authentication

package
v4.35.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 11, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package authentication is a generated GoMock package.

Package authentication is a generated GoMock package.

Index

Constants

View Source
const (
	HashingDefaultArgon2idTime        = 1
	HashingDefaultArgon2idMemory      = 32 * 1024
	HashingDefaultArgon2idParallelism = 4
	HashingDefaultArgon2idKeyLength   = 32
	HashingDefaultSHA512Iterations    = 5000
)

These are the default values from the upstream crypt module we use them to for GetInt and they need to be checked when updating github.com/simia-tech/crypt.

Variables

View Source
var ErrUserNotFound = errors.New("user not found")

ErrUserNotFound indicates the user wasn't found in the authentication backend.

View Source
var HashingPossibleSaltCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/"

HashingPossibleSaltCharacters represents valid hashing runes.

Functions

func CheckPassword

func CheckPassword(password, hash string) (ok bool, err error)

CheckPassword check a password against a hash.

func HashPassword

func HashPassword(password, salt string, algorithm CryptAlgo, iterations, memory, parallelism, keyLength, saltLength int) (hash string, err error)

HashPassword generate a salt and hash the password with the salt and a constant number of rounds.

Types

type CryptAlgo

type CryptAlgo string

CryptAlgo the crypt representation of an algorithm used in the prefix of the hash.

const (
	// HashingAlgorithmArgon2id Argon2id hash identifier.
	HashingAlgorithmArgon2id CryptAlgo = argon2id
	// HashingAlgorithmSHA512 SHA512 hash identifier.
	HashingAlgorithmSHA512 CryptAlgo = "6"
)

func ConfigAlgoToCryptoAlgo

func ConfigAlgoToCryptoAlgo(fromConfig string) (CryptAlgo, error)

ConfigAlgoToCryptoAlgo returns a CryptAlgo and nil error if valid, otherwise it returns argon2id and an error.

type DatabaseModel

type DatabaseModel struct {
	Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}

DatabaseModel is the model of users file database.

type FileUserProvider

type FileUserProvider struct {
	// contains filtered or unexported fields
}

FileUserProvider is a provider reading details from a file.

func NewFileUserProvider

func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider

NewFileUserProvider creates a new instance of FileUserProvider.

func (*FileUserProvider) CheckUserPassword

func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)

CheckUserPassword checks if provided password matches for the given user.

func (*FileUserProvider) GetDetails

func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)

GetDetails retrieve the groups a user belongs to.

func (*FileUserProvider) StartupCheck added in v4.31.0

func (p *FileUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*FileUserProvider) UpdatePassword

func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error

UpdatePassword update the password of the given user.

type LDAPClient added in v4.35.3

type LDAPClient interface {
	Close()
	StartTLS(config *tls.Config) (err error)

	Bind(username, password string) (err error)

	Modify(modifyRequest *ldap.ModifyRequest) (err error)
	PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) (pwdModifyResult *ldap.PasswordModifyResult, err error)

	Search(searchRequest *ldap.SearchRequest) (searchResult *ldap.SearchResult, err error)
}

LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.

Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.

type LDAPClientFactory added in v4.35.3

type LDAPClientFactory interface {
	DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
}

LDAPClientFactory an interface of factory of LDAP clients.

type LDAPSupportedControlTypes added in v4.35.3

type LDAPSupportedControlTypes struct {
	MsftPwdPolHints           bool
	MsftPwdPolHintsDeprecated bool
}

LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.

type LDAPSupportedExtensions added in v4.35.3

type LDAPSupportedExtensions struct {
	TLS           bool
	PwdModifyExOp bool
}

LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.

type LDAPSupportedFeatures added in v4.35.3

type LDAPSupportedFeatures struct {
	Extensions   LDAPSupportedExtensions
	ControlTypes LDAPSupportedControlTypes
}

LDAPSupportedFeatures represents features which a server may support which are implemented in code.

type LDAPUserProvider

type LDAPUserProvider struct {
	// contains filtered or unexported fields
}

LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.

func NewLDAPUserProvider

func NewLDAPUserProvider(config schema.AuthenticationBackendConfiguration, certPool *x509.CertPool) (provider *LDAPUserProvider)

NewLDAPUserProvider creates a new instance of LDAPUserProvider.

func (*LDAPUserProvider) CheckUserPassword

func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*LDAPUserProvider) GetDetails

func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*LDAPUserProvider) StartupCheck added in v4.31.0

func (p *LDAPUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*LDAPUserProvider) UpdatePassword

func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)

UpdatePassword update the password of the given user.

type Level

type Level int

Level is the type representing a level of authentication.

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota
	// OneFactor if the user has passed first factor only.
	OneFactor Level = iota
	// TwoFactor if the user has passed two factors.
	TwoFactor Level = iota
)

type MockLDAPClient added in v4.35.3

type MockLDAPClient struct {
	// contains filtered or unexported fields
}

MockLDAPClient is a mock of LDAPClient interface.

func NewMockLDAPClient added in v4.35.3

func NewMockLDAPClient(ctrl *gomock.Controller) *MockLDAPClient

NewMockLDAPClient creates a new mock instance.

func (*MockLDAPClient) Bind added in v4.35.3

func (m *MockLDAPClient) Bind(arg0, arg1 string) error

Bind mocks base method.

func (*MockLDAPClient) Close added in v4.35.3

func (m *MockLDAPClient) Close()

Close mocks base method.

func (*MockLDAPClient) EXPECT added in v4.35.3

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockLDAPClient) Modify added in v4.35.3

func (m *MockLDAPClient) Modify(arg0 *ldap.ModifyRequest) error

Modify mocks base method.

func (*MockLDAPClient) PasswordModify added in v4.35.3

PasswordModify mocks base method.

func (*MockLDAPClient) Search added in v4.35.3

func (m *MockLDAPClient) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)

Search mocks base method.

func (*MockLDAPClient) StartTLS added in v4.35.3

func (m *MockLDAPClient) StartTLS(arg0 *tls.Config) error

StartTLS mocks base method.

type MockLDAPClientFactory added in v4.35.3

type MockLDAPClientFactory struct {
	// contains filtered or unexported fields
}

MockLDAPClientFactory is a mock of LDAPClientFactory interface.

func NewMockLDAPClientFactory added in v4.35.3

func NewMockLDAPClientFactory(ctrl *gomock.Controller) *MockLDAPClientFactory

NewMockLDAPClientFactory creates a new mock instance.

func (*MockLDAPClientFactory) DialURL added in v4.35.3

func (m *MockLDAPClientFactory) DialURL(arg0 string, arg1 ...v3.DialOpt) (LDAPClient, error)

DialURL mocks base method.

func (*MockLDAPClientFactory) EXPECT added in v4.35.3

EXPECT returns an object that allows the caller to indicate expected use.

type MockLDAPClientFactoryMockRecorder added in v4.35.3

type MockLDAPClientFactoryMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPClientFactoryMockRecorder is the mock recorder for MockLDAPClientFactory.

func (*MockLDAPClientFactoryMockRecorder) DialURL added in v4.35.3

func (mr *MockLDAPClientFactoryMockRecorder) DialURL(arg0 interface{}, arg1 ...interface{}) *gomock.Call

DialURL indicates an expected call of DialURL.

type MockLDAPClientMockRecorder added in v4.35.3

type MockLDAPClientMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPClientMockRecorder is the mock recorder for MockLDAPClient.

func (*MockLDAPClientMockRecorder) Bind added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call

Bind indicates an expected call of Bind.

func (*MockLDAPClientMockRecorder) Close added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockLDAPClientMockRecorder) Modify added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Modify(arg0 interface{}) *gomock.Call

Modify indicates an expected call of Modify.

func (*MockLDAPClientMockRecorder) PasswordModify added in v4.35.3

func (mr *MockLDAPClientMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call

PasswordModify indicates an expected call of PasswordModify.

func (*MockLDAPClientMockRecorder) Search added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Search(arg0 interface{}) *gomock.Call

Search indicates an expected call of Search.

func (*MockLDAPClientMockRecorder) StartTLS added in v4.35.3

func (mr *MockLDAPClientMockRecorder) StartTLS(arg0 interface{}) *gomock.Call

StartTLS indicates an expected call of StartTLS.

type PasswordHash

type PasswordHash struct {
	Algorithm   CryptAlgo
	Iterations  int
	Salt        string
	Key         string
	KeyLength   int
	Memory      int
	Parallelism int
}

PasswordHash represents all characteristics of a password hash. Authelia only supports salted SHA512 or salted argon2id method, i.e., $6$ mode or $argon2id$ mode.

func ParseHash

func ParseHash(hash string) (passwordHash *PasswordHash, err error)

ParseHash extracts all characteristics of a hash given its string representation.

type ProductionLDAPClientFactory added in v4.35.3

type ProductionLDAPClientFactory struct{}

ProductionLDAPClientFactory the production implementation of an ldap connection factory.

func NewProductionLDAPClientFactory added in v4.35.3

func NewProductionLDAPClientFactory() *ProductionLDAPClientFactory

NewProductionLDAPClientFactory create a concrete ldap connection factory.

func (*ProductionLDAPClientFactory) DialURL added in v4.35.3

func (f *ProductionLDAPClientFactory) DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)

DialURL creates a client from an LDAP URL when successful.

type UserDetails

type UserDetails struct {
	Username    string
	DisplayName string
	Emails      []string
	Groups      []string
}

UserDetails represent the details retrieved for a given user.

type UserDetailsModel

type UserDetailsModel struct {
	HashedPassword string   `yaml:"password" valid:"required"`
	DisplayName    string   `yaml:"displayname" valid:"required"`
	Email          string   `yaml:"email"`
	Groups         []string `yaml:"groups"`
}

UserDetailsModel is the model of user details in the file database.

type UserProvider

type UserProvider interface {
	model.StartupCheck

	CheckUserPassword(username string, password string) (valid bool, err error)
	GetDetails(username string) (details *UserDetails, err error)
	UpdatePassword(username string, newPassword string) (err error)
}

UserProvider is the interface for checking user password and gathering user details.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL