authentication

package
v4.37.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 8, 2022 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package authentication is a generated GoMock package.

Package authentication is a generated GoMock package.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrUserNotFound indicates the user wasn't found in the authentication backend.
	ErrUserNotFound = errors.New("user not found")

	// ErrNoContent is returned when the file is empty.
	ErrNoContent = errors.New("no file content")
)

Functions

func LevelToString added in v4.36.0

func LevelToString(level Level) string

LevelToString returns a string representation of an authentication.Level.

func NewFileCryptoHashFromConfig added in v4.37.0

func NewFileCryptoHashFromConfig(config schema.Password) (hash algorithm.Hash, err error)

NewFileCryptoHashFromConfig returns a crypt.Hash given a valid configuration.

Types

type DatabaseModel

type DatabaseModel struct {
	Users map[string]UserDetailsModel `yaml:"users" valid:"required"`
}

DatabaseModel is the model of users file database.

func (*DatabaseModel) Read added in v4.37.0

func (m *DatabaseModel) Read(filePath string) (err error)

Read a DatabaseModel from disk.

func (*DatabaseModel) ReadToFileUserDatabase added in v4.37.0

func (m *DatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error)

ReadToFileUserDatabase reads the DatabaseModel into a FileUserDatabase.

func (*DatabaseModel) Write added in v4.37.0

func (m *DatabaseModel) Write(fileName string) (err error)

Write a DatabaseModel to disk.

type DatabaseUserDetails added in v4.37.0

type DatabaseUserDetails struct {
	Username    string
	Digest      algorithm.Digest
	Disabled    bool
	DisplayName string
	Email       string
	Groups      []string
}

DatabaseUserDetails is the model of user details in the file database.

func (DatabaseUserDetails) ToUserDetails added in v4.37.0

func (m DatabaseUserDetails) ToUserDetails() (details *UserDetails)

ToUserDetails converts DatabaseUserDetails into a *UserDetails given a username.

func (DatabaseUserDetails) ToUserDetailsModel added in v4.37.0

func (m DatabaseUserDetails) ToUserDetailsModel() (model UserDetailsModel)

ToUserDetailsModel converts DatabaseUserDetails into a UserDetailsModel.

type FileUserDatabase added in v4.37.0

type FileUserDatabase struct {
	*sync.RWMutex

	Path    string
	Users   map[string]DatabaseUserDetails
	Emails  map[string]string
	Aliases map[string]string

	SearchEmail bool
	SearchCI    bool
}

FileUserDatabase is a user details database that is concurrency safe database and can be reloaded.

func NewFileUserDatabase added in v4.37.0

func NewFileUserDatabase(filePath string, searchEmail, searchCI bool) (database *FileUserDatabase)

NewFileUserDatabase creates a new FileUserDatabase.

func (*FileUserDatabase) GetUserDetails added in v4.37.0

func (m *FileUserDatabase) GetUserDetails(username string) (user DatabaseUserDetails, err error)

GetUserDetails get a DatabaseUserDetails given a username as a value type where the username must be the users actual username.

func (*FileUserDatabase) Load added in v4.37.0

func (m *FileUserDatabase) Load() (err error)

Load the database from disk.

func (*FileUserDatabase) LoadAliases added in v4.37.0

func (m *FileUserDatabase) LoadAliases() (err error)

LoadAliases performs the loading of alias information from the database.

func (*FileUserDatabase) Save added in v4.37.0

func (m *FileUserDatabase) Save() (err error)

Save the database to disk.

func (*FileUserDatabase) SetUserDetails added in v4.37.0

func (m *FileUserDatabase) SetUserDetails(username string, details *DatabaseUserDetails)

SetUserDetails sets the DatabaseUserDetails for a given user.

func (*FileUserDatabase) ToDatabaseModel added in v4.37.0

func (m *FileUserDatabase) ToDatabaseModel() (model *DatabaseModel)

ToDatabaseModel converts the FileUserDatabase into the DatabaseModel for saving.

type FileUserProvider

type FileUserProvider struct {
	// contains filtered or unexported fields
}

FileUserProvider is a provider reading details from a file.

func NewFileUserProvider

func NewFileUserProvider(config *schema.FileAuthenticationBackend) (provider *FileUserProvider)

NewFileUserProvider creates a new instance of FileUserProvider.

func (*FileUserProvider) CheckUserPassword

func (p *FileUserProvider) CheckUserPassword(username string, password string) (match bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*FileUserProvider) GetDetails

func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*FileUserProvider) Reload added in v4.37.0

func (p *FileUserProvider) Reload() (reloaded bool, err error)

