Documentation ¶
Index ¶
- Constants
- type AuthenticationAttempt
- type Base64
- type DuoDevice
- type IP
- type IdentityVerification
- type IdentityVerificationClaim
- type Migration
- type NullIP
- type OAuth2BlacklistedJTI
- type OAuth2ConsentSession
- func (s OAuth2ConsentSession) CanGrant() bool
- func (s OAuth2ConsentSession) GetForm() (form url.Values, err error)
- func (s OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)
- func (s OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)
- func (s OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)
- func (s OAuth2ConsentSession) IsAuthorized() bool
- func (s OAuth2ConsentSession) IsDenied() bool
- func (s OAuth2ConsentSession) Responded() bool
- type OAuth2Session
- type OpenIDSession
- type SchemaMigration
- type SemanticVersion
- func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)
- func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)
- func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)
- func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)
- func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)
- func (v SemanticVersion) String() (value string)
- type StartupCheck
- type StringSlicePipeDelimited
- type TOTPConfiguration
- type U2FDevice
- type UserInfo
- type UserOpaqueIdentifier
- type UserOpaqueIdentifiersExport
- type WebauthnDevice
- type WebauthnUser
- func (w WebauthnUser) HasFIDOU2F() bool
- func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)
- func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)
- func (w WebauthnUser) WebAuthnDisplayName() string
- func (w WebauthnUser) WebAuthnID() []byte
- func (w WebauthnUser) WebAuthnIcon() string
- func (w WebauthnUser) WebAuthnName() string
Constants ¶
const ( // SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator. SecondFactorMethodTOTP = "totp" // SecondFactorMethodWebauthn method using Webauthn devices like YubiKey's. SecondFactorMethodWebauthn = "webauthn" // SecondFactorMethodDuo method using Duo application to receive push notifications. SecondFactorMethodDuo = "mobile_push" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationAttempt ¶
type AuthenticationAttempt struct { ID int `db:"id"` Time time.Time `db:"time"` Successful bool `db:"successful"` Banned bool `db:"banned"` Username string `db:"username"` Type string `db:"auth_type"` RemoteIP NullIP `db:"remote_ip"` RequestURI string `db:"request_uri"` RequestMethod string `db:"request_method"` }
AuthenticationAttempt represents an authentication attempt row in the database.
type Base64 ¶
type Base64 struct {
// contains filtered or unexported fields
}
Base64 saves bytes to the database as a base64 encoded string.
type DuoDevice ¶
type DuoDevice struct { ID int `db:"id"` Username string `db:"username"` Device string `db:"device"` Method string `db:"method"` }
DuoDevice represents a DUO Device.
type IP ¶
IP is a type specific for storage of a net.IP in the database which can't be NULL.
type IdentityVerification ¶
type IdentityVerification struct { ID int `db:"id"` JTI uuid.UUID `db:"jti"` IssuedAt time.Time `db:"iat"` IssuedIP IP `db:"issued_ip"` ExpiresAt time.Time `db:"exp"` Action string `db:"action"` Username string `db:"username"` Consumed *time.Time `db:"consumed"` ConsumedIP NullIP `db:"consumed_ip"` }
IdentityVerification represents an identity verification row in the database.
func NewIdentityVerification ¶
func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP) (verification IdentityVerification)
NewIdentityVerification creates a new IdentityVerification from a given username and action.
func (IdentityVerification) ToIdentityVerificationClaim ¶
func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim)
ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.
type IdentityVerificationClaim ¶
type IdentityVerificationClaim struct { jwt.RegisteredClaims // The action this token has been crafted for. Action string `json:"action"` // The user this token has been crafted for. Username string `json:"username"` }
IdentityVerificationClaim custom claim for specifying the action claim. The action can be to register a TOTP device, a U2F device or reset one's password.
func (IdentityVerificationClaim) ToIdentityVerification ¶
func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error)
ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.
type Migration ¶
type Migration struct { ID int `db:"id"` Applied time.Time `db:"applied"` Before int `db:"version_before"` After int `db:"version_after"` Version string `db:"application_version"` }
Migration represents a migration row in the database.
type NullIP ¶
NullIP is a type specific for storage of a net.IP in the database which can also be NULL.
func NewNullIPFromString ¶
NewNullIPFromString easily constructs a new NullIP from a string.
type OAuth2BlacklistedJTI ¶ added in v4.35.0
type OAuth2BlacklistedJTI struct { ID int `db:"id"` Signature string `db:"signature"` ExpiresAt time.Time `db:"expires_at"` }
OAuth2BlacklistedJTI represents a blacklisted JTI used with OAuth2.0.
func NewOAuth2BlacklistedJTI ¶ added in v4.35.0
func NewOAuth2BlacklistedJTI(jti string, exp time.Time) (jtiBlacklist OAuth2BlacklistedJTI)
NewOAuth2BlacklistedJTI creates a new OAuth2BlacklistedJTI.
type OAuth2ConsentSession ¶ added in v4.35.0
type OAuth2ConsentSession struct { ID int `db:"id"` ChallengeID uuid.UUID `db:"challenge_id"` ClientID string `db:"client_id"` Subject uuid.NullUUID `db:"subject"` Authorized bool `db:"authorized"` Granted bool `db:"granted"` RequestedAt time.Time `db:"requested_at"` RespondedAt *time.Time `db:"responded_at"` ExpiresAt *time.Time `db:"expires_at"` Form string `db:"form_data"` RequestedScopes StringSlicePipeDelimited `db:"requested_scopes"` GrantedScopes StringSlicePipeDelimited `db:"granted_scopes"` RequestedAudience StringSlicePipeDelimited `db:"requested_audience"` GrantedAudience StringSlicePipeDelimited `db:"granted_audience"` }
OAuth2ConsentSession stores information about an OAuth2.0 Consent.
func NewOAuth2ConsentSession ¶ added in v4.35.0
func NewOAuth2ConsentSession(subject uuid.UUID, r fosite.Requester) (consent *OAuth2ConsentSession, err error)
NewOAuth2ConsentSession creates a new OAuth2ConsentSession.
func (OAuth2ConsentSession) CanGrant ¶ added in v4.35.0
func (s OAuth2ConsentSession) CanGrant() bool
CanGrant returns true if the user has responded to the consent session, it was authorized, and it either hast not previously been granted or the ability to grant has not expired.
func (OAuth2ConsentSession) GetForm ¶ added in v4.35.0
func (s OAuth2ConsentSession) GetForm() (form url.Values, err error)
GetForm returns the form.
func (OAuth2ConsentSession) HasExactGrantedAudience ¶ added in v4.35.0
func (s OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)
HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.
func (OAuth2ConsentSession) HasExactGrantedScopes ¶ added in v4.35.0
func (s OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)
HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.
func (OAuth2ConsentSession) HasExactGrants ¶ added in v4.35.0
func (s OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)
HasExactGrants returns true if the granted audience and scopes of this consent matches exactly with another audience and set of scopes.
func (OAuth2ConsentSession) IsAuthorized ¶ added in v4.35.0
func (s OAuth2ConsentSession) IsAuthorized() bool
IsAuthorized returns true if the user has responded to the consent session and it was authorized.
func (OAuth2ConsentSession) IsDenied ¶ added in v4.35.0
func (s OAuth2ConsentSession) IsDenied() bool
IsDenied returns true if the user has responded to the consent session and it was not authorized.
func (OAuth2ConsentSession) Responded ¶ added in v4.35.0
func (s OAuth2ConsentSession) Responded() bool
Responded returns true if the user has responded to the consent session.
type OAuth2Session ¶ added in v4.35.0
type OAuth2Session struct { ID int `db:"id"` ChallengeID uuid.UUID `db:"challenge_id"` RequestID string `db:"request_id"` ClientID string `db:"client_id"` Signature string `db:"signature"` RequestedAt time.Time `db:"requested_at"` Subject string `db:"subject"` RequestedScopes StringSlicePipeDelimited `db:"requested_scopes"` GrantedScopes StringSlicePipeDelimited `db:"granted_scopes"` RequestedAudience StringSlicePipeDelimited `db:"requested_audience"` GrantedAudience StringSlicePipeDelimited `db:"granted_audience"` Active bool `db:"active"` Revoked bool `db:"revoked"` Form string `db:"form_data"` Session []byte `db:"session_data"` }
OAuth2Session represents a OAuth2.0 session.
func NewOAuth2SessionFromRequest ¶ added in v4.35.0
func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error)
NewOAuth2SessionFromRequest creates a new OAuth2Session from a signature and fosite.Requester.
func (*OAuth2Session) SetSubject ¶ added in v4.35.0
func (s *OAuth2Session) SetSubject(subject string)
SetSubject implements an interface required for RFC7523.
type OpenIDSession ¶ added in v4.35.0
type OpenIDSession struct { *openid.DefaultSession `json:"id_token"` ChallengeID uuid.UUID `db:"challenge_id"` ClientID string Extra map[string]interface{} `json:"extra"` }
OpenIDSession holds OIDC Session information.
func (*OpenIDSession) Clone ¶ added in v4.36.0
func (s *OpenIDSession) Clone() fosite.Session
Clone copies the OpenIDSession to a new fosite.Session.
type SchemaMigration ¶
SchemaMigration represents an intended migration.
func (SchemaMigration) After ¶
func (m SchemaMigration) After() (after int)
After returns the version the schema will be at After the migration is applied.
func (SchemaMigration) Before ¶
func (m SchemaMigration) Before() (before int)
Before returns the version the schema should be at Before the migration is applied.
type SemanticVersion ¶ added in v4.36.0
SemanticVersion represents a semantic 2.0 version.
func NewSemanticVersion ¶ added in v4.36.0
func NewSemanticVersion(input string) (version *SemanticVersion, err error)
NewSemanticVersion creates a SemanticVersion from a string.
func (SemanticVersion) Equal ¶ added in v4.36.0
func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)
Equal returns true if this SemanticVersion is equal to the provided SemanticVersion.
func (SemanticVersion) GreaterThan ¶ added in v4.36.0
func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)
GreaterThan returns true if this SemanticVersion is greater than the provided SemanticVersion.
func (SemanticVersion) GreaterThanOrEqual ¶ added in v4.36.0
func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)
GreaterThanOrEqual returns true if this SemanticVersion is greater than or equal to the provided SemanticVersion.
func (SemanticVersion) LessThan ¶ added in v4.36.0
func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)
LessThan returns true if this SemanticVersion is less than the provided SemanticVersion.
func (SemanticVersion) LessThanOrEqual ¶ added in v4.36.0
func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)
LessThanOrEqual returns true if this SemanticVersion is less than or equal to the provided SemanticVersion.
func (SemanticVersion) String ¶ added in v4.36.0
func (v SemanticVersion) String() (value string)
String is a function to provide a nice representation of a SemanticVersion.
type StartupCheck ¶
type StartupCheck interface {
StartupCheck() (err error)
}
StartupCheck represents a provider that has a startup check.
type StringSlicePipeDelimited ¶ added in v4.35.0
type StringSlicePipeDelimited []string
StringSlicePipeDelimited is a string slice that is stored in the database delimited by pipes.
func (*StringSlicePipeDelimited) Scan ¶ added in v4.35.0
func (s *StringSlicePipeDelimited) Scan(value interface{}) (err error)
Scan is the StringSlicePipeDelimited implementation of the sql.Scanner.
type TOTPConfiguration ¶
type TOTPConfiguration struct { ID int `db:"id" json:"-"` CreatedAt time.Time `db:"created_at" json:"-"` LastUsedAt *time.Time `db:"last_used_at" json:"-"` Username string `db:"username" json:"-"` Issuer string `db:"issuer" json:"-"` Algorithm string `db:"algorithm" json:"-"` Digits uint `db:"digits" json:"digits"` Period uint `db:"period" json:"period"` Secret []byte `db:"secret" json:"-"` }
TOTPConfiguration represents a users TOTP configuration row in the database.
func (*TOTPConfiguration) Image ¶
func (c *TOTPConfiguration) Image(width, height int) (img image.Image, err error)
Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.
func (*TOTPConfiguration) Key ¶
func (c *TOTPConfiguration) Key() (key *otp.Key, err error)
Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.
func (*TOTPConfiguration) URI ¶
func (c *TOTPConfiguration) URI() (uri string)
URI shows the configuration in the URI representation.
func (*TOTPConfiguration) UpdateSignInInfo ¶
func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)
UpdateSignInInfo adjusts the values of the TOTPConfiguration after a sign in.
type U2FDevice ¶
type U2FDevice struct { ID int `db:"id"` Username string `db:"username"` Description string `db:"description"` KeyHandle []byte `db:"key_handle"` PublicKey []byte `db:"public_key"` }
U2FDevice represents a users U2F device row in the database.
type UserInfo ¶
type UserInfo struct { // The users display name. DisplayName string `db:"-" json:"display_name"` // The preferred 2FA method. Method string `db:"second_factor_method" json:"method" valid:"required"` // True if a TOTP device has been registered. HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"` // True if a Webauthn device has been registered. HasWebauthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"` // True if a duo device has been configured as the preferred. HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"` }
UserInfo represents the user information required by the web UI.
type UserOpaqueIdentifier ¶ added in v4.35.0
type UserOpaqueIdentifier struct { ID int `db:"id" yaml:"id"` Service string `db:"service" yaml:"service"` SectorID string `db:"sector_id" yaml:"sector_id"` Username string `db:"username" yaml:"username"` Identifier uuid.UUID `db:"identifier" yaml:"identifier"` }
UserOpaqueIdentifier represents an opaque identifier for a user. Commonly used with OAuth 2.0 and OpenID Connect.
func NewUserOpaqueIdentifier ¶ added in v4.35.0
func NewUserOpaqueIdentifier(service, sectorID, username string) (id *UserOpaqueIdentifier, err error)
NewUserOpaqueIdentifier either creates a new UserOpaqueIdentifier or returns an error.
type UserOpaqueIdentifiersExport ¶ added in v4.35.0
type UserOpaqueIdentifiersExport struct {
Identifiers []UserOpaqueIdentifier `yaml:"identifiers"`
}
UserOpaqueIdentifiersExport represents a UserOpaqueIdentifier export file.
type WebauthnDevice ¶
type WebauthnDevice struct { ID int `db:"id"` CreatedAt time.Time `db:"created_at"` LastUsedAt *time.Time `db:"last_used_at"` RPID string `db:"rpid"` Username string `db:"username"` Description string `db:"description"` KID Base64 `db:"kid"` PublicKey []byte `db:"public_key"` AttestationType string `db:"attestation_type"` Transport string `db:"transport"` AAGUID uuid.UUID `db:"aaguid"` SignCount uint32 `db:"sign_count"` CloneWarning bool `db:"clone_warning"` }
WebauthnDevice represents a Webauthn Device in the database storage.
func NewWebauthnDeviceFromCredential ¶
func NewWebauthnDeviceFromCredential(rpid, username, description string, credential *webauthn.Credential) (device WebauthnDevice)
NewWebauthnDeviceFromCredential creates a WebauthnDevice from a webauthn.Credential.
func (*WebauthnDevice) UpdateSignInInfo ¶
UpdateSignInInfo adjusts the values of the WebauthnDevice after a sign in.
type WebauthnUser ¶
type WebauthnUser struct { Username string DisplayName string Devices []WebauthnDevice }
WebauthnUser is an object to represent a user for the Webauthn lib.
func (WebauthnUser) HasFIDOU2F ¶
func (w WebauthnUser) HasFIDOU2F() bool
HasFIDOU2F returns true if the user has any attestation type `fido-u2f` devices.
func (WebauthnUser) WebAuthnCredentialDescriptors ¶
func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)
WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.
func (WebauthnUser) WebAuthnCredentials ¶
func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)
WebAuthnCredentials implements the webauthn.User interface.
func (WebauthnUser) WebAuthnDisplayName ¶
func (w WebauthnUser) WebAuthnDisplayName() string
WebAuthnDisplayName implements the webauthn.User interface.
func (WebauthnUser) WebAuthnID ¶
func (w WebauthnUser) WebAuthnID() []byte
WebAuthnID implements the webauthn.User interface.
func (WebauthnUser) WebAuthnIcon ¶
func (w WebauthnUser) WebAuthnIcon() string
WebAuthnIcon implements the webauthn.User interface.
func (WebauthnUser) WebAuthnName ¶
func (w WebauthnUser) WebAuthnName() string
WebAuthnName implements the webauthn.User interface.