model

package
v4.37.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator.
	SecondFactorMethodTOTP = "totp"

	// SecondFactorMethodWebauthn method using Webauthn devices like YubiKey's.
	SecondFactorMethodWebauthn = "webauthn"

	// SecondFactorMethodDuo method using Duo application to receive push notifications.
	SecondFactorMethodDuo = "mobile_push"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthenticationAttempt 

type AuthenticationAttempt struct {
	ID            int       `db:"id"`
	Time          time.Time `db:"time"`
	Successful    bool      `db:"successful"`
	Banned        bool      `db:"banned"`
	Username      string    `db:"username"`
	Type          string    `db:"auth_type"`
	RemoteIP      NullIP    `db:"remote_ip"`
	RequestURI    string    `db:"request_uri"`
	RequestMethod string    `db:"request_method"`
}

AuthenticationAttempt represents an authentication attempt row in the database.

type Base64 

type Base64 struct {
	// contains filtered or unexported fields
}

Base64 saves bytes to the database as a base64 encoded string.

func NewBase64 

func NewBase64(data []byte) Base64

NewBase64 returns a new Base64.

func (Base64) Bytes 

func (b Base64) Bytes() []byte

Bytes returns the Base64 string encoded as bytes.

func (*Base64) Scan 

func (b *Base64) Scan(src any) (err error)

Scan is the Base64 implementation of the sql.Scanner.

func (Base64) String 

func (b Base64) String() string

String returns the Base64 string encoded as base64.

func (Base64) Value 

func (b Base64) Value() (value driver.Value, err error)

Value is the Base64 implementation of the databases/sql driver.Valuer.

type DuoDevice 

type DuoDevice struct {
	ID       int    `db:"id"`
	Username string `db:"username"`
	Device   string `db:"device"`
	Method   string `db:"method"`
}

DuoDevice represents a DUO Device.

type IP 

type IP struct {
	IP net.IP
}

IP is a type specific for storage of a net.IP in the database which can't be NULL.

func NewIP 

func NewIP(value net.IP) (ip IP)

NewIP easily constructs a new IP.

func (*IP) Scan 

func (ip *IP) Scan(src any) (err error)

Scan is the IP implementation of the sql.Scanner.

func (IP) Value 

func (ip IP) Value() (value driver.Value, err error)

Value is the IP implementation of the databases/sql driver.Valuer.

type IdentityVerification 

type IdentityVerification struct {
	ID         int          `db:"id"`
	JTI        uuid.UUID    `db:"jti"`
	IssuedAt   time.Time    `db:"iat"`
	IssuedIP   IP           `db:"issued_ip"`
	ExpiresAt  time.Time    `db:"exp"`
	Action     string       `db:"action"`
	Username   string       `db:"username"`
	Consumed   sql.NullTime `db:"consumed"`
	ConsumedIP NullIP       `db:"consumed_ip"`
}

IdentityVerification represents an identity verification row in the database.

func NewIdentityVerification 

func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP) (verification IdentityVerification)

NewIdentityVerification creates a new IdentityVerification from a given username and action.

func (IdentityVerification) ToIdentityVerificationClaim 

func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim)

ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.

type IdentityVerificationClaim 

type IdentityVerificationClaim struct {
	jwt.RegisteredClaims

	// The action this token has been crafted for.
	Action string `json:"action"`
	// The user this token has been crafted for.
	Username string `json:"username"`
}

IdentityVerificationClaim custom claim for specifying the action claim. The action can be to register a TOTP device, a U2F device or reset one's password.

func (IdentityVerificationClaim) ToIdentityVerification 

func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error)

ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.

type Migration 

type Migration struct {
	ID      int       `db:"id"`
	Applied time.Time `db:"applied"`
	Before  int       `db:"version_before"`
	After   int       `db:"version_after"`
	Version string    `db:"application_version"`
}

Migration represents a migration row in the database.

type NullIP 

type NullIP struct {
	IP net.IP
}

NullIP is a type specific for storage of a net.IP in the database which can also be NULL.

func NewNullIP 

func NewNullIP(value net.IP) (ip NullIP)

NewNullIP easily constructs a new NullIP.

func NewNullIPFromString 

func NewNullIPFromString(value string) (ip NullIP)

NewNullIPFromString easily constructs a new NullIP from a string.

func (*NullIP) Scan 

func (ip *NullIP) Scan(src any) (err error)

Scan is the NullIP implementation of the sql.Scanner.

func (NullIP) Value 

func (ip NullIP) Value() (value driver.Value, err error)

Value is the NullIP implementation of the databases/sql driver.Valuer.

type OAuth2BlacklistedJTI added in v4.35.0 

type OAuth2BlacklistedJTI struct {
	ID        int       `db:"id"`
	Signature string    `db:"signature"`
	ExpiresAt time.Time `db:"expires_at"`
}

OAuth2BlacklistedJTI represents a blacklisted JTI used with OAuth2.0.

func NewOAuth2BlacklistedJTI added in v4.35.0 

func NewOAuth2BlacklistedJTI(jti string, exp time.Time) (jtiBlacklist OAuth2BlacklistedJTI)

NewOAuth2BlacklistedJTI creates a new OAuth2BlacklistedJTI.

type OAuth2ConsentPreConfig added in v4.37.0 

type OAuth2ConsentPreConfig struct {
	ID       int64     `db:"id"`
	ClientID string    `db:"client_id"`
	Subject  uuid.UUID `db:"subject"`

	CreatedAt time.Time    `db:"created_at"`
	ExpiresAt sql.NullTime `db:"expires_at"`

	Revoked bool `db:"revoked"`

	Scopes   StringSlicePipeDelimited `db:"scopes"`
	Audience StringSlicePipeDelimited `db:"audience"`
}

OAuth2ConsentPreConfig stores information about an OAuth2.0 Pre-Configured Consent.

func (*OAuth2ConsentPreConfig) CanConsent added in v4.37.0 

func (s *OAuth2ConsentPreConfig) CanConsent() bool

CanConsent returns true if this pre-configuration can still provide consent.

func (*OAuth2ConsentPreConfig) HasExactGrantedAudience added in v4.37.0 

func (s *OAuth2ConsentPreConfig) HasExactGrantedAudience(audience []string) (has bool)

HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.

func (*OAuth2ConsentPreConfig) HasExactGrantedScopes added in v4.37.0 

func (s *OAuth2ConsentPreConfig) HasExactGrantedScopes(scopes []string) (has bool)

HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.

func (*OAuth2ConsentPreConfig) HasExactGrants added in v4.37.0 

func (s *OAuth2ConsentPreConfig) HasExactGrants(scopes, audience []string) (has bool)

HasExactGrants returns true if the granted audience and scopes of this consent pre-configuration matches exactly with another audience and set of scopes.

type OAuth2ConsentSession added in v4.35.0 

type OAuth2ConsentSession struct {
	ID          int           `db:"id"`
	ChallengeID uuid.UUID     `db:"challenge_id"`
	ClientID    string        `db:"client_id"`
	Subject     uuid.NullUUID `db:"subject"`

	Authorized bool `db:"authorized"`
	Granted    bool `db:"granted"`

	RequestedAt time.Time    `db:"requested_at"`
	RespondedAt sql.NullTime `db:"responded_at"`

	Form string `db:"form_data"`

	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`

	PreConfiguration sql.NullInt64
}

OAuth2ConsentSession stores information about an OAuth2.0 Consent.

func NewOAuth2ConsentSession added in v4.35.0 

func NewOAuth2ConsentSession(subject uuid.UUID, r fosite.Requester) (consent *OAuth2ConsentSession, err error)

NewOAuth2ConsentSession creates a new OAuth2ConsentSession.

func (*OAuth2ConsentSession) CanGrant added in v4.35.0 

func (s *OAuth2ConsentSession) CanGrant() bool

CanGrant returns true if the session can still grant a token. This is NOT indicative of if there is a user response to this consent request or if the user rejected the consent request.

func (*OAuth2ConsentSession) GetForm added in v4.35.0 

func (s *OAuth2ConsentSession) GetForm() (form url.Values, err error)

GetForm returns the form.

func (*OAuth2ConsentSession) Grant added in v4.37.0 

func (s *OAuth2ConsentSession) Grant()

Grant grants the requested scopes and audience.

func (*OAuth2ConsentSession) HasExactGrantedAudience added in v4.35.0 

func (s *OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)

HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.

func (*OAuth2ConsentSession) HasExactGrantedScopes added in v4.35.0 

func (s *OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)

HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.

func (*OAuth2ConsentSession) HasExactGrants added in v4.35.0 

func (s *OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)

HasExactGrants returns true if the granted audience and scopes of this consent matches exactly with another audience and set of scopes.

func (*OAuth2ConsentSession) IsAuthorized added in v4.35.0 

func (s *OAuth2ConsentSession) IsAuthorized() bool

IsAuthorized returns true if the user has responded to the consent session and it was authorized.

func (*OAuth2ConsentSession) IsDenied added in v4.35.0 

func (s *OAuth2ConsentSession) IsDenied() bool

IsDenied returns true if the user has responded to the consent session and it was not authorized.

func (*OAuth2ConsentSession) Responded added in v4.35.0 

func (s *OAuth2ConsentSession) Responded() bool

Responded returns true if the user has responded to the consent session.

type OAuth2Session added in v4.35.0 

type OAuth2Session struct {
	ID                int                      `db:"id"`
	ChallengeID       uuid.UUID                `db:"challenge_id"`
	RequestID         string                   `db:"request_id"`
	ClientID          string                   `db:"client_id"`
	Signature         string                   `db:"signature"`
	RequestedAt       time.Time                `db:"requested_at"`
	Subject           string                   `db:"subject"`
	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`
	Active            bool                     `db:"active"`
	Revoked           bool                     `db:"revoked"`
	Form              string                   `db:"form_data"`
	Session           []byte                   `db:"session_data"`
}

OAuth2Session represents a OAuth2.0 session.

func NewOAuth2SessionFromRequest added in v4.35.0 

func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error)

NewOAuth2SessionFromRequest creates a new OAuth2Session from a signature and fosite.Requester.

func (*OAuth2Session) SetSubject added in v4.35.0 

func (s *OAuth2Session) SetSubject(subject string)

SetSubject implements an interface required for RFC7523.

func (*OAuth2Session) ToRequest added in v4.35.0 

func (s *OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, store fosite.Storage) (request *fosite.Request, err error)

ToRequest converts an OAuth2Session into a fosite.Request given a fosite.Session and fosite.Storage.

type OpenIDSession added in v4.35.0 

type OpenIDSession struct {
	*openid.DefaultSession `json:"id_token"`

	ChallengeID uuid.UUID `db:"challenge_id"`
	ClientID    string

	Extra map[string]any `json:"extra"`
}

OpenIDSession holds OIDC Session information.

func (*OpenIDSession) Clone added in v4.36.0 

func (s *OpenIDSession) Clone() fosite.Session

Clone copies the OpenIDSession to a new fosite.Session.

type SchemaMigration 

type SchemaMigration struct {
	Version  int
	Name     string
	Provider string
	Up       bool
	Query    string
}

SchemaMigration represents an intended migration.

func (SchemaMigration) After 

func (m SchemaMigration) After() (after int)

After returns the version the schema will be at After the migration is applied.

func (SchemaMigration) Before 

func (m SchemaMigration) Before() (before int)

Before returns the version the schema should be at Before the migration is applied.

type SemanticVersion added in v4.36.0 

type SemanticVersion struct {
	Major      int
	Minor      int
	Patch      int
	PreRelease []string
	Metadata   []string
}

SemanticVersion represents a semantic 2.0 version.

func NewSemanticVersion added in v4.36.0 

func NewSemanticVersion(input string) (version *SemanticVersion, err error)

NewSemanticVersion creates a SemanticVersion from a string.

func (SemanticVersion) Equal added in v4.36.0 

func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)

Equal returns true if this SemanticVersion is equal to the provided SemanticVersion.

func (SemanticVersion) GreaterThan added in v4.36.0 

func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)

GreaterThan returns true if this SemanticVersion is greater than the provided SemanticVersion.

func (SemanticVersion) GreaterThanOrEqual added in v4.36.0 

func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)

GreaterThanOrEqual returns true if this SemanticVersion is greater than or equal to the provided SemanticVersion.

func (SemanticVersion) LessThan added in v4.36.0 

func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)

LessThan returns true if this SemanticVersion is less than the provided SemanticVersion.

func (SemanticVersion) LessThanOrEqual added in v4.36.0 

func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)

LessThanOrEqual returns true if this SemanticVersion is less than or equal to the provided SemanticVersion.

func (SemanticVersion) String added in v4.36.0 

func (v SemanticVersion) String() (value string)

String is a function to provide a nice representation of a SemanticVersion.

type StartupCheck 

type StartupCheck interface {
	StartupCheck() (err error)
}

StartupCheck represents a provider that has a startup check.

type StringSlicePipeDelimited added in v4.35.0 

type StringSlicePipeDelimited []string

StringSlicePipeDelimited is a string slice that is stored in the database delimited by pipes.

func (*StringSlicePipeDelimited) Scan added in v4.35.0 

func (s *StringSlicePipeDelimited) Scan(value any) (err error)

Scan is the StringSlicePipeDelimited implementation of the sql.Scanner.

func (StringSlicePipeDelimited) Value added in v4.35.0 

func (s StringSlicePipeDelimited) Value() (driver.Value, error)

Value is the StringSlicePipeDelimited implementation of the databases/sql driver.Valuer.

type TOTPConfiguration 

type TOTPConfiguration struct {
	ID         int          `db:"id" json:"-"`
	CreatedAt  time.Time    `db:"created_at" json:"-"`
	LastUsedAt sql.NullTime `db:"last_used_at" json:"-"`
	Username   string       `db:"username" json:"-"`
	Issuer     string       `db:"issuer" json:"-"`
	Algorithm  string       `db:"algorithm" json:"-"`
	Digits     uint         `db:"digits" json:"digits"`
	Period     uint         `db:"period" json:"period"`
	Secret     []byte       `db:"secret" json:"-"`
}

TOTPConfiguration represents a users TOTP configuration row in the database.

func (*TOTPConfiguration) Image 

func (c *TOTPConfiguration) Image(width, height int) (img image.Image, err error)

Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.

func (*TOTPConfiguration) Key 

func (c *TOTPConfiguration) Key() (key *otp.Key, err error)

Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.

func (*TOTPConfiguration) LastUsed added in v4.37.0 

func (c *TOTPConfiguration) LastUsed() *time.Time

func (*TOTPConfiguration) URI 

func (c *TOTPConfiguration) URI() (uri string)

URI shows the configuration in the URI representation.

func (*TOTPConfiguration) UpdateSignInInfo 

func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)

UpdateSignInInfo adjusts the values of the TOTPConfiguration after a sign in.

type U2FDevice 

type U2FDevice struct {
	ID          int    `db:"id"`
	Username    string `db:"username"`
	Description string `db:"description"`
	KeyHandle   []byte `db:"key_handle"`
	PublicKey   []byte `db:"public_key"`
}

U2FDevice represents a users U2F device row in the database.

type UserInfo 

type UserInfo struct {
	// The users display name.
	DisplayName string `db:"-" json:"display_name"`

	// The preferred 2FA method.
	Method string `db:"second_factor_method" json:"method" valid:"required"`

	// True if a TOTP device has been registered.
	HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"`

	// True if a Webauthn device has been registered.
	HasWebauthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"`

	// True if a duo device has been configured as the preferred.
	HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"`
}

UserInfo represents the user information required by the web UI.

func (*UserInfo) SetDefaultPreferred2FAMethod added in v4.34.6 

func (i *UserInfo) SetDefaultPreferred2FAMethod(methods []string, fallback string) (changed bool)

SetDefaultPreferred2FAMethod configures the default method based on what is configured as available and the users available methods.

type UserOpaqueIdentifier added in v4.35.0 

type UserOpaqueIdentifier struct {
	ID       int    `db:"id" yaml:"id"`
	Service  string `db:"service" yaml:"service"`
	SectorID string `db:"sector_id" yaml:"sector_id"`
	Username string `db:"username" yaml:"username"`

	Identifier uuid.UUID `db:"identifier" yaml:"identifier"`
}

UserOpaqueIdentifier represents an opaque identifier for a user. Commonly used with OAuth 2.0 and OpenID Connect.

func NewUserOpaqueIdentifier added in v4.35.0 

func NewUserOpaqueIdentifier(service, sectorID, username string) (id *UserOpaqueIdentifier, err error)

NewUserOpaqueIdentifier either creates a new UserOpaqueIdentifier or returns an error.

type UserOpaqueIdentifiersExport added in v4.35.0 

type UserOpaqueIdentifiersExport struct {
	Identifiers []UserOpaqueIdentifier `yaml:"identifiers"`
}

UserOpaqueIdentifiersExport represents a UserOpaqueIdentifier export file.

type WebauthnDevice 

type WebauthnDevice struct {
	ID              int           `db:"id"`
	CreatedAt       time.Time     `db:"created_at"`
	LastUsedAt      sql.NullTime  `db:"last_used_at"`
	RPID            string        `db:"rpid"`
	Username        string        `db:"username"`
	Description     string        `db:"description"`
	KID             Base64        `db:"kid"`
	PublicKey       []byte        `db:"public_key"`
	AttestationType string        `db:"attestation_type"`
	Transport       string        `db:"transport"`
	AAGUID          uuid.NullUUID `db:"aaguid"`
	SignCount       uint32        `db:"sign_count"`
	CloneWarning    bool          `db:"clone_warning"`
}

WebauthnDevice represents a Webauthn Device in the database storage.

func NewWebauthnDeviceFromCredential 

func NewWebauthnDeviceFromCredential(rpid, username, description string, credential *webauthn.Credential) (device WebauthnDevice)

NewWebauthnDeviceFromCredential creates a WebauthnDevice from a webauthn.Credential.

func (*WebauthnDevice) UpdateSignInInfo 

func (w *WebauthnDevice) UpdateSignInInfo(config *webauthn.Config, now time.Time, signCount uint32)

UpdateSignInInfo adjusts the values of the WebauthnDevice after a sign in.

type WebauthnUser 

type WebauthnUser struct {
	Username    string
	DisplayName string
	Devices     []WebauthnDevice
}

WebauthnUser is an object to represent a user for the Webauthn lib.

func (WebauthnUser) HasFIDOU2F 

func (w WebauthnUser) HasFIDOU2F() bool

HasFIDOU2F returns true if the user has any attestation type `fido-u2f` devices.

func (WebauthnUser) WebAuthnCredentialDescriptors 

func (w WebauthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)

WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.

func (WebauthnUser) WebAuthnCredentials 

func (w WebauthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)

WebAuthnCredentials implements the webauthn.User interface.

func (WebauthnUser) WebAuthnDisplayName 

func (w WebauthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName implements the webauthn.User interface.

func (WebauthnUser) WebAuthnID 

func (w WebauthnUser) WebAuthnID() []byte

WebAuthnID implements the webauthn.User interface.

func (WebauthnUser) WebAuthnIcon 

func (w WebauthnUser) WebAuthnIcon() string

WebAuthnIcon implements the webauthn.User interface.

func (WebauthnUser) WebAuthnName 

func (w WebauthnUser) WebAuthnName() string

WebAuthnName implements the webauthn.User interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.