Documentation ¶
Overview ¶
Package authentication is a generated GoMock package.
Package authentication is a generated GoMock package.
Index ¶
- Constants
- Variables
- func CheckPassword(password, hash string) (ok bool, err error)
- func HashPassword(password, salt string, algorithm CryptAlgo, ...) (hash string, err error)
- type CryptAlgo
- type DatabaseModel
- type FileUserProvider
- func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)
- func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)
- func (p *FileUserProvider) StartupCheck() (err error)
- func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error
- type LDAPClient
- type LDAPClientFactory
- type LDAPSupportedControlTypes
- type LDAPSupportedExtensions
- type LDAPSupportedFeatures
- type LDAPUserProvider
- func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)
- func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)
- func (p *LDAPUserProvider) StartupCheck() (err error)
- func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
- type Level
- type MockLDAPClient
- func (m *MockLDAPClient) Bind(arg0, arg1 string) error
- func (m *MockLDAPClient) Close()
- func (m *MockLDAPClient) EXPECT() *MockLDAPClientMockRecorder
- func (m *MockLDAPClient) Modify(arg0 *ldap.ModifyRequest) error
- func (m *MockLDAPClient) PasswordModify(arg0 *ldap.PasswordModifyRequest) (*ldap.PasswordModifyResult, error)
- func (m *MockLDAPClient) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)
- func (m *MockLDAPClient) StartTLS(arg0 *tls.Config) error
- type MockLDAPClientFactory
- type MockLDAPClientFactoryMockRecorder
- type MockLDAPClientMockRecorder
- func (mr *MockLDAPClientMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call
- func (mr *MockLDAPClientMockRecorder) Close() *gomock.Call
- func (mr *MockLDAPClientMockRecorder) Modify(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPClientMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPClientMockRecorder) Search(arg0 interface{}) *gomock.Call
- func (mr *MockLDAPClientMockRecorder) StartTLS(arg0 interface{}) *gomock.Call
- type PasswordHash
- type ProductionLDAPClientFactory
- type UserDetails
- type UserDetailsModel
- type UserProvider
Constants ¶
const ( HashingDefaultArgon2idTime = 1 HashingDefaultArgon2idMemory = 32 * 1024 HashingDefaultArgon2idParallelism = 4 HashingDefaultArgon2idKeyLength = 32 HashingDefaultSHA512Iterations = 5000 )
These are the default values from the upstream crypt module we use them to for GetInt and they need to be checked when updating github.com/simia-tech/crypt.
Variables ¶
var ErrUserNotFound = errors.New("user not found")
ErrUserNotFound indicates the user wasn't found in the authentication backend.
var HashingPossibleSaltCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/"
HashingPossibleSaltCharacters represents valid hashing runes.
Functions ¶
func CheckPassword ¶
CheckPassword check a password against a hash.
Types ¶
type CryptAlgo ¶
type CryptAlgo string
CryptAlgo the crypt representation of an algorithm used in the prefix of the hash.
func ConfigAlgoToCryptoAlgo ¶
ConfigAlgoToCryptoAlgo returns a CryptAlgo and nil error if valid, otherwise it returns argon2id and an error.
type DatabaseModel ¶
type DatabaseModel struct {
Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}
DatabaseModel is the model of users file database.
type FileUserProvider ¶
type FileUserProvider struct {
// contains filtered or unexported fields
}
FileUserProvider is a provider reading details from a file.
func NewFileUserProvider ¶
func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider
NewFileUserProvider creates a new instance of FileUserProvider.
func (*FileUserProvider) CheckUserPassword ¶
func (p *FileUserProvider) CheckUserPassword(username string, password string) (bool, error)
CheckUserPassword checks if provided password matches for the given user.
func (*FileUserProvider) GetDetails ¶
func (p *FileUserProvider) GetDetails(username string) (*UserDetails, error)
GetDetails retrieve the groups a user belongs to.
func (*FileUserProvider) StartupCheck ¶ added in v4.31.0
func (p *FileUserProvider) StartupCheck() (err error)
StartupCheck implements the startup check provider interface.
func (*FileUserProvider) UpdatePassword ¶
func (p *FileUserProvider) UpdatePassword(username string, newPassword string) error
UpdatePassword update the password of the given user.
type LDAPClient ¶ added in v4.35.3
type LDAPClient interface { Close() StartTLS(config *tls.Config) (err error) Bind(username, password string) (err error) Modify(modifyRequest *ldap.ModifyRequest) (err error) PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) (pwdModifyResult *ldap.PasswordModifyResult, err error) Search(searchRequest *ldap.SearchRequest) (searchResult *ldap.SearchResult, err error) }
LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.
Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.
type LDAPClientFactory ¶ added in v4.35.3
type LDAPClientFactory interface {
DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
}
LDAPClientFactory an interface of factory of LDAP clients.
type LDAPSupportedControlTypes ¶ added in v4.35.3
LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.
type LDAPSupportedExtensions ¶ added in v4.35.3
LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.
type LDAPSupportedFeatures ¶ added in v4.35.3
type LDAPSupportedFeatures struct { Extensions LDAPSupportedExtensions ControlTypes LDAPSupportedControlTypes }
LDAPSupportedFeatures represents features which a server may support which are implemented in code.
type LDAPUserProvider ¶
type LDAPUserProvider struct {
// contains filtered or unexported fields
}
LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.
func NewLDAPUserProvider ¶
func NewLDAPUserProvider(config schema.AuthenticationBackendConfiguration, certPool *x509.CertPool) (provider *LDAPUserProvider)
NewLDAPUserProvider creates a new instance of LDAPUserProvider.
func (*LDAPUserProvider) CheckUserPassword ¶
func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)
CheckUserPassword checks if provided password matches for the given user.
func (*LDAPUserProvider) GetDetails ¶
func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)
GetDetails retrieve the groups a user belongs to.
func (*LDAPUserProvider) StartupCheck ¶ added in v4.31.0
func (p *LDAPUserProvider) StartupCheck() (err error)
StartupCheck implements the startup check provider interface.
func (*LDAPUserProvider) UpdatePassword ¶
func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
UpdatePassword update the password of the given user.
type MockLDAPClient ¶ added in v4.35.3
type MockLDAPClient struct {
// contains filtered or unexported fields
}
MockLDAPClient is a mock of LDAPClient interface.
func NewMockLDAPClient ¶ added in v4.35.3
func NewMockLDAPClient(ctrl *gomock.Controller) *MockLDAPClient
NewMockLDAPClient creates a new mock instance.
func (*MockLDAPClient) Bind ¶ added in v4.35.3
func (m *MockLDAPClient) Bind(arg0, arg1 string) error
Bind mocks base method.
func (*MockLDAPClient) Close ¶ added in v4.35.3
func (m *MockLDAPClient) Close()
Close mocks base method.
func (*MockLDAPClient) EXPECT ¶ added in v4.35.3
func (m *MockLDAPClient) EXPECT() *MockLDAPClientMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
func (*MockLDAPClient) Modify ¶ added in v4.35.3
func (m *MockLDAPClient) Modify(arg0 *ldap.ModifyRequest) error
Modify mocks base method.
func (*MockLDAPClient) PasswordModify ¶ added in v4.35.3
func (m *MockLDAPClient) PasswordModify(arg0 *ldap.PasswordModifyRequest) (*ldap.PasswordModifyResult, error)
PasswordModify mocks base method.
func (*MockLDAPClient) Search ¶ added in v4.35.3
func (m *MockLDAPClient) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)
Search mocks base method.
type MockLDAPClientFactory ¶ added in v4.35.3
type MockLDAPClientFactory struct {
// contains filtered or unexported fields
}
MockLDAPClientFactory is a mock of LDAPClientFactory interface.
func NewMockLDAPClientFactory ¶ added in v4.35.3
func NewMockLDAPClientFactory(ctrl *gomock.Controller) *MockLDAPClientFactory
NewMockLDAPClientFactory creates a new mock instance.
func (*MockLDAPClientFactory) DialURL ¶ added in v4.35.3
func (m *MockLDAPClientFactory) DialURL(arg0 string, arg1 ...v3.DialOpt) (LDAPClient, error)
DialURL mocks base method.
func (*MockLDAPClientFactory) EXPECT ¶ added in v4.35.3
func (m *MockLDAPClientFactory) EXPECT() *MockLDAPClientFactoryMockRecorder
EXPECT returns an object that allows the caller to indicate expected use.
type MockLDAPClientFactoryMockRecorder ¶ added in v4.35.3
type MockLDAPClientFactoryMockRecorder struct {
// contains filtered or unexported fields
}
MockLDAPClientFactoryMockRecorder is the mock recorder for MockLDAPClientFactory.
func (*MockLDAPClientFactoryMockRecorder) DialURL ¶ added in v4.35.3
func (mr *MockLDAPClientFactoryMockRecorder) DialURL(arg0 interface{}, arg1 ...interface{}) *gomock.Call
DialURL indicates an expected call of DialURL.
type MockLDAPClientMockRecorder ¶ added in v4.35.3
type MockLDAPClientMockRecorder struct {
// contains filtered or unexported fields
}
MockLDAPClientMockRecorder is the mock recorder for MockLDAPClient.
func (*MockLDAPClientMockRecorder) Bind ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call
Bind indicates an expected call of Bind.
func (*MockLDAPClientMockRecorder) Close ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) Close() *gomock.Call
Close indicates an expected call of Close.
func (*MockLDAPClientMockRecorder) Modify ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) Modify(arg0 interface{}) *gomock.Call
Modify indicates an expected call of Modify.
func (*MockLDAPClientMockRecorder) PasswordModify ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call
PasswordModify indicates an expected call of PasswordModify.
func (*MockLDAPClientMockRecorder) Search ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) Search(arg0 interface{}) *gomock.Call
Search indicates an expected call of Search.
func (*MockLDAPClientMockRecorder) StartTLS ¶ added in v4.35.3
func (mr *MockLDAPClientMockRecorder) StartTLS(arg0 interface{}) *gomock.Call
StartTLS indicates an expected call of StartTLS.
type PasswordHash ¶
type PasswordHash struct { Algorithm CryptAlgo Iterations int Salt string Key string KeyLength int Memory int Parallelism int }
PasswordHash represents all characteristics of a password hash. Authelia only supports salted SHA512 or salted argon2id method, i.e., $6$ mode or $argon2id$ mode.
func ParseHash ¶
func ParseHash(hash string) (passwordHash *PasswordHash, err error)
ParseHash extracts all characteristics of a hash given its string representation.
type ProductionLDAPClientFactory ¶ added in v4.35.3
type ProductionLDAPClientFactory struct{}
ProductionLDAPClientFactory the production implementation of an ldap connection factory.
func NewProductionLDAPClientFactory ¶ added in v4.35.3
func NewProductionLDAPClientFactory() *ProductionLDAPClientFactory
NewProductionLDAPClientFactory create a concrete ldap connection factory.
func (*ProductionLDAPClientFactory) DialURL ¶ added in v4.35.3
func (f *ProductionLDAPClientFactory) DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
DialURL creates a client from an LDAP URL when successful.
type UserDetails ¶
UserDetails represent the details retrieved for a given user.
type UserDetailsModel ¶
type UserDetailsModel struct { HashedPassword string `yaml:"password" valid:"required"` DisplayName string `yaml:"displayname" valid:"required"` Email string `yaml:"email"` Groups []string `yaml:"groups"` }
UserDetailsModel is the model of user details in the file database.
type UserProvider ¶
type UserProvider interface { model.StartupCheck CheckUserPassword(username string, password string) (valid bool, err error) GetDetails(username string) (details *UserDetails, err error) UpdatePassword(username string, newPassword string) (err error) }
UserProvider is the interface for checking user password and gathering user details.