Reload the database.

func (*FileUserProvider) StartupCheck added in v4.31.0

func (p *FileUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*FileUserProvider) UpdatePassword

func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (err error)

UpdatePassword update the password of the given user.

type LDAPClient added in v4.35.3

type LDAPClient interface {
	Close()
	StartTLS(config *tls.Config) (err error)

	Bind(username, password string) (err error)
	UnauthenticatedBind(username string) (err error)

	Modify(modifyRequest *ldap.ModifyRequest) (err error)
	PasswordModify(pwdModifyRequest *ldap.PasswordModifyRequest) (pwdModifyResult *ldap.PasswordModifyResult, err error)

	Search(searchRequest *ldap.SearchRequest) (searchResult *ldap.SearchResult, err error)
}

LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.

Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.

type LDAPClientFactory added in v4.35.3

type LDAPClientFactory interface {
	DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
}

LDAPClientFactory an interface of factory of LDAP clients.

type LDAPSupportedControlTypes added in v4.35.3

type LDAPSupportedControlTypes struct {
	MsftPwdPolHints           bool
	MsftPwdPolHintsDeprecated bool
}

LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.

type LDAPSupportedExtensions added in v4.35.3

type LDAPSupportedExtensions struct {
	TLS           bool
	PwdModifyExOp bool
}

LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.

type LDAPSupportedFeatures added in v4.35.3

type LDAPSupportedFeatures struct {
	Extensions   LDAPSupportedExtensions
	ControlTypes LDAPSupportedControlTypes
}

LDAPSupportedFeatures represents features which a server may support which are implemented in code.

type LDAPUserProvider

type LDAPUserProvider struct {
	// contains filtered or unexported fields
}

LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.

func NewLDAPUserProvider

func NewLDAPUserProvider(config schema.AuthenticationBackend, certPool *x509.CertPool) (provider *LDAPUserProvider)

NewLDAPUserProvider creates a new instance of LDAPUserProvider.

func (*LDAPUserProvider) CheckUserPassword

func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*LDAPUserProvider) GetDetails

func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*LDAPUserProvider) StartupCheck added in v4.31.0

func (p *LDAPUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*LDAPUserProvider) UpdatePassword

func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)

UpdatePassword update the password of the given user.

type Level

type Level int

Level is the type representing a level of authentication.

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota
	// OneFactor if the user has passed first factor only.
	OneFactor
	// TwoFactor if the user has passed two factors.
	TwoFactor
)

type MockLDAPClient added in v4.35.3

type MockLDAPClient struct {
	// contains filtered or unexported fields
}

MockLDAPClient is a mock of LDAPClient interface.

func NewMockLDAPClient added in v4.35.3

func NewMockLDAPClient(ctrl *gomock.Controller) *MockLDAPClient

NewMockLDAPClient creates a new mock instance.

func (*MockLDAPClient) Bind added in v4.35.3

func (m *MockLDAPClient) Bind(arg0, arg1 string) error

Bind mocks base method.

func (*MockLDAPClient) Close added in v4.35.3

func (m *MockLDAPClient) Close()

Close mocks base method.

func (*MockLDAPClient) EXPECT added in v4.35.3

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockLDAPClient) Modify added in v4.35.3

func (m *MockLDAPClient) Modify(arg0 *ldap.ModifyRequest) error

Modify mocks base method.

func (*MockLDAPClient) PasswordModify added in v4.35.3

PasswordModify mocks base method.

func (*MockLDAPClient) Search added in v4.35.3

func (m *MockLDAPClient) Search(arg0 *ldap.SearchRequest) (*ldap.SearchResult, error)

Search mocks base method.

func (*MockLDAPClient) StartTLS added in v4.35.3

func (m *MockLDAPClient) StartTLS(arg0 *tls.Config) error

StartTLS mocks base method.

func (*MockLDAPClient) UnauthenticatedBind added in v4.36.0

func (m *MockLDAPClient) UnauthenticatedBind(arg0 string) error

UnauthenticatedBind mocks base method.

type MockLDAPClientFactory added in v4.35.3

type MockLDAPClientFactory struct {
	// contains filtered or unexported fields
}

MockLDAPClientFactory is a mock of LDAPClientFactory interface.

func NewMockLDAPClientFactory added in v4.35.3

func NewMockLDAPClientFactory(ctrl *gomock.Controller) *MockLDAPClientFactory

NewMockLDAPClientFactory creates a new mock instance.

func (*MockLDAPClientFactory) DialURL added in v4.35.3

func (m *MockLDAPClientFactory) DialURL(arg0 string, arg1 ...v3.DialOpt) (LDAPClient, error)

DialURL mocks base method.

func (*MockLDAPClientFactory) EXPECT added in v4.35.3

EXPECT returns an object that allows the caller to indicate expected use.

type MockLDAPClientFactoryMockRecorder added in v4.35.3

type MockLDAPClientFactoryMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPClientFactoryMockRecorder is the mock recorder for MockLDAPClientFactory.

func (*MockLDAPClientFactoryMockRecorder) DialURL added in v4.35.3

func (mr *MockLDAPClientFactoryMockRecorder) DialURL(arg0 interface{}, arg1 ...interface{}) *gomock.Call

DialURL indicates an expected call of DialURL.

type MockLDAPClientMockRecorder added in v4.35.3

type MockLDAPClientMockRecorder struct {
	// contains filtered or unexported fields
}

MockLDAPClientMockRecorder is the mock recorder for MockLDAPClient.

func (*MockLDAPClientMockRecorder) Bind added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Bind(arg0, arg1 interface{}) *gomock.Call

Bind indicates an expected call of Bind.

func (*MockLDAPClientMockRecorder) Close added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Close() *gomock.Call

Close indicates an expected call of Close.

func (*MockLDAPClientMockRecorder) Modify added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Modify(arg0 interface{}) *gomock.Call

Modify indicates an expected call of Modify.

func (*MockLDAPClientMockRecorder) PasswordModify added in v4.35.3

func (mr *MockLDAPClientMockRecorder) PasswordModify(arg0 interface{}) *gomock.Call

PasswordModify indicates an expected call of PasswordModify.

func (*MockLDAPClientMockRecorder) Search added in v4.35.3

func (mr *MockLDAPClientMockRecorder) Search(arg0 interface{}) *gomock.Call

Search indicates an expected call of Search.

func (*MockLDAPClientMockRecorder) StartTLS added in v4.35.3

func (mr *MockLDAPClientMockRecorder) StartTLS(arg0 interface{}) *gomock.Call

StartTLS indicates an expected call of StartTLS.

func (*MockLDAPClientMockRecorder) UnauthenticatedBind added in v4.36.0

func (mr *MockLDAPClientMockRecorder) UnauthenticatedBind(arg0 interface{}) *gomock.Call

UnauthenticatedBind indicates an expected call of UnauthenticatedBind.

type ProductionLDAPClientFactory added in v4.35.3

type ProductionLDAPClientFactory struct{}

ProductionLDAPClientFactory the production implementation of an ldap connection factory.

func NewProductionLDAPClientFactory added in v4.35.3

func NewProductionLDAPClientFactory() *ProductionLDAPClientFactory

NewProductionLDAPClientFactory create a concrete ldap connection factory.

func (*ProductionLDAPClientFactory) DialURL added in v4.35.3

func (f *ProductionLDAPClientFactory) DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)

DialURL creates a client from an LDAP URL when successful.

type UserDetails

type UserDetails struct {
	Username    string
	DisplayName string
	Emails      []string
	Groups      []string
}

UserDetails represent the details retrieved for a given user.

func (UserDetails) Addresses added in v4.36.3

func (d UserDetails) Addresses() (addresses []mail.Address)

Addresses returns the Emails []string as []mail.Address formatted with DisplayName as the Name attribute.

type UserDetailsModel

type UserDetailsModel struct {
	HashedPassword string   `yaml:"password" valid:"required"`
	DisplayName    string   `yaml:"displayname" valid:"required"`
	Email          string   `yaml:"email"`
	Groups         []string `yaml:"groups"`
	Disabled       bool     `yaml:"disabled"`
}

UserDetailsModel is the model of user details in the file database.

func (UserDetailsModel) ToDatabaseUserDetailsModel added in v4.37.0

func (m UserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *DatabaseUserDetails, err error)

ToDatabaseUserDetailsModel converts a UserDetailsModel into a *DatabaseUserDetails.

type UserProvider

type UserProvider interface {
	model.StartupCheck

	CheckUserPassword(username string, password string) (valid bool, err error)
	GetDetails(username string) (details *UserDetails, err error)
	UpdatePassword(username string, newPassword string) (err error)
}

UserProvider is the interface for checking user password and gathering user details.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL