelimited implementation of the sql.Scanner.

func (StringSlicePipeDelimited) Value added in v4.35.0

Value is the StringSlicePipeDelimited implementation of the databases/sql driver.Valuer.

type TOTPConfiguration

type TOTPConfiguration struct {
	ID         int        `db:"id" json:"-"`
	CreatedAt  time.Time  `db:"created_at" json:"-"`
	LastUsedAt *time.Time `db:"last_used_at" json:"-"`
	Username   string     `db:"username" json:"-"`
	Issuer     string     `db:"issuer" json:"-"`
	Algorithm  string     `db:"algorithm" json:"-"`
	Digits     uint       `db:"digits" json:"digits"`
	Period     uint       `db:"period" json:"period"`
	Secret     []byte     `db:"secret" json:"-"`
}

TOTPConfiguration represents a users TOTP configuration row in the database.

func (TOTPConfiguration) Image

func (c TOTPConfiguration) Image(width, height int) (img image.Image, err error)

Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.

func (TOTPConfiguration) Key

func (c TOTPConfiguration) Key() (key *otp.Key, err error)

Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.

func (TOTPConfiguration) URI

func (c TOTPConfiguration) URI() (uri string)

URI shows the configuration in the URI representation.

func (*TOTPConfiguration) UpdateSignInInfo

func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)

UpdateSignInInfo adjusts the values of the TOTPConfiguration after a sign in.

type U2FDevice

type U2FDevice struct {
	ID          int    `db:"id"`
	Username    string `db:"username"`
	Description string `db:"description"`
	KeyHandle   []byte `db:"key_handle"`
	PublicKey   []byte `db:"public_key"`
}

U2FDevice represents a users U2F device row in the database.

type UserInfo

type UserInfo struct {
	// The users display name.
	DisplayName string `db:"-" json:"display_name"`

	// The preferred 2FA method.
	Method string `db:"second_factor_method" json:"method" valid:"required"`

	// True if a TOTP device has been registered.
	HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"`

	// True if a Webauthn device has been registered.
	HasWebauthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"`

	// True if a duo device has been configured as the preferred.
	HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"`
}

UserInfo represents the user information required by the web UI.

func (*UserInfo) SetDefaultPreferred2FAMethod added in v4.34.6

func (i *UserInfo) SetDefaultPreferred2FAMethod(methods []string, fallback string) (changed bool)

SetDefaultPreferred2FAMethod configures the default method based on what is configured as available and the users available methods.

type UserOpaqueIdentifier added in v4.35.0

type UserOpaqueIdentifier struct {
	ID       int    `db:"id" yaml:"id"`
	Service  string `db:"service" yaml:"service"`
	SectorID string `db:"sector_id" yaml:"sector_id"`
	Username string `db:"username" yaml:"username"`

	Identifier uuid.UUID `db:"identifier" yaml:"identifier"`
}

UserOpaqueIdentifier represents an opaque identifier for a user. Commonly used with OAuth 2.0 and OpenID Connect.

func NewUserOpaqueIdentifier added in v4.35.0

func NewUserOpaqueIdentifier(service, sectorID, username string) (id *UserOpaqueIdentifier, err error)

NewUserOpaqueIdentifier either creates a new UserOpaqueIdentifier or returns an error.

type UserOpaqueIdentifiersExport added in v4.35.0

type UserOpaqueIdentifiersExport struct {
	Identifiers []UserOpaqueIdentifier `yaml:"identifiers"`
}

UserOpaqueIdentifiersExport represents a UserOpaqueIdentifier export file.

type WebauthnDevice

type WebauthnDevice struct {
	ID              int        `db:"id"`
	CreatedAt       time.Time  `db:"created_at"`
	LastUsedAt      *time.Time `db:"last_used_at"`
	RPID            string     `db:"rpid"`
	Username        string     `db:"username"`
	Description     string     `db:"description"`
	KID             Base64     `db:"kid"`
	PublicKey       []byte     `db:"public_key"`
	AttestationType string     `db:"attestation_type"`
	Transport       string     `db:"transport"`
	AAGUID          uuid.UUID  `db:"aaguid"`
	SignCount       uint32     `db:"sign_count"`
	CloneWarning    bool       `db:"clone_warning"`
}

WebauthnDevice represents a Webauthn Device in the database storage.

func NewWebauthnDeviceFromCredential

func NewWebauthnDeviceFromCredential(rpid, username, description string, credential *webauthn.Credential) (device WebauthnDevice)

NewWebauthnDeviceFromCredential creates a WebauthnDevice from a webauthn.Credential.

func (*WebauthnDevice) UpdateSignInInfo

func (w *WebauthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time, signCount uint32)

UpdateSignInInfo adjusts the values of the WebauthnDevice after a sign in.

type WebauthnUser

type WebauthnUser struct {
	Username    string
	DisplayName string
	Devices     []WebauthnDevice
}

WebauthnUser is an object to represent a user for the Webauthn lib.

func (WebauthnUser) HasFIDOU2F

func (w WebauthnUser) HasFIDOU2F() bool

HasFIDOU2F returns true if the user has any attestation type `fido-u2f` devices.

func (WebauthnUser) WebAuthnCredentialDescriptors

func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)

WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.

func (WebauthnUser) WebAuthnCredentials

func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)

WebAuthnCredentials implements the webauthn.User interface.

func (WebauthnUser) WebAuthnDisplayName

func (w WebauthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName implements the webauthn.User interface.

func (WebauthnUser) WebAuthnID

func (w WebauthnUser) WebAuthnID() []byte

WebAuthnID implements the webauthn.User interface.

func (WebauthnUser) WebAuthnIcon

func (w WebauthnUser) WebAuthnIcon() string

WebAuthnIcon implements the webauthn.User interface.

func (WebauthnUser) WebAuthnName

func (w WebauthnUser) WebAuthnName() string

WebAuthnName implements the webauthn.User interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL