Documentation ¶
Index ¶
- Constants
- func MustNullUUID(in uuid.NullUUID, err error) uuid.NullUUID
- func NewRandomNullUUID() (uuid.NullUUID, error)
- func NullUUID(in uuid.UUID) uuid.NullUUID
- type AuthenticationAttempt
- type Authorization
- func (a *Authorization) Basic() (username, password string)
- func (a *Authorization) BasicUsername() (username string)
- func (a *Authorization) EncodeHeader() string
- func (a *Authorization) Parse(raw string) (err error)
- func (a *Authorization) ParseBasic(username, password string) (err error)
- func (a *Authorization) ParseBearer(bearer string) (err error)
- func (a *Authorization) ParseBytes(raw []byte) (err error)
- func (a *Authorization) Scheme() AuthorizationScheme
- func (a *Authorization) SchemeRaw() string
- func (a *Authorization) Value() string
- type AuthorizationScheme
- type AuthorizationSchemes
- type Base64
- type Context
- type CtxKey
- type DuoDevice
- type IP
- type IdentityVerification
- type IdentityVerificationClaim
- type Migration
- type NullIP
- type OAuth2BlacklistedJTI
- type OAuth2ConsentPreConfig
- func (s *OAuth2ConsentPreConfig) CanConsent() bool
- func (s *OAuth2ConsentPreConfig) HasExactGrantedAudience(audience []string) (has bool)
- func (s *OAuth2ConsentPreConfig) HasExactGrantedScopes(scopes []string) (has bool)
- func (s *OAuth2ConsentPreConfig) HasExactGrants(scopes, audience []string) (has bool)
- type OAuth2ConsentSession
- func (s *OAuth2ConsentSession) CanGrant() bool
- func (s *OAuth2ConsentSession) GetForm() (form url.Values, err error)
- func (s *OAuth2ConsentSession) Grant()
- func (s *OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)
- func (s *OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)
- func (s *OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)
- func (s *OAuth2ConsentSession) IsAuthorized() bool
- func (s *OAuth2ConsentSession) IsDenied() bool
- func (s *OAuth2ConsentSession) Responded() bool
- type OAuth2PARContext
- type OAuth2Session
- type OneTimeCode
- type OpenIDSession
- type SchemaMigration
- type SemanticVersion
- func (v SemanticVersion) Copy() SemanticVersion
- func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)
- func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)
- func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)
- func (v SemanticVersion) IsAbsolute() bool
- func (v SemanticVersion) IsStable() bool
- func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)
- func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)
- func (v SemanticVersion) NextMajor() (version SemanticVersion)
- func (v SemanticVersion) NextMinor() (version SemanticVersion)
- func (v SemanticVersion) NextPatch() (version SemanticVersion)
- func (v SemanticVersion) String() (value string)
- type StartupCheck
- type StringSlicePipeDelimited
- type TOTPConfiguration
- func (c *TOTPConfiguration) HistorySince(now time.Time, skew *int) time.Time
- func (c *TOTPConfiguration) Image(width, height int) (img image.Image, err error)
- func (c *TOTPConfiguration) Key() (key *otp.Key, err error)
- func (c *TOTPConfiguration) LastUsed() *time.Time
- func (c TOTPConfiguration) MarshalJSON() (data []byte, err error)
- func (c *TOTPConfiguration) MarshalYAML() (any, error)
- func (c *TOTPConfiguration) ToData() TOTPConfigurationData
- func (c *TOTPConfiguration) URI() (uri string)
- func (c *TOTPConfiguration) UnmarshalYAML(value *yaml.Node) (err error)
- func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)
- type TOTPConfigurationData
- type TOTPConfigurationDataExport
- type TOTPConfigurationExport
- type TOTPConfigurationJSON
- type TOTPOptions
- type UserInfo
- type UserOpaqueIdentifier
- type UserOpaqueIdentifiersExport
- type WebAuthnCredential
- func (c *WebAuthnCredential) DataValueAAGUID() *string
- func (c *WebAuthnCredential) DataValueLastUsedAt() *time.Time
- func (c *WebAuthnCredential) MarshalJSON() (data []byte, err error)
- func (c *WebAuthnCredential) MarshalYAML() (any, error)
- func (c *WebAuthnCredential) ToData() WebAuthnCredentialData
- func (c *WebAuthnCredential) UnmarshalYAML(value *yaml.Node) (err error)
- func (c *WebAuthnCredential) UpdateSignInInfo(config *webauthn.Config, now time.Time, authenticator webauthn.Authenticator)
- type WebAuthnCredentialData
- type WebAuthnCredentialDataExport
- type WebAuthnCredentialExport
- type WebAuthnUser
- func (u WebAuthnUser) HasFIDOU2F() bool
- func (u WebAuthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)
- func (u WebAuthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)
- func (u WebAuthnUser) WebAuthnDisplayName() string
- func (u WebAuthnUser) WebAuthnID() []byte
- func (u WebAuthnUser) WebAuthnIcon() string
- func (u WebAuthnUser) WebAuthnName() string
Constants ¶
const ( // SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator. SecondFactorMethodTOTP = "totp" // SecondFactorMethodWebAuthn method using WebAuthn credentials like YubiKey's. SecondFactorMethodWebAuthn = "webauthn" // SecondFactorMethodDuo method using Duo application to receive push notifications. SecondFactorMethodDuo = "mobile_push" )
const ( FormatJSONSchemaIdentifier = "https://www.authelia.com/schemas/%s/json-schema/%s.json" FormatJSONSchemaYAMLLanguageServer = "# yaml-language-server: $schema=" + FormatJSONSchemaIdentifier )
const ( // OTCIntentUserSessionElevation is the intent value for a one-time code indicating it's used for user session // elevation. OTCIntentUserSessionElevation = "use" )
Variables ¶
This section is empty.
Functions ¶
func MustNullUUID ¶ added in v4.38.0
MustNullUUID is a uuid.Must variant for the uuid.NullUUID methods.
func NewRandomNullUUID ¶ added in v4.38.0
NewRandomNullUUID returns a uuid.NullUUID using the uud.NewRandom() method i.e. in the form of a v4 UUID.
Types ¶
type AuthenticationAttempt ¶
type AuthenticationAttempt struct { ID int `db:"id"` Time time.Time `db:"time"` Successful bool `db:"successful"` Banned bool `db:"banned"` Username string `db:"username"` Type string `db:"auth_type"` RemoteIP NullIP `db:"remote_ip"` RequestURI string `db:"request_uri"` RequestMethod string `db:"request_method"` }
AuthenticationAttempt represents an authentication attempt row in the database.
type Authorization ¶ added in v4.38.0
type Authorization struct {
// contains filtered or unexported fields
}
func NewAuthorization ¶ added in v4.38.0
func NewAuthorization() *Authorization
func (*Authorization) Basic ¶ added in v4.38.0
func (a *Authorization) Basic() (username, password string)
func (*Authorization) BasicUsername ¶ added in v4.38.0
func (a *Authorization) BasicUsername() (username string)
func (*Authorization) EncodeHeader ¶ added in v4.38.0
func (a *Authorization) EncodeHeader() string
func (*Authorization) Parse ¶ added in v4.38.0
func (a *Authorization) Parse(raw string) (err error)
func (*Authorization) ParseBasic ¶ added in v4.38.0
func (a *Authorization) ParseBasic(username, password string) (err error)
func (*Authorization) ParseBearer ¶ added in v4.38.0
func (a *Authorization) ParseBearer(bearer string) (err error)
func (*Authorization) ParseBytes ¶ added in v4.38.0
func (a *Authorization) ParseBytes(raw []byte) (err error)
func (*Authorization) Scheme ¶ added in v4.38.0
func (a *Authorization) Scheme() AuthorizationScheme
func (*Authorization) SchemeRaw ¶ added in v4.38.0
func (a *Authorization) SchemeRaw() string
func (*Authorization) Value ¶ added in v4.38.0
func (a *Authorization) Value() string
type AuthorizationScheme ¶ added in v4.38.0
type AuthorizationScheme int
const ( AuthorizationSchemeNone AuthorizationScheme = iota AuthorizationSchemeBasic AuthorizationSchemeBearer )
func (AuthorizationScheme) String ¶ added in v4.38.0
func (s AuthorizationScheme) String() string
type AuthorizationSchemes ¶ added in v4.38.0
type AuthorizationSchemes []AuthorizationScheme
func NewAuthorizationSchemes ¶ added in v4.38.0
func NewAuthorizationSchemes(schemes ...string) AuthorizationSchemes
func (AuthorizationSchemes) Has ¶ added in v4.38.0
func (s AuthorizationSchemes) Has(scheme AuthorizationScheme) bool
type Base64 ¶
type Base64 struct {
// contains filtered or unexported fields
}
Base64 saves bytes to the database as a base64 encoded string.
type Context ¶ added in v4.38.0
type Context interface { context.Context GetClock() clock.Provider RemoteIP() net.IP GetRandom() random.Provider }
Context is a commonly used context.Context within Authelia.
type DuoDevice ¶
type DuoDevice struct { ID int `db:"id"` Username string `db:"username"` Device string `db:"device"` Method string `db:"method"` }
DuoDevice represents a DUO Device.
type IP ¶
IP is a type specific for storage of a net.IP in the database which can't be NULL.
type IdentityVerification ¶
type IdentityVerification struct { ID int `db:"id"` JTI uuid.UUID `db:"jti"` IssuedAt time.Time `db:"iat"` IssuedIP IP `db:"issued_ip"` ExpiresAt time.Time `db:"exp"` Action string `db:"action"` Username string `db:"username"` ConsumedAt sql.NullTime `db:"consumed"` ConsumedIP NullIP `db:"consumed_ip"` RevokedAt sql.NullTime `db:"revoked"` RevokedIP NullIP `db:"revoked_ip"` }
IdentityVerification represents an identity verification row in the database.
func NewIdentityVerification ¶
func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP, expiration time.Duration) (verification IdentityVerification)
NewIdentityVerification creates a new IdentityVerification from a given username and action.
func (IdentityVerification) ToIdentityVerificationClaim ¶
func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim)
ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.
type IdentityVerificationClaim ¶
type IdentityVerificationClaim struct { jwt.RegisteredClaims // The action this token has been crafted for. Action string `json:"action"` // The user this token has been crafted for. Username string `json:"username"` }
IdentityVerificationClaim custom claim for specifying the action claim. The action can be to register a TOTP device, a U2F device or reset one's password.
func (IdentityVerificationClaim) ToIdentityVerification ¶
func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error)
ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.
type Migration ¶
type Migration struct { ID int `db:"id"` Applied time.Time `db:"applied"` Before int `db:"version_before"` After int `db:"version_after"` Version string `db:"application_version"` }
Migration represents a migration row in the database.
type NullIP ¶
NullIP is a type specific for storage of a net.IP in the database which can also be NULL.
func NewNullIPFromString ¶
NewNullIPFromString easily constructs a new NullIP from a string.
type OAuth2BlacklistedJTI ¶ added in v4.35.0
type OAuth2BlacklistedJTI struct { ID int `db:"id"` Signature string `db:"signature"` ExpiresAt time.Time `db:"expires_at"` }
OAuth2BlacklistedJTI represents a blacklisted JTI used with OAuth2.0.
func NewOAuth2BlacklistedJTI ¶ added in v4.35.0
func NewOAuth2BlacklistedJTI(jti string, exp time.Time) (jtiBlacklist OAuth2BlacklistedJTI)
NewOAuth2BlacklistedJTI creates a new OAuth2BlacklistedJTI.
type OAuth2ConsentPreConfig ¶ added in v4.37.0
type OAuth2ConsentPreConfig struct { ID int64 `db:"id"` ClientID string `db:"client_id"` Subject uuid.UUID `db:"subject"` CreatedAt time.Time `db:"created_at"` ExpiresAt sql.NullTime `db:"expires_at"` Revoked bool `db:"revoked"` Scopes StringSlicePipeDelimited `db:"scopes"` Audience StringSlicePipeDelimited `db:"audience"` }
OAuth2ConsentPreConfig stores information about an OAuth2.0 Pre-Configured Consent.
func (*OAuth2ConsentPreConfig) CanConsent ¶ added in v4.37.0
func (s *OAuth2ConsentPreConfig) CanConsent() bool
CanConsent returns true if this pre-configuration can still provide consent.
func (*OAuth2ConsentPreConfig) HasExactGrantedAudience ¶ added in v4.37.0
func (s *OAuth2ConsentPreConfig) HasExactGrantedAudience(audience []string) (has bool)
HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.
func (*OAuth2ConsentPreConfig) HasExactGrantedScopes ¶ added in v4.37.0
func (s *OAuth2ConsentPreConfig) HasExactGrantedScopes(scopes []string) (has bool)
HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.
func (*OAuth2ConsentPreConfig) HasExactGrants ¶ added in v4.37.0
func (s *OAuth2ConsentPreConfig) HasExactGrants(scopes, audience []string) (has bool)
HasExactGrants returns true if the granted audience and scopes of this consent pre-configuration matches exactly with another audience and set of scopes.
type OAuth2ConsentSession ¶ added in v4.35.0
type OAuth2ConsentSession struct { ID int `db:"id"` ChallengeID uuid.UUID `db:"challenge_id"` ClientID string `db:"client_id"` Subject uuid.NullUUID `db:"subject"` Authorized bool `db:"authorized"` Granted bool `db:"granted"` RequestedAt time.Time `db:"requested_at"` RespondedAt sql.NullTime `db:"responded_at"` Form string `db:"form_data"` RequestedScopes StringSlicePipeDelimited `db:"requested_scopes"` GrantedScopes StringSlicePipeDelimited `db:"granted_scopes"` RequestedAudience StringSlicePipeDelimited `db:"requested_audience"` GrantedAudience StringSlicePipeDelimited `db:"granted_audience"` PreConfiguration sql.NullInt64 }
OAuth2ConsentSession stores information about an OAuth2.0 Consent.
func NewOAuth2ConsentSession ¶ added in v4.35.0
func NewOAuth2ConsentSession(subject uuid.UUID, r oauthelia2.Requester) (consent *OAuth2ConsentSession, err error)
NewOAuth2ConsentSession creates a new OAuth2ConsentSession.
func NewOAuth2ConsentSessionWithForm ¶ added in v4.38.0
func NewOAuth2ConsentSessionWithForm(subject uuid.UUID, r oauthelia2.Requester, form url.Values) (consent *OAuth2ConsentSession, err error)
NewOAuth2ConsentSessionWithForm creates a new OAuth2ConsentSession with a custom form parameter.
func (*OAuth2ConsentSession) CanGrant ¶ added in v4.35.0
func (s *OAuth2ConsentSession) CanGrant() bool
CanGrant returns true if the session can still grant a token. This is NOT indicative of if there is a user response to this consent request or if the user rejected the consent request.
func (*OAuth2ConsentSession) GetForm ¶ added in v4.35.0
func (s *OAuth2ConsentSession) GetForm() (form url.Values, err error)
GetForm returns the form.
func (*OAuth2ConsentSession) Grant ¶ added in v4.37.0
func (s *OAuth2ConsentSession) Grant()
Grant grants the requested scopes and audience.
func (*OAuth2ConsentSession) HasExactGrantedAudience ¶ added in v4.35.0
func (s *OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)
HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.
func (*OAuth2ConsentSession) HasExactGrantedScopes ¶ added in v4.35.0
func (s *OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)
HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.
func (*OAuth2ConsentSession) HasExactGrants ¶ added in v4.35.0
func (s *OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)
HasExactGrants returns true if the granted audience and scopes of this consent matches exactly with another audience and set of scopes.
func (*OAuth2ConsentSession) IsAuthorized ¶ added in v4.35.0
func (s *OAuth2ConsentSession) IsAuthorized() bool
IsAuthorized returns true if the user has responded to the consent session and it was authorized.
func (*OAuth2ConsentSession) IsDenied ¶ added in v4.35.0
func (s *OAuth2ConsentSession) IsDenied() bool
IsDenied returns true if the user has responded to the consent session and it was not authorized.
func (*OAuth2ConsentSession) Responded ¶ added in v4.35.0
func (s *OAuth2ConsentSession) Responded() bool
Responded returns true if the user has responded to the consent session.
type OAuth2PARContext ¶ added in v4.38.0
type OAuth2PARContext struct { ID int `db:"id"` Signature string `db:"signature"` RequestID string `db:"request_id"` ClientID string `db:"client_id"` RequestedAt time.Time `db:"requested_at"` Scopes StringSlicePipeDelimited `db:"scopes"` Audience StringSlicePipeDelimited `db:"audience"` HandledResponseTypes StringSlicePipeDelimited `db:"handled_response_types"` ResponseMode string `db:"response_mode"` DefaultResponseMode string `db:"response_mode_default"` Revoked bool `db:"revoked"` Form string `db:"form_data"` Session []byte `db:"session_data"` }
OAuth2PARContext holds relevant information about a Pushed Authorization Request in order to process the authorization.
func NewOAuth2PARContext ¶ added in v4.38.0
func NewOAuth2PARContext(contextID string, r oauthelia2.AuthorizeRequester) (context *OAuth2PARContext, err error)
NewOAuth2PARContext creates a new Pushed Authorization Request Context as a OAuth2PARContext.
func (*OAuth2PARContext) ToAuthorizeRequest ¶ added in v4.38.0
func (par *OAuth2PARContext) ToAuthorizeRequest(ctx context.Context, session oauthelia2.Session, store oauthelia2.Storage) (request *oauthelia2.AuthorizeRequest, err error)
type OAuth2Session ¶ added in v4.35.0
type OAuth2Session struct { ID int `db:"id"` ChallengeID uuid.NullUUID `db:"challenge_id"` RequestID string `db:"request_id"` ClientID string `db:"client_id"` Signature string `db:"signature"` RequestedAt time.Time `db:"requested_at"` Subject sql.NullString `db:"subject"` RequestedScopes StringSlicePipeDelimited `db:"requested_scopes"` GrantedScopes StringSlicePipeDelimited `db:"granted_scopes"` RequestedAudience StringSlicePipeDelimited `db:"requested_audience"` GrantedAudience StringSlicePipeDelimited `db:"granted_audience"` Active bool `db:"active"` Revoked bool `db:"revoked"` Form string `db:"form_data"` Session []byte `db:"session_data"` }
OAuth2Session represents a OAuth2.0 session.
func NewOAuth2SessionFromRequest ¶ added in v4.35.0
func NewOAuth2SessionFromRequest(signature string, r oauthelia2.Requester) (session *OAuth2Session, err error)
NewOAuth2SessionFromRequest creates a new OAuth2Session from a signature and oauthelia2.Requester.
func (*OAuth2Session) SetSubject ¶ added in v4.35.0
func (s *OAuth2Session) SetSubject(subject string)
SetSubject implements an interface required for RFC7523.
func (*OAuth2Session) ToRequest ¶ added in v4.35.0
func (s *OAuth2Session) ToRequest(ctx context.Context, session oauthelia2.Session, store oauthelia2.Storage) (request *oauthelia2.Request, err error)
ToRequest converts an OAuth2Session into a oauthelia2.Request given a oauthelia2.Session and oauthelia2.Storage.
type OneTimeCode ¶ added in v4.38.0
type OneTimeCode struct { ID int `db:"id"` PublicID uuid.UUID `db:"public_id"` Signature string `db:"signature"` IssuedAt time.Time `db:"issued"` IssuedIP IP `db:"issued_ip"` ExpiresAt time.Time `db:"expires"` Username string `db:"username"` Intent string `db:"intent"` ConsumedAt sql.NullTime `db:"consumed"` ConsumedIP NullIP `db:"consumed_ip"` RevokedAt sql.NullTime `db:"revoked"` RevokedIP NullIP `db:"revoked_ip"` Code []byte `db:"code"` }
OneTimeCode represents special one-time codes stored in the database.
func NewOneTimeCode ¶ added in v4.38.0
func NewOneTimeCode(ctx Context, username string, characters int, duration time.Duration) (otp *OneTimeCode, err error)
NewOneTimeCode returns a new OneTimeCode.
func (*OneTimeCode) Consume ¶ added in v4.38.0
func (otp *OneTimeCode) Consume(ctx Context)
Consume sets the values required to consume the one-time code.
type OpenIDSession ¶ added in v4.35.0
type OpenIDSession interface { oauthelia2.Session GetChallengeID() uuid.NullUUID }
OpenIDSession represents the types available for an oidc.Session that are required in the models package.
type SchemaMigration ¶
SchemaMigration represents an intended migration.
func (SchemaMigration) After ¶
func (m SchemaMigration) After() (after int)
After returns the version the schema will be at After the migration is applied.
func (SchemaMigration) Before ¶
func (m SchemaMigration) Before() (before int)
Before returns the version the schema should be at Before the migration is applied.
func (SchemaMigration) NotEmpty ¶ added in v4.38.0
func (m SchemaMigration) NotEmpty() bool
NotEmpty returns true if the SchemaMigration is not an empty string.
type SemanticVersion ¶ added in v4.36.0
SemanticVersion represents a semantic 2.0 version.
func NewSemanticVersion ¶ added in v4.36.0
func NewSemanticVersion(input string) (version *SemanticVersion, err error)
NewSemanticVersion creates a SemanticVersion from a string.
func (SemanticVersion) Copy ¶ added in v4.38.0
func (v SemanticVersion) Copy() SemanticVersion
Copy the values for this SemanticVersion.
func (SemanticVersion) Equal ¶ added in v4.36.0
func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)
Equal returns true if this SemanticVersion is equal to the provided SemanticVersion.
func (SemanticVersion) GreaterThan ¶ added in v4.36.0
func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)
GreaterThan returns true if this SemanticVersion is greater than the provided SemanticVersion.
func (SemanticVersion) GreaterThanOrEqual ¶ added in v4.36.0
func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)
GreaterThanOrEqual returns true if this SemanticVersion is greater than or equal to the provided SemanticVersion.
func (SemanticVersion) IsAbsolute ¶ added in v4.38.0
func (v SemanticVersion) IsAbsolute() bool
IsAbsolute returns true if the pre release and metadata values are empty.
func (SemanticVersion) IsStable ¶ added in v4.38.0
func (v SemanticVersion) IsStable() bool
IsStable returns true if the pre release and metadata values are empty and the major value is above 0.
func (SemanticVersion) LessThan ¶ added in v4.36.0
func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)
LessThan returns true if this SemanticVersion is less than the provided SemanticVersion.
func (SemanticVersion) LessThanOrEqual ¶ added in v4.36.0
func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)
LessThanOrEqual returns true if this SemanticVersion is less than or equal to the provided SemanticVersion.
func (SemanticVersion) NextMajor ¶ added in v4.38.0
func (v SemanticVersion) NextMajor() (version SemanticVersion)
NextMajor returns the next major SemanticVersion from this current SemanticVersion.
func (SemanticVersion) NextMinor ¶ added in v4.38.0
func (v SemanticVersion) NextMinor() (version SemanticVersion)
NextMinor returns the next minor SemanticVersion from this current SemanticVersion.
func (SemanticVersion) NextPatch ¶ added in v4.38.0
func (v SemanticVersion) NextPatch() (version SemanticVersion)
NextPatch returns the next patch SemanticVersion from this current SemanticVersion.
func (SemanticVersion) String ¶ added in v4.36.0
func (v SemanticVersion) String() (value string)
String is a function to provide a nice representation of a SemanticVersion.
type StartupCheck ¶
type StartupCheck interface {
StartupCheck() (err error)
}
StartupCheck represents a provider that has a startup check.
type StringSlicePipeDelimited ¶ added in v4.35.0
type StringSlicePipeDelimited []string
StringSlicePipeDelimited is a string slice that is stored in the database delimited by pipes.
func (*StringSlicePipeDelimited) Scan ¶ added in v4.35.0
func (s *StringSlicePipeDelimited) Scan(value any) (err error)
Scan is the StringSlicePipeDelimited implementation of the sql.Scanner.
type TOTPConfiguration ¶
type TOTPConfiguration struct { ID int `db:"id"` CreatedAt time.Time `db:"created_at"` LastUsedAt sql.NullTime `db:"last_used_at"` Username string `db:"username"` Issuer string `db:"issuer"` Algorithm string `db:"algorithm"` Digits uint32 `db:"digits"` Period uint `db:"period"` Secret []byte `db:"secret"` }
TOTPConfiguration represents a users TOTP configuration row in the database.
func (*TOTPConfiguration) HistorySince ¶ added in v4.38.0
HistorySince provides a reasonably accurate window for previously successful attempts to check for history.
func (*TOTPConfiguration) Image ¶
func (c *TOTPConfiguration) Image(width, height int) (img image.Image, err error)
Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.
func (*TOTPConfiguration) Key ¶
func (c *TOTPConfiguration) Key() (key *otp.Key, err error)
Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.
func (*TOTPConfiguration) LastUsed ¶ added in v4.37.0
func (c *TOTPConfiguration) LastUsed() *time.Time
LastUsed provides LastUsedAt as a *time.Time instead of sql.NullTime.
func (TOTPConfiguration) MarshalJSON ¶ added in v4.38.0
func (c TOTPConfiguration) MarshalJSON() (data []byte, err error)
MarshalJSON returns the TOTPConfiguration in a JSON friendly manner.
func (*TOTPConfiguration) MarshalYAML ¶ added in v4.38.0
func (c *TOTPConfiguration) MarshalYAML() (any, error)
MarshalYAML marshals this model into YAML.
func (*TOTPConfiguration) ToData ¶ added in v4.38.0
func (c *TOTPConfiguration) ToData() TOTPConfigurationData
ToData converts this TOTPConfiguration into the data format for exporting etc.
func (*TOTPConfiguration) URI ¶
func (c *TOTPConfiguration) URI() (uri string)
URI shows the configuration in the URI representation.
func (*TOTPConfiguration) UnmarshalYAML ¶ added in v4.38.0
func (c *TOTPConfiguration) UnmarshalYAML(value *yaml.Node) (err error)
UnmarshalYAML unmarshalls YAML into this model.
func (*TOTPConfiguration) UpdateSignInInfo ¶
func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)
UpdateSignInInfo adjusts the values of the TOTPConfiguration after a sign in.
type TOTPConfigurationData ¶ added in v4.38.0
type TOTPConfigurationData struct { CreatedAt time.Time `` /* 130-byte string literal not displayed */ LastUsedAt *time.Time `` /* 141-byte string literal not displayed */ Username string `` /* 140-byte string literal not displayed */ Issuer string `yaml:"issuer" json:"issuer" jsonschema:"title=Issuer" jsonschema_description:"The issuer name this was generated with."` Algorithm string `` /* 126-byte string literal not displayed */ Digits uint32 `yaml:"digits" json:"digits" jsonschema:"title=Digits" jsonschema_description:"The number of digits this configuration uses."` Period uint `yaml:"period" json:"period" jsonschema:"title=Period" jsonschema_description:"The period of time this configuration uses."` Secret string `yaml:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"The secret shared key for this configuration."` }
TOTPConfigurationData is used for marshalling/unmarshalling tasks.
type TOTPConfigurationDataExport ¶ added in v4.38.0
type TOTPConfigurationDataExport struct {
TOTPConfigurations []TOTPConfigurationData `` /* 150-byte string literal not displayed */
}
TOTPConfigurationDataExport represents a TOTPConfiguration export file.
type TOTPConfigurationExport ¶ added in v4.38.0
type TOTPConfigurationExport struct {
TOTPConfigurations []TOTPConfiguration `yaml:"totp_configurations"`
}
TOTPConfigurationExport represents a TOTPConfiguration export file.
func (TOTPConfigurationExport) MarshalYAML ¶ added in v4.38.0
func (export TOTPConfigurationExport) MarshalYAML() (any, error)
MarshalYAML marshals this model into YAML.
func (TOTPConfigurationExport) ToData ¶ added in v4.38.0
func (export TOTPConfigurationExport) ToData() TOTPConfigurationDataExport
ToData converts this TOTPConfigurationExport into a TOTPConfigurationDataExport.
type TOTPConfigurationJSON ¶ added in v4.38.0
type TOTPConfigurationJSON struct { CreatedAt time.Time `json:"created_at"` LastUsedAt *time.Time `json:"last_used_at,omitempty"` Issuer string `json:"issuer"` Algorithm string `json:"algorithm"` Digits uint32 `json:"digits"` Period uint `json:"period"` }
TOTPConfigurationJSON is the JSON representation for a TOTPConfiguration.
type TOTPOptions ¶ added in v4.38.0
type UserInfo ¶
type UserInfo struct { // The users display name. DisplayName string `db:"-" json:"display_name"` // The preferred 2FA method. Method string `db:"second_factor_method" json:"method" valid:"required"` // True if a TOTP device has been registered. HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"` // True if a WebAuthn credential has been registered. HasWebAuthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"` // True if a duo device has been configured as the preferred. HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"` }
UserInfo represents the user information required by the web UI.
type UserOpaqueIdentifier ¶ added in v4.35.0
type UserOpaqueIdentifier struct { ID int `db:"id" yaml:"-"` Service string `` /* 135-byte string literal not displayed */ SectorID string `` /* 152-byte string literal not displayed */ Username string `` /* 141-byte string literal not displayed */ Identifier uuid.UUID `` /* 150-byte string literal not displayed */ }
UserOpaqueIdentifier represents an opaque identifier for a user. Commonly used with OAuth 2.0 and OpenID Connect.
func NewUserOpaqueIdentifier ¶ added in v4.35.0
func NewUserOpaqueIdentifier(service, sectorID, username string) (id *UserOpaqueIdentifier, err error)
NewUserOpaqueIdentifier either creates a new UserOpaqueIdentifier or returns an error.
type UserOpaqueIdentifiersExport ¶ added in v4.35.0
type UserOpaqueIdentifiersExport struct {
Identifiers []UserOpaqueIdentifier `yaml:"identifiers" json:"identifiers" jsonschema:"title=Identifiers" jsonschema_description:"The list of opaque identifiers."`
}
UserOpaqueIdentifiersExport represents a UserOpaqueIdentifier export file.
type WebAuthnCredential ¶ added in v4.38.0
type WebAuthnCredential struct { ID int `db:"id"` CreatedAt time.Time `db:"created_at"` LastUsedAt sql.NullTime `db:"last_used_at"` RPID string `db:"rpid"` Username string `db:"username"` Description string `db:"description"` KID Base64 `db:"kid"` AAGUID uuid.NullUUID `db:"aaguid"` AttestationType string `db:"attestation_type"` Attachment string `db:"attachment"` Transport string `db:"transport"` SignCount uint32 `db:"sign_count"` CloneWarning bool `db:"clone_warning"` Legacy bool `db:"legacy"` Discoverable bool `db:"discoverable"` Present bool `db:"present"` Verified bool `db:"verified"` BackupEligible bool `db:"backup_eligible"` BackupState bool `db:"backup_state"` PublicKey []byte `db:"public_key"` }
WebAuthnCredential represents a WebAuthn Credential in the database storage.
func NewWebAuthnCredential ¶ added in v4.38.0
func NewWebAuthnCredential(ctx Context, rpid, username, description string, credential *webauthn.Credential) (c WebAuthnCredential)
NewWebAuthnCredential creates a WebAuthnCredential from a webauthn.Credential.
func (*WebAuthnCredential) DataValueAAGUID ¶ added in v4.38.0
func (c *WebAuthnCredential) DataValueAAGUID() *string
DataValueAAGUID provides AAGUID as a *string instead of uuid.NullUUID.
func (*WebAuthnCredential) DataValueLastUsedAt ¶ added in v4.38.0
func (c *WebAuthnCredential) DataValueLastUsedAt() *time.Time
DataValueLastUsedAt provides LastUsedAt as a *time.Time instead of sql.NullTime.
func (*WebAuthnCredential) MarshalJSON ¶ added in v4.38.0
func (c *WebAuthnCredential) MarshalJSON() (data []byte, err error)
MarshalJSON returns the WebAuthnCredential in a JSON friendly manner.
func (*WebAuthnCredential) MarshalYAML ¶ added in v4.38.0
func (c *WebAuthnCredential) MarshalYAML() (any, error)
MarshalYAML marshals this model into YAML.
func (*WebAuthnCredential) ToData ¶ added in v4.38.0
func (c *WebAuthnCredential) ToData() WebAuthnCredentialData
func (*WebAuthnCredential) UnmarshalYAML ¶ added in v4.38.0
func (c *WebAuthnCredential) UnmarshalYAML(value *yaml.Node) (err error)
UnmarshalYAML unmarshalls YAML into this model.
func (*WebAuthnCredential) UpdateSignInInfo ¶ added in v4.38.0
func (c *WebAuthnCredential) UpdateSignInInfo(config *webauthn.Config, now time.Time, authenticator webauthn.Authenticator)
UpdateSignInInfo adjusts the values of the WebAuthnCredential after a sign in.
type WebAuthnCredentialData ¶ added in v4.38.0
type WebAuthnCredentialData struct { ID int `json:"id" yaml:"-"` CreatedAt time.Time `` /* 128-byte string literal not displayed */ LastUsedAt *time.Time `` /* 156-byte string literal not displayed */ RPID string `` /* 139-byte string literal not displayed */ Username string `` /* 137-byte string literal not displayed */ Description string `` /* 134-byte string literal not displayed */ KID string `yaml:"kid" json:"kid" jsonschema:"title=Public Key ID" jsonschema_description:"The Public Key ID of this credential."` AAGUID *string `` /* 173-byte string literal not displayed */ AttestationType string `` /* 158-byte string literal not displayed */ Attachment string `` /* 136-byte string literal not displayed */ Transports []string `` /* 131-byte string literal not displayed */ SignCount uint32 `` /* 131-byte string literal not displayed */ CloneWarning bool `` /* 143-byte string literal not displayed */ Legacy bool `` /* 154-byte string literal not displayed */ Discoverable bool `` /* 140-byte string literal not displayed */ Present bool `` /* 126-byte string literal not displayed */ Verified bool `yaml:"verified" json:"verified" jsonschema:"title=Verified" jsonschema_description:"The verified status of this credential."` BackupEligible bool `` /* 152-byte string literal not displayed */ BackupState bool `` /* 146-byte string literal not displayed */ PublicKey string `yaml:"public_key" json:"public_key" jsonschema:"title=Public Key" jsonschema_description:"The credential public key."` }
WebAuthnCredentialData represents a WebAuthn Credential in a way which can be serialized.
func (*WebAuthnCredentialData) ToCredential ¶ added in v4.38.0
func (c *WebAuthnCredentialData) ToCredential() (credential *WebAuthnCredential, err error)
type WebAuthnCredentialDataExport ¶ added in v4.38.0
type WebAuthnCredentialDataExport struct {
WebAuthnCredentials []WebAuthnCredentialData `` /* 154-byte string literal not displayed */
}
WebAuthnCredentialDataExport represents a WebAuthnCredential export file.
type WebAuthnCredentialExport ¶ added in v4.38.0
type WebAuthnCredentialExport struct {
WebAuthnCredentials []WebAuthnCredential `yaml:"webauthn_credentials"`
}
WebAuthnCredentialExport represents a WebAuthnCredential export file.
func (WebAuthnCredentialExport) MarshalYAML ¶ added in v4.38.0
func (export WebAuthnCredentialExport) MarshalYAML() (any, error)
MarshalYAML marshals this model into YAML.
func (WebAuthnCredentialExport) ToData ¶ added in v4.38.0
func (export WebAuthnCredentialExport) ToData() WebAuthnCredentialDataExport
ToData converts this WebAuthnCredentialExport into a WebAuthnCredentialDataExport.
type WebAuthnUser ¶ added in v4.38.0
type WebAuthnUser struct { ID int `db:"id"` RPID string `db:"rpid"` Username string `db:"username"` UserID string `db:"userid"` DisplayName string `db:"-"` Credentials []WebAuthnCredential `db:"-"` }
WebAuthnUser is an object to represent a user for the WebAuthn lib.
func (WebAuthnUser) HasFIDOU2F ¶ added in v4.38.0
func (u WebAuthnUser) HasFIDOU2F() bool
HasFIDOU2F returns true if the user has any attestation type `fido-u2f` credentials.
func (WebAuthnUser) WebAuthnCredentialDescriptors ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)
WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.
func (WebAuthnUser) WebAuthnCredentials ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)
WebAuthnCredentials implements the webauthn.User interface.
func (WebAuthnUser) WebAuthnDisplayName ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnDisplayName() string
WebAuthnDisplayName implements the webauthn.User interface.
func (WebAuthnUser) WebAuthnID ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnID() []byte
WebAuthnID implements the webauthn.User interface.
func (WebAuthnUser) WebAuthnIcon ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnIcon() string
WebAuthnIcon implements the webauthn.User interface.
func (WebAuthnUser) WebAuthnName ¶ added in v4.38.0
func (u WebAuthnUser) WebAuthnName() string
WebAuthnName implements the webauthn.User interface.