handlers

package
v4.38.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthnStrategyCookieSession                       = "CookieSession"
	AuthnStrategyHeaderAuthorization                 = "HeaderAuthorization"
	AuthnStrategyHeaderProxyAuthorization            = "HeaderProxyAuthorization"
	AuthnStrategyHeaderAuthRequestProxyAuthorization = "HeaderAuthRequestProxyAuthorization"
	AuthnStrategyHeaderLegacy                        = "HeaderLegacy"
)

AuthnStrategy names.

View Source 
const (
	WebAuthnExtensionCredProps            = "credProps"
	WebAuthnExtensionCredPropsResidentKey = "rk"
	WebAuthnDiscoverable                  = "discoverable"
)
View Source 
const (
	// ActionResetPassword is the string representation of the action for which the token has been produced.
	ActionResetPassword = "ResetPassword"
)

Variables

View Source 
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{ActionClaim: ActionResetPassword}, resetPasswordIdentityFinish)

ResetPasswordIdentityFinish the handler for finishing the identity validation.

View Source 
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailTitle:               "Reset your password",
	MailButtonContent:       "Reset",
	MailButtonRevokeContent: "Revoke",
	TargetEndpoint:          "/reset-password/step2",
	RevokeEndpoint:          "/revoke/reset-password",
	ActionClaim:             ActionResetPassword,
	IdentityRetrieverFunc:   identityRetrieverFromStorage,
}, middlewares.TimingAttackDelay(10, 250, 85, time.Millisecond*500, false))

ResetPasswordIdentityStart is the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by always replying with 200 whatever what happens in backend.

Functions

func CheckSafeRedirectionPOST added in v4.35.0 

func CheckSafeRedirectionPOST(ctx *middlewares.AutheliaCtx)

CheckSafeRedirectionPOST handler checking whether the redirection to a given URL provided in body is safe.

func ConfigurationGET added in v4.35.0 

func ConfigurationGET(ctx *middlewares.AutheliaCtx)

ConfigurationGET get the configuration accessible to authenticated users.

func DuoDeviceDELETE added in v4.38.0 

func DuoDeviceDELETE(ctx *middlewares.AutheliaCtx)

DuoDeviceDELETE deletes the useres preferred Duo device and method.

func DuoDevicePOST added in v4.35.0 

func DuoDevicePOST(ctx *middlewares.AutheliaCtx)

DuoDevicePOST update the user preferences regarding Duo device and method.

func DuoDevicesGET added in v4.35.0 

func DuoDevicesGET(duoAPI duo.API) middlewares.RequestHandler

DuoDevicesGET handler for retrieving available devices and capabilities from duo api.

func DuoPOST added in v4.35.0 

func DuoPOST(duoAPI duo.API) middlewares.RequestHandler

DuoPOST handler for sending a push notification via duo api.

func FirstFactorPOST added in v4.35.0 

func FirstFactorPOST(delayFunc middlewares.TimingAttackDelayFunc) middlewares.RequestHandler

FirstFactorPOST is the handler performing the first factory.

func Handle1FAResponse 

func Handle1FAResponse(ctx *middlewares.AutheliaCtx, targetURI, requestMethod string, username string, groups []string)

Handle1FAResponse handle the redirection upon 1FA authentication.

func Handle2FAResponse 

func Handle2FAResponse(ctx *middlewares.AutheliaCtx, targetURI string)

Handle2FAResponse handle the redirection upon 2FA authentication.

func HandleAllow added in v4.33.0 

func HandleAllow(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, bodyJSON *bodySignDuoRequest)

HandleAllow handler for successful logins.

func HandleAutoSelection added in v4.33.0 

func HandleAutoSelection(ctx *middlewares.AutheliaCtx, devices []DuoDevice, username string) (string, string, error)

HandleAutoSelection handler automatically selects preferred device if there is only one suitable option.

func HandleInitialDeviceSelection added in v4.33.0 

func HandleInitialDeviceSelection(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, bodyJSON *bodySignDuoRequest) (device string, method string, err error)

HandleInitialDeviceSelection handler for retrieving all available devices.

func HandlePreferredDeviceCheck added in v4.33.0 

func HandlePreferredDeviceCheck(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API, device string, method string, bodyJSON *bodySignDuoRequest) (string, string, error)

HandlePreferredDeviceCheck handler to check if the saved device and method is still valid.

func HealthGET added in v4.35.0 

func HealthGET(ctx *middlewares.AutheliaCtx)

HealthGET can be used by health checks.

func JSONWebKeySetGET added in v4.35.0 

func JSONWebKeySetGET(ctx *middlewares.AutheliaCtx)

JSONWebKeySetGET returns the JSON Web Key Set. Used in OAuth 2.0 and OpenID Connect 1.0.

func LogoutPOST added in v4.35.0 

func LogoutPOST(ctx *middlewares.AutheliaCtx)

LogoutPOST is the handler logging out the user attached to the given cookie.

func MethodPreferencePOST added in v4.35.0 

func MethodPreferencePOST(ctx *middlewares.AutheliaCtx)

MethodPreferencePOST update the user preferences regarding 2FA method.

func OAuthAuthorizationServerWellKnownGET added in v4.35.0 

func OAuthAuthorizationServerWellKnownGET(ctx *middlewares.AutheliaCtx)

OAuthAuthorizationServerWellKnownGET handles requests to a .well-known endpoint (RFC5785) which returns the OAuth 2.0 Authorization Server Metadata (RFC8414).

RFC5785: Defining Well-Known URIs (https://datatracker.ietf.org/doc/html/rfc5785)

RFC8414: OAuth 2.0 Authorization Server Metadata (https://datatracker.ietf.org/doc/html/rfc8414)

func OAuthIntrospectionPOST added in v4.35.0 

func OAuthIntrospectionPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OAuthIntrospectionPOST handles POST requests to the OAuth 2.0 Introspection endpoint.

https://datatracker.ietf.org/doc/html/rfc7662

func OAuthRevocationPOST added in v4.35.0 

func OAuthRevocationPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OAuthRevocationPOST handles POST requests to the OAuth 2.0 Revocation endpoint.

https://datatracker.ietf.org/doc/html/rfc7009

func OpenIDConnectAuthorization added in v4.37.2 

func OpenIDConnectAuthorization(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, r *http.Request)

OpenIDConnectAuthorization handles GET/POST requests to the OpenID Connect 1.0 Authorization endpoint.

https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint

func OpenIDConnectConfigurationWellKnownGET added in v4.35.0 

func OpenIDConnectConfigurationWellKnownGET(ctx *middlewares.AutheliaCtx)

OpenIDConnectConfigurationWellKnownGET handles requests to a .well-known endpoint (RFC5785) which returns the OpenID Connect Discovery 1.0 metadata.

RFC5785: Defining Well-Known URIs (https://datatracker.ietf.org/doc/html/rfc5785)

OpenID Connect Discovery 1.0 (https://openid.net/specs/openid-connect-discovery-1_0.html)

func OpenIDConnectConsentGET added in v4.35.0 

func OpenIDConnectConsentGET(ctx *middlewares.AutheliaCtx)

OpenIDConnectConsentGET handles requests to provide consent for OpenID Connect.

func OpenIDConnectConsentPOST added in v4.35.0 

func OpenIDConnectConsentPOST(ctx *middlewares.AutheliaCtx)

OpenIDConnectConsentPOST handles consent responses for OpenID Connect.

func OpenIDConnectPushedAuthorizationRequest added in v4.38.0 

func OpenIDConnectPushedAuthorizationRequest(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, r *http.Request)

OpenIDConnectPushedAuthorizationRequest handles POST requests to the OAuth 2.0 Pushed Authorization Requests endpoint.

RFC9126 https://www.rfc-editor.org/rfc/rfc9126.html

func OpenIDConnectTokenPOST added in v4.35.0 

func OpenIDConnectTokenPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OpenIDConnectTokenPOST handles POST requests to the OpenID Connect 1.0 Token endpoint.

https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

func OpenIDConnectUserinfo added in v4.35.0 

func OpenIDConnectUserinfo(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter, req *http.Request)

OpenIDConnectUserinfo handles GET/POST requests to the OpenID Connect 1.0 UserInfo endpoint.

https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

func PasswordPolicyConfigurationGET added in v4.36.0 

func PasswordPolicyConfigurationGET(ctx *middlewares.AutheliaCtx)

PasswordPolicyConfigurationGET get the password policy configuration.

func ResetPasswordDELETE added in v4.38.0 

func ResetPasswordDELETE(ctx *middlewares.AutheliaCtx)

ResetPasswordDELETE handler for deleting password reset JWT's.

func ResetPasswordPOST added in v4.35.0 

func ResetPasswordPOST(ctx *middlewares.AutheliaCtx)

ResetPasswordPOST handler for resetting passwords.

func SetStatusCodeResponse added in v4.35.0 

func SetStatusCodeResponse(ctx *fasthttp.RequestCtx, statusCode int)

SetStatusCodeResponse writes a response status code and an appropriate body on either a *fasthttp.RequestCtx or *middlewares.AutheliaCtx.

func SetValues added in v4.33.0 

func SetValues(userSession session.UserSession, device string, method string, remoteIP string, targetURL string, passcode string) (url.Values, error)

SetValues sets all appropriate Values for the Auth Request.

func StateGET added in v4.35.0 

func StateGET(ctx *middlewares.AutheliaCtx)

StateGET is the handler serving the user state.

func Status added in v4.36.0 

func Status(statusCode int) fasthttp.RequestHandler

Status handles basic status responses.

func TOTPConfigurationDELETE added in v4.38.0 

func TOTPConfigurationDELETE(ctx *middlewares.AutheliaCtx)

TOTPConfigurationDELETE removes a registered TOTP configuration.

func TOTPRegisterDELETE added in v4.38.0 

func TOTPRegisterDELETE(ctx *middlewares.AutheliaCtx)

TOTPRegisterDELETE removes a pending TOTP registration.

func TOTPRegisterGET added in v4.38.0 

func TOTPRegisterGET(ctx *middlewares.AutheliaCtx)

TOTPRegisterGET returns the registration specific options.

func TOTPRegisterPOST added in v4.38.0 

func TOTPRegisterPOST(ctx *middlewares.AutheliaCtx)

TOTPRegisterPOST handles validation that the user has properly registered the configuration.

func TOTPRegisterPUT added in v4.38.0 

func TOTPRegisterPUT(ctx *middlewares.AutheliaCtx)

TOTPRegisterPUT handles the users choice of registration specific options and returns the generated configuration.

func TimeBasedOneTimePasswordGET added in v4.38.0 

func TimeBasedOneTimePasswordGET(ctx *middlewares.AutheliaCtx)

TimeBasedOneTimePasswordGET returns the users TOTP configuration.

func TimeBasedOneTimePasswordPOST added in v4.35.0 

func TimeBasedOneTimePasswordPOST(ctx *middlewares.AutheliaCtx)

TimeBasedOneTimePasswordPOST validate the TOTP passcode provided by the user.

func UserInfoGET added in v4.34.6 

func UserInfoGET(ctx *middlewares.AutheliaCtx)

UserInfoGET get the info related to the user identified by the session.

func UserInfoPOST added in v4.34.6 

func UserInfoPOST(ctx *middlewares.AutheliaCtx)

UserInfoPOST handles setting up info for users if necessary when they login.

func UserSessionElevateDELETE added in v4.38.0 

func UserSessionElevateDELETE(ctx *middlewares.AutheliaCtx)

UserSessionElevateDELETE marks a pending elevation session as revoked.

func UserSessionElevationGET added in v4.38.0 

func UserSessionElevationGET(ctx *middlewares.AutheliaCtx)

UserSessionElevationGET returns the session elevation status.

func UserSessionElevationPOST added in v4.38.0 

func UserSessionElevationPOST(ctx *middlewares.AutheliaCtx)

UserSessionElevationPOST creates a new elevation session to be validated.

func UserSessionElevationPUT added in v4.38.0 

func UserSessionElevationPUT(ctx *middlewares.AutheliaCtx)

UserSessionElevationPUT validates an elevation session and puts it into effect.

func WebAuthnAssertionGET added in v4.38.0 

func WebAuthnAssertionGET(ctx *middlewares.AutheliaCtx)

WebAuthnAssertionGET handler starts the assertion ceremony.

func WebAuthnAssertionPOST added in v4.38.0 

func WebAuthnAssertionPOST(ctx *middlewares.AutheliaCtx)

WebAuthnAssertionPOST handler completes the assertion ceremony after verifying the challenge.

func WebAuthnCredentialDELETE added in v4.38.0 

func WebAuthnCredentialDELETE(ctx *middlewares.AutheliaCtx)

WebAuthnCredentialDELETE deletes a specific credential for the current user.

func WebAuthnCredentialPUT added in v4.38.0 

func WebAuthnCredentialPUT(ctx *middlewares.AutheliaCtx)

WebAuthnCredentialPUT updates the description for a specific credential for the current user.

func WebAuthnCredentialsGET added in v4.38.0 

func WebAuthnCredentialsGET(ctx *middlewares.AutheliaCtx)

WebAuthnCredentialsGET returns all credentials registered for the current user.

func WebAuthnRegistrationDELETE added in v4.38.0 

func WebAuthnRegistrationDELETE(ctx *middlewares.AutheliaCtx)

WebAuthnRegistrationDELETE deletes any active WebAuthn registration session..

func WebAuthnRegistrationPOST added in v4.38.0 

func WebAuthnRegistrationPOST(ctx *middlewares.AutheliaCtx)

WebAuthnRegistrationPOST processes the attestation challenge response from the client.

func WebAuthnRegistrationPUT added in v4.38.0 

func WebAuthnRegistrationPUT(ctx *middlewares.AutheliaCtx)

WebAuthnRegistrationPUT returns the attestation challenge from the server.

Types

type Authn added in v4.38.0 

type Authn struct {
	Username string
	Method   string
	ClientID string

	Details authentication.UserDetails
	Level   authentication.Level
	Object  authorization.Object
	Type    AuthnType

	Header HeaderAuthorization
}

Authn is authentication.

type AuthnStrategy added in v4.38.0 

type AuthnStrategy interface {
	Get(ctx *middlewares.AutheliaCtx, provider *session.Session, object *authorization.Object) (authn *Authn, err error)
	CanHandleUnauthorized() (handle bool)
	HandleUnauthorized(ctx *middlewares.AutheliaCtx, authn *Authn, redirectionURL *url.URL)
}

AuthnStrategy is a strategy used for Authz authentication.

type AuthnType added in v4.38.0 

type AuthnType int

AuthnType is an auth type. 

const (
	// AuthnTypeNone is a nil Authentication AuthnType.
	AuthnTypeNone AuthnType = iota

	// AuthnTypeCookie is an Authentication AuthnType based on the Cookie header.
	AuthnTypeCookie

	// AuthnTypeProxyAuthorization is an Authentication AuthnType based on the Proxy-Authorization header.
	AuthnTypeProxyAuthorization

	// AuthnTypeAuthorization is an Authentication AuthnType based on the Authorization header.
	AuthnTypeAuthorization
)

type Authz added in v4.38.0 

type Authz struct {
	// contains filtered or unexported fields
}

Authz is a type which is a effectively is a middlewares.RequestHandler for authorization requests. This should NOT be manually used and developers should instead use NewAuthzBuilder.

func (*Authz) Handler added in v4.38.0 

func (authz *Authz) Handler(ctx *middlewares.AutheliaCtx)

Handler is the middlewares.RequestHandler for Authz.

type AuthzBearerIntrospectionProvider added in v4.38.0 

type AuthzBearerIntrospectionProvider interface {
	GetFullClient(ctx context.Context, id string) (client oidc.Client, err error)
	GetAudienceStrategy(ctx context.Context) (strategy oauthelia2.AudienceMatchingStrategy)
	IntrospectToken(ctx context.Context, token string, tokenUse oauthelia2.TokenUse, session oauthelia2.Session, scope ...string) (oauthelia2.TokenUse, oauthelia2.AccessRequester, error)
}

type AuthzBuilder added in v4.38.0 

type AuthzBuilder struct {
	// contains filtered or unexported fields
}

AuthzBuilder is a builder pattern for the Authz type.

func NewAuthzBuilder added in v4.38.0 

func NewAuthzBuilder() *AuthzBuilder

NewAuthzBuilder creates a new AuthzBuilder.

func (*AuthzBuilder) Build added in v4.38.0 

func (b *AuthzBuilder) Build() (authz *Authz)

Build returns a new Authz from the currently configured options in this builder.

func (*AuthzBuilder) WithConfig added in v4.38.0 

func (b *AuthzBuilder) WithConfig(config *schema.Configuration) *AuthzBuilder

WithConfig allows configuring the Authz config by providing a *schema.Configuration. This function converts it to an AuthzConfig and assigns it to the builder.

func (*AuthzBuilder) WithEndpointConfig added in v4.38.0 

func (b *AuthzBuilder) WithEndpointConfig(config schema.ServerEndpointsAuthz) *AuthzBuilder

WithEndpointConfig configures the AuthzBuilder with a *schema.ServerAuthzEndpointConfig. Should be called AFTER WithConfig or WithAuthzConfig.

func (*AuthzBuilder) WithImplementationAuthRequest added in v4.38.0 

func (b *AuthzBuilder) WithImplementationAuthRequest() *AuthzBuilder

WithImplementationAuthRequest configures this builder to output an Authz which is used with the AuthRequest implementation traditionally used by NGINX.

func (*AuthzBuilder) WithImplementationExtAuthz added in v4.38.0 

func (b *AuthzBuilder) WithImplementationExtAuthz() *AuthzBuilder

WithImplementationExtAuthz configures this builder to output an Authz which is used with the ExtAuthz implementation traditionally used by Envoy.

func (*AuthzBuilder) WithImplementationForwardAuth added in v4.38.0 

func (b *AuthzBuilder) WithImplementationForwardAuth() *AuthzBuilder

WithImplementationForwardAuth configures this builder to output an Authz which is used with the ForwardAuth implementation traditionally used by Traefik, Caddy, and Skipper.

func (*AuthzBuilder) WithImplementationLegacy added in v4.38.0 

func (b *AuthzBuilder) WithImplementationLegacy() *AuthzBuilder

WithImplementationLegacy configures this builder to output an Authz which is used with the Legacy implementation which is a mix of the other implementations and usually works with most proxies.

func (*AuthzBuilder) WithStrategies added in v4.38.0 

func (b *AuthzBuilder) WithStrategies(strategies ...AuthnStrategy) *AuthzBuilder

WithStrategies replaces all strategies in this builder with the provided value.

type AuthzConfig added in v4.38.0 

type AuthzConfig struct {
	RefreshInterval schema.RefreshIntervalDuration

	// StatusCodeBadRequest is sent for configuration issues prior to performing authorization checks. It's set by the
	// builder.
	StatusCodeBadRequest int
}

AuthzConfig represents the configuration elements of the Authz type.

type AuthzImplementation added in v4.38.0 

type AuthzImplementation int

AuthzImplementation represents an Authz implementation. 

const (
	// AuthzImplLegacy is the legacy Authz implementation (VerifyGET).
	AuthzImplLegacy AuthzImplementation = iota

	// AuthzImplForwardAuth is the modern Forward Auth Authz implementation which is used by Caddy and Traefik.
	AuthzImplForwardAuth

	// AuthzImplAuthRequest is the modern Auth Request Authz implementation which is used by NGINX and modelled after
	// the ingress-nginx k8s ingress.
	AuthzImplAuthRequest

	// AuthzImplExtAuthz is the modern ExtAuthz Authz implementation which is used by Envoy.
	AuthzImplExtAuthz
)

func (AuthzImplementation) String added in v4.38.0 

func (i AuthzImplementation) String() string

String returns the text representation of this AuthzImplementation.

type AuthzResult added in v4.38.0 

type AuthzResult int

AuthzResult is a result for Authz response handling determination. 

const (
	// AuthzResultForbidden means the user is forbidden the access to a resource.
	AuthzResultForbidden AuthzResult = iota

	// AuthzResultUnauthorized means the user can access the resource with more permissions.
	AuthzResultUnauthorized

	// AuthzResultAuthorized means the user is authorized given her current permissions.
	AuthzResultAuthorized
)

type CookieSessionAuthnStrategy added in v4.38.0 

type CookieSessionAuthnStrategy struct {
	// contains filtered or unexported fields
}

CookieSessionAuthnStrategy is a session cookie AuthnStrategy.

func NewCookieSessionAuthnStrategy added in v4.38.0 

func NewCookieSessionAuthnStrategy(refresh schema.RefreshIntervalDuration) *CookieSessionAuthnStrategy

NewCookieSessionAuthnStrategy creates a new CookieSessionAuthnStrategy.

func (*CookieSessionAuthnStrategy) CanHandleUnauthorized added in v4.38.0 

func (s *CookieSessionAuthnStrategy) CanHandleUnauthorized() (handle bool)

CanHandleUnauthorized returns true if this AuthnStrategy should handle Unauthorized requests.

func (*CookieSessionAuthnStrategy) Get added in v4.38.0 

func (s *CookieSessionAuthnStrategy) Get(ctx *middlewares.AutheliaCtx, provider *session.Session, _ *authorization.Object) (authn *Authn, err error)

Get returns the Authn information for this AuthnStrategy.

func (*CookieSessionAuthnStrategy) HandleUnauthorized added in v4.38.0 

func (s *CookieSessionAuthnStrategy) HandleUnauthorized(_ *middlewares.AutheliaCtx, _ *Authn, _ *url.URL)

HandleUnauthorized is the Unauthorized handler for the cookie AuthnStrategy.

type DuoDevice added in v4.33.0 

type DuoDevice struct {
	Device       string   `json:"device"`
	DisplayName  string   `json:"display_name"`
	Capabilities []string `json:"capabilities"`
}

DuoDevice represents Duo devices and methods.

func DuoPreAuth added in v4.33.0 

func DuoPreAuth(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, duoAPI duo.API) (result, message string, devices []DuoDevice, enrollURL string, err error)

DuoPreAuth helper function for retrieving supported devices and capabilities from duo api.

type DuoDeviceBody added in v4.33.0 

type DuoDeviceBody struct {
	Device string `json:"device" valid:"required"`
	Method string `json:"method" valid:"required"`
}

DuoDeviceBody the selected Duo device and method.

type DuoDevicesResponse added in v4.33.0 

type DuoDevicesResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`
}

DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.

type DuoSignResponse added in v4.33.0 

type DuoSignResponse struct {
	Result    string      `json:"result" valid:"required"`
	Devices   []DuoDevice `json:"devices,omitempty"`
	Redirect  string      `json:"redirect,omitempty"`
	EnrollURL string      `json:"enroll_url,omitempty"`
}

DuoSignResponse represents a result of the preauth and or auth call with further optional info.

type HandlerAuthzAuthorized added in v4.38.0 

type HandlerAuthzAuthorized func(ctx *middlewares.AutheliaCtx, authn *Authn)

HandlerAuthzAuthorized is a Authz handler func that handles authorized responses.

type HandlerAuthzGetAutheliaURL added in v4.38.0 

type HandlerAuthzGetAutheliaURL func(ctx *middlewares.AutheliaCtx) (portalURL *url.URL, err error)

HandlerAuthzGetAutheliaURL is a Authz handler func that handles retrieval of the Portal URL.

type HandlerAuthzGetObject added in v4.38.0 

type HandlerAuthzGetObject func(ctx *middlewares.AutheliaCtx) (object authorization.Object, err error)

HandlerAuthzGetObject is a Authz handler func that handles retrieval of the authorization.Object to authorize.

type HandlerAuthzGetRedirectionURL added in v4.38.0 

type HandlerAuthzGetRedirectionURL func(ctx *middlewares.AutheliaCtx, object *authorization.Object) (redirectionURL *url.URL, err error)

HandlerAuthzGetRedirectionURL is a Authz handler func that handles retrieval of the Redirection URL.

type HandlerAuthzUnauthorized added in v4.38.0 

type HandlerAuthzUnauthorized func(ctx *middlewares.AutheliaCtx, authn *Authn, redirectionURL *url.URL)

HandlerAuthzUnauthorized is a Authz handler func that handles unauthorized responses.

type HandlerAuthzVerifyObject added in v4.38.0 

type HandlerAuthzVerifyObject func(ctx *middlewares.AutheliaCtx, object authorization.Object) (err error)

HandlerAuthzVerifyObject is a Authz handler func that handles authorization of the authorization.Object.

type HeaderAuthnStrategy added in v4.38.0 

type HeaderAuthnStrategy struct {
	// contains filtered or unexported fields
}

HeaderAuthnStrategy is a header AuthnStrategy.

func NewHeaderAuthorizationAuthnStrategy added in v4.38.0 

func NewHeaderAuthorizationAuthnStrategy(schemes ...string) *HeaderAuthnStrategy

NewHeaderAuthorizationAuthnStrategy creates a new HeaderAuthnStrategy using the Authorization and WWW-Authenticate headers, and the 407 Proxy Auth Required response.

func NewHeaderProxyAuthorizationAuthRequestAuthnStrategy added in v4.38.0 

func NewHeaderProxyAuthorizationAuthRequestAuthnStrategy(schemes ...string) *HeaderAuthnStrategy

NewHeaderProxyAuthorizationAuthRequestAuthnStrategy creates a new HeaderAuthnStrategy using the Proxy-Authorization and WWW-Authenticate headers, and the 401 Proxy Auth Required response. This is a special AuthnStrategy for the AuthRequest implementation.

func NewHeaderProxyAuthorizationAuthnStrategy added in v4.38.0 

func NewHeaderProxyAuthorizationAuthnStrategy(schemes ...string) *HeaderAuthnStrategy

NewHeaderProxyAuthorizationAuthnStrategy creates a new HeaderAuthnStrategy using the Proxy-Authorization and Proxy-Authenticate headers, and the 407 Proxy Auth Required response.

func (*HeaderAuthnStrategy) CanHandleUnauthorized added in v4.38.0 

func (s *HeaderAuthnStrategy) CanHandleUnauthorized() (handle bool)

CanHandleUnauthorized returns true if this AuthnStrategy should handle Unauthorized requests.

func (*HeaderAuthnStrategy) Get added in v4.38.0 

func (s *HeaderAuthnStrategy) Get(ctx *middlewares.AutheliaCtx, _ *session.Session, object *authorization.Object) (authn *Authn, err error)

Get returns the Authn information for this AuthnStrategy.

func (*HeaderAuthnStrategy) HandleUnauthorized added in v4.38.0 

func (s *HeaderAuthnStrategy) HandleUnauthorized(ctx *middlewares.AutheliaCtx, authn *Authn, _ *url.URL)

HandleUnauthorized is the Unauthorized handler for the header AuthnStrategy.

type HeaderAuthorization 

type HeaderAuthorization struct {
	Authorization *model.Authorization
	Realm         string
	Scope         string
	Error         *oauthelia2.RFC6749Error
}

type HeaderLegacyAuthnStrategy added in v4.38.0 

type HeaderLegacyAuthnStrategy struct{}

HeaderLegacyAuthnStrategy is a legacy header AuthnStrategy which can be switched based on the query parameters.

func NewHeaderLegacyAuthnStrategy added in v4.38.0 

func NewHeaderLegacyAuthnStrategy() *HeaderLegacyAuthnStrategy

NewHeaderLegacyAuthnStrategy creates a new HeaderLegacyAuthnStrategy.

func (*HeaderLegacyAuthnStrategy) CanHandleUnauthorized added in v4.38.0 

func (s *HeaderLegacyAuthnStrategy) CanHandleUnauthorized() (handle bool)

CanHandleUnauthorized returns true if this AuthnStrategy should handle Unauthorized requests.

func (*HeaderLegacyAuthnStrategy) Get added in v4.38.0 

func (s *HeaderLegacyAuthnStrategy) Get(ctx *middlewares.AutheliaCtx, _ *session.Session, _ *authorization.Object) (authn *Authn, err error)

Get returns the Authn information for this AuthnStrategy.

func (*HeaderLegacyAuthnStrategy) HandleUnauthorized added in v4.38.0 

func (s *HeaderLegacyAuthnStrategy) HandleUnauthorized(ctx *middlewares.AutheliaCtx, authn *Authn, _ *url.URL)

HandleUnauthorized is the Unauthorized handler for the Legacy header AuthnStrategy.

type MethodList 

type MethodList = []string

MethodList is the list of available methods.

type PasswordPolicyBody added in v4.36.0 

type PasswordPolicyBody struct {
	Mode             string `json:"mode"`
	MinLength        int    `json:"min_length"`
	MaxLength        int    `json:"max_length"`
	MinScore         int    `json:"min_score"`
	RequireUppercase bool   `json:"require_uppercase"`
	RequireLowercase bool   `json:"require_lowercase"`
	RequireNumber    bool   `json:"require_number"`
	RequireSpecial   bool   `json:"require_special"`
}

PasswordPolicyBody represents the response sent by the password reset step 2.

type StateResponse 

type StateResponse struct {
	Username              string               `json:"username"`
	AuthenticationLevel   authentication.Level `json:"authentication_level"`
	DefaultRedirectionURL string               `json:"default_redirection_url"`
}

StateResponse represents the response sent by the state endpoint.

type TOTPKeyResponse 

type TOTPKeyResponse struct {
	Base32Secret string `json:"base32_secret"`
	OTPAuthURL   string `json:"otpauth_url"`
}

TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.