model

package
v4.38.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 30, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SecondFactorMethodTOTP method using Time-Based One-Time Password applications like Google Authenticator.
	SecondFactorMethodTOTP = "totp"

	// SecondFactorMethodWebAuthn method using WebAuthn credentials like YubiKey's.
	SecondFactorMethodWebAuthn = "webauthn"

	// SecondFactorMethodDuo method using Duo application to receive push notifications.
	SecondFactorMethodDuo = "mobile_push"
)
View Source
const (
	FormatJSONSchemaIdentifier         = "https://www.authelia.com/schemas/%s/json-schema/%s.json"
	FormatJSONSchemaYAMLLanguageServer = "# yaml-language-server: $schema=" + FormatJSONSchemaIdentifier
)
View Source
const (
	// OTCIntentUserSessionElevation is the intent value for a one-time code indicating it's used for user session
	// elevation.
	OTCIntentUserSessionElevation = "use"
)

Variables

This section is empty.

Functions

func MustNullUUID added in v4.38.0

func MustNullUUID(in uuid.NullUUID, err error) uuid.NullUUID

MustNullUUID is a uuid.Must variant for the uuid.NullUUID methods.

func NewRandomNullUUID added in v4.38.0

func NewRandomNullUUID() (uuid.NullUUID, error)

NewRandomNullUUID returns a uuid.NullUUID using the uud.NewRandom() method i.e. in the form of a v4 UUID.

func NullUUID added in v4.35.1

func NullUUID(in uuid.UUID) uuid.NullUUID

NullUUID converts a uuid.UUID to a uuid.NullUUID.

Types

type AuthenticationAttempt

type AuthenticationAttempt struct {
	ID            int       `db:"id"`
	Time          time.Time `db:"time"`
	Successful    bool      `db:"successful"`
	Banned        bool      `db:"banned"`
	Username      string    `db:"username"`
	Type          string    `db:"auth_type"`
	RemoteIP      NullIP    `db:"remote_ip"`
	RequestURI    string    `db:"request_uri"`
	RequestMethod string    `db:"request_method"`
}

AuthenticationAttempt represents an authentication attempt row in the database.

type Authorization added in v4.38.0

type Authorization struct {
	// contains filtered or unexported fields
}

func NewAuthorization added in v4.38.0

func NewAuthorization() *Authorization

func (*Authorization) Basic added in v4.38.0

func (a *Authorization) Basic() (username, password string)

func (*Authorization) BasicUsername added in v4.38.0

func (a *Authorization) BasicUsername() (username string)

func (*Authorization) EncodeHeader added in v4.38.0

func (a *Authorization) EncodeHeader() string

func (*Authorization) Parse added in v4.38.0

func (a *Authorization) Parse(raw string) (err error)

func (*Authorization) ParseBasic added in v4.38.0

func (a *Authorization) ParseBasic(username, password string) (err error)

func (*Authorization) ParseBearer added in v4.38.0

func (a *Authorization) ParseBearer(bearer string) (err error)

func (*Authorization) ParseBytes added in v4.38.0

func (a *Authorization) ParseBytes(raw []byte) (err error)

func (*Authorization) Scheme added in v4.38.0

func (a *Authorization) Scheme() AuthorizationScheme

func (*Authorization) SchemeRaw added in v4.38.0

func (a *Authorization) SchemeRaw() string

func (*Authorization) Value added in v4.38.0

func (a *Authorization) Value() string

type AuthorizationScheme added in v4.38.0

type AuthorizationScheme int
const (
	AuthorizationSchemeNone AuthorizationScheme = iota
	AuthorizationSchemeBasic
	AuthorizationSchemeBearer
)

func (AuthorizationScheme) String added in v4.38.0

func (s AuthorizationScheme) String() string

type AuthorizationSchemes added in v4.38.0

type AuthorizationSchemes []AuthorizationScheme

func NewAuthorizationSchemes added in v4.38.0

func NewAuthorizationSchemes(schemes ...string) AuthorizationSchemes

func (AuthorizationSchemes) Has added in v4.38.0

type Base64

type Base64 struct {
	// contains filtered or unexported fields
}

Base64 saves bytes to the database as a base64 encoded string.

func NewBase64

func NewBase64(data []byte) Base64

NewBase64 returns a new Base64.

func (Base64) Bytes

func (b Base64) Bytes() []byte

Bytes returns the Base64 string encoded as bytes.

func (*Base64) Scan

func (b *Base64) Scan(src any) (err error)

Scan is the Base64 implementation of the sql.Scanner.

func (Base64) String

func (b Base64) String() string

String returns the Base64 string encoded as base64.

func (Base64) Value

func (b Base64) Value() (value driver.Value, err error)

Value is the Base64 implementation of the databases/sql driver.Valuer.

type Context added in v4.38.0

type Context interface {
	context.Context

	GetClock() clock.Provider
	RemoteIP() net.IP
	GetRandom() random.Provider
}

Context is a commonly used context.Context within Authelia.

type CtxKey added in v4.38.11

type CtxKey int
const (
	CtxKeyAutheliaCtx CtxKey = iota
)

type DuoDevice

type DuoDevice struct {
	ID       int    `db:"id"`
	Username string `db:"username"`
	Device   string `db:"device"`
	Method   string `db:"method"`
}

DuoDevice represents a DUO Device.

type IP

type IP struct {
	IP net.IP
}

IP is a type specific for storage of a net.IP in the database which can't be NULL.

func NewIP

func NewIP(value net.IP) (ip IP)

NewIP easily constructs a new IP.

func (*IP) Scan

func (ip *IP) Scan(src any) (err error)

Scan is the IP implementation of the sql.Scanner.

func (IP) Value

func (ip IP) Value() (value driver.Value, err error)

Value is the IP implementation of the databases/sql driver.Valuer.

type IdentityVerification

type IdentityVerification struct {
	ID         int          `db:"id"`
	JTI        uuid.UUID    `db:"jti"`
	IssuedAt   time.Time    `db:"iat"`
	IssuedIP   IP           `db:"issued_ip"`
	ExpiresAt  time.Time    `db:"exp"`
	Action     string       `db:"action"`
	Username   string       `db:"username"`
	ConsumedAt sql.NullTime `db:"consumed"`
	ConsumedIP NullIP       `db:"consumed_ip"`
	RevokedAt  sql.NullTime `db:"revoked"`
	RevokedIP  NullIP       `db:"revoked_ip"`
}

IdentityVerification represents an identity verification row in the database.

func NewIdentityVerification

func NewIdentityVerification(jti uuid.UUID, username, action string, ip net.IP, expiration time.Duration) (verification IdentityVerification)

NewIdentityVerification creates a new IdentityVerification from a given username and action.

func (IdentityVerification) ToIdentityVerificationClaim

func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim)

ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.

type IdentityVerificationClaim

type IdentityVerificationClaim struct {
	jwt.RegisteredClaims

	// The action this token has been crafted for.
	Action string `json:"action"`
	// The user this token has been crafted for.
	Username string `json:"username"`
}

IdentityVerificationClaim custom claim for specifying the action claim. The action can be to register a TOTP device, a U2F device or reset one's password.

func (IdentityVerificationClaim) ToIdentityVerification

func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error)

ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.

type Migration

type Migration struct {
	ID      int       `db:"id"`
	Applied time.Time `db:"applied"`
	Before  int       `db:"version_before"`
	After   int       `db:"version_after"`
	Version string    `db:"application_version"`
}

Migration represents a migration row in the database.

type NullIP

type NullIP struct {
	IP net.IP
}

NullIP is a type specific for storage of a net.IP in the database which can also be NULL.

func NewNullIP

func NewNullIP(value net.IP) (ip NullIP)

NewNullIP easily constructs a new NullIP.

func NewNullIPFromString

func NewNullIPFromString(value string) (ip NullIP)

NewNullIPFromString easily constructs a new NullIP from a string.

func (*NullIP) Scan

func (ip *NullIP) Scan(src any) (err error)

Scan is the NullIP implementation of the sql.Scanner.

func (NullIP) Value

func (ip NullIP) Value() (value driver.Value, err error)

Value is the NullIP implementation of the databases/sql driver.Valuer.

type OAuth2BlacklistedJTI added in v4.35.0

type OAuth2BlacklistedJTI struct {
	ID        int       `db:"id"`
	Signature string    `db:"signature"`
	ExpiresAt time.Time `db:"expires_at"`
}

OAuth2BlacklistedJTI represents a blacklisted JTI used with OAuth2.0.

func NewOAuth2BlacklistedJTI added in v4.35.0

func NewOAuth2BlacklistedJTI(jti string, exp time.Time) (jtiBlacklist OAuth2BlacklistedJTI)

NewOAuth2BlacklistedJTI creates a new OAuth2BlacklistedJTI.

type OAuth2ConsentPreConfig added in v4.37.0

type OAuth2ConsentPreConfig struct {
	ID       int64     `db:"id"`
	ClientID string    `db:"client_id"`
	Subject  uuid.UUID `db:"subject"`

	CreatedAt time.Time    `db:"created_at"`
	ExpiresAt sql.NullTime `db:"expires_at"`

	Revoked bool `db:"revoked"`

	Scopes   StringSlicePipeDelimited `db:"scopes"`
	Audience StringSlicePipeDelimited `db:"audience"`
}

OAuth2ConsentPreConfig stores information about an OAuth2.0 Pre-Configured Consent.

func (*OAuth2ConsentPreConfig) CanConsent added in v4.37.0

func (s *OAuth2ConsentPreConfig) CanConsent() bool

CanConsent returns true if this pre-configuration can still provide consent.

func (*OAuth2ConsentPreConfig) HasExactGrantedAudience added in v4.37.0

func (s *OAuth2ConsentPreConfig) HasExactGrantedAudience(audience []string) (has bool)

HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.

func (*OAuth2ConsentPreConfig) HasExactGrantedScopes added in v4.37.0

func (s *OAuth2ConsentPreConfig) HasExactGrantedScopes(scopes []string) (has bool)

HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.

func (*OAuth2ConsentPreConfig) HasExactGrants added in v4.37.0

func (s *OAuth2ConsentPreConfig) HasExactGrants(scopes, audience []string) (has bool)

HasExactGrants returns true if the granted audience and scopes of this consent pre-configuration matches exactly with another audience and set of scopes.

type OAuth2ConsentSession added in v4.35.0

type OAuth2ConsentSession struct {
	ID          int           `db:"id"`
	ChallengeID uuid.UUID     `db:"challenge_id"`
	ClientID    string        `db:"client_id"`
	Subject     uuid.NullUUID `db:"subject"`

	Authorized bool `db:"authorized"`
	Granted    bool `db:"granted"`

	RequestedAt time.Time    `db:"requested_at"`
	RespondedAt sql.NullTime `db:"responded_at"`

	Form string `db:"form_data"`

	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`

	PreConfiguration sql.NullInt64
}

OAuth2ConsentSession stores information about an OAuth2.0 Consent.

func NewOAuth2ConsentSession added in v4.35.0

func NewOAuth2ConsentSession(subject uuid.UUID, r oauthelia2.Requester) (consent *OAuth2ConsentSession, err error)

NewOAuth2ConsentSession creates a new OAuth2ConsentSession.

func NewOAuth2ConsentSessionWithForm added in v4.38.0

func NewOAuth2ConsentSessionWithForm(subject uuid.UUID, r oauthelia2.Requester, form url.Values) (consent *OAuth2ConsentSession, err error)

NewOAuth2ConsentSessionWithForm creates a new OAuth2ConsentSession with a custom form parameter.

func (*OAuth2ConsentSession) CanGrant added in v4.35.0

func (s *OAuth2ConsentSession) CanGrant() bool

CanGrant returns true if the session can still grant a token. This is NOT indicative of if there is a user response to this consent request or if the user rejected the consent request.

func (*OAuth2ConsentSession) GetForm added in v4.35.0

func (s *OAuth2ConsentSession) GetForm() (form url.Values, err error)

GetForm returns the form.

func (*OAuth2ConsentSession) Grant added in v4.37.0

func (s *OAuth2ConsentSession) Grant()

Grant grants the requested scopes and audience.

func (*OAuth2ConsentSession) HasExactGrantedAudience added in v4.35.0

func (s *OAuth2ConsentSession) HasExactGrantedAudience(audience []string) (has bool)

HasExactGrantedAudience returns true if the granted audience of this consent matches exactly with another audience.

func (*OAuth2ConsentSession) HasExactGrantedScopes added in v4.35.0

func (s *OAuth2ConsentSession) HasExactGrantedScopes(scopes []string) (has bool)

HasExactGrantedScopes returns true if the granted scopes of this consent matches exactly with another set of scopes.

func (*OAuth2ConsentSession) HasExactGrants added in v4.35.0

func (s *OAuth2ConsentSession) HasExactGrants(scopes, audience []string) (has bool)

HasExactGrants returns true if the granted audience and scopes of this consent matches exactly with another audience and set of scopes.

func (*OAuth2ConsentSession) IsAuthorized added in v4.35.0

func (s *OAuth2ConsentSession) IsAuthorized() bool

IsAuthorized returns true if the user has responded to the consent session and it was authorized.

func (*OAuth2ConsentSession) IsDenied added in v4.35.0

func (s *OAuth2ConsentSession) IsDenied() bool

IsDenied returns true if the user has responded to the consent session and it was not authorized.

func (*OAuth2ConsentSession) Responded added in v4.35.0

func (s *OAuth2ConsentSession) Responded() bool

Responded returns true if the user has responded to the consent session.

type OAuth2PARContext added in v4.38.0

type OAuth2PARContext struct {
	ID                   int                      `db:"id"`
	Signature            string                   `db:"signature"`
	RequestID            string                   `db:"request_id"`
	ClientID             string                   `db:"client_id"`
	RequestedAt          time.Time                `db:"requested_at"`
	Scopes               StringSlicePipeDelimited `db:"scopes"`
	Audience             StringSlicePipeDelimited `db:"audience"`
	HandledResponseTypes StringSlicePipeDelimited `db:"handled_response_types"`
	ResponseMode         string                   `db:"response_mode"`
	DefaultResponseMode  string                   `db:"response_mode_default"`
	Revoked              bool                     `db:"revoked"`
	Form                 string                   `db:"form_data"`
	Session              []byte                   `db:"session_data"`
}

OAuth2PARContext holds relevant information about a Pushed Authorization Request in order to process the authorization.

func NewOAuth2PARContext added in v4.38.0

func NewOAuth2PARContext(contextID string, r oauthelia2.AuthorizeRequester) (context *OAuth2PARContext, err error)

NewOAuth2PARContext creates a new Pushed Authorization Request Context as a OAuth2PARContext.

func (*OAuth2PARContext) ToAuthorizeRequest added in v4.38.0

func (par *OAuth2PARContext) ToAuthorizeRequest(ctx context.Context, session oauthelia2.Session, store oauthelia2.Storage) (request *oauthelia2.AuthorizeRequest, err error)

type OAuth2Session added in v4.35.0

type OAuth2Session struct {
	ID                int                      `db:"id"`
	ChallengeID       uuid.NullUUID            `db:"challenge_id"`
	RequestID         string                   `db:"request_id"`
	ClientID          string                   `db:"client_id"`
	Signature         string                   `db:"signature"`
	RequestedAt       time.Time                `db:"requested_at"`
	Subject           sql.NullString           `db:"subject"`
	RequestedScopes   StringSlicePipeDelimited `db:"requested_scopes"`
	GrantedScopes     StringSlicePipeDelimited `db:"granted_scopes"`
	RequestedAudience StringSlicePipeDelimited `db:"requested_audience"`
	GrantedAudience   StringSlicePipeDelimited `db:"granted_audience"`
	Active            bool                     `db:"active"`
	Revoked           bool                     `db:"revoked"`
	Form              string                   `db:"form_data"`
	Session           []byte                   `db:"session_data"`
}

OAuth2Session represents a OAuth2.0 session.

func NewOAuth2SessionFromRequest added in v4.35.0

func NewOAuth2SessionFromRequest(signature string, r oauthelia2.Requester) (session *OAuth2Session, err error)

NewOAuth2SessionFromRequest creates a new OAuth2Session from a signature and oauthelia2.Requester.

func (*OAuth2Session) SetSubject added in v4.35.0

func (s *OAuth2Session) SetSubject(subject string)

SetSubject implements an interface required for RFC7523.

func (*OAuth2Session) ToRequest added in v4.35.0

func (s *OAuth2Session) ToRequest(ctx context.Context, session oauthelia2.Session, store oauthelia2.Storage) (request *oauthelia2.Request, err error)

ToRequest converts an OAuth2Session into a oauthelia2.Request given a oauthelia2.Session and oauthelia2.Storage.

type OneTimeCode added in v4.38.0

type OneTimeCode struct {
	ID         int          `db:"id"`
	PublicID   uuid.UUID    `db:"public_id"`
	Signature  string       `db:"signature"`
	IssuedAt   time.Time    `db:"issued"`
	IssuedIP   IP           `db:"issued_ip"`
	ExpiresAt  time.Time    `db:"expires"`
	Username   string       `db:"username"`
	Intent     string       `db:"intent"`
	ConsumedAt sql.NullTime `db:"consumed"`
	ConsumedIP NullIP       `db:"consumed_ip"`
	RevokedAt  sql.NullTime `db:"revoked"`
	RevokedIP  NullIP       `db:"revoked_ip"`
	Code       []byte       `db:"code"`
}

OneTimeCode represents special one-time codes stored in the database.

func NewOneTimeCode added in v4.38.0

func NewOneTimeCode(ctx Context, username string, characters int, duration time.Duration) (otp *OneTimeCode, err error)

NewOneTimeCode returns a new OneTimeCode.

func (*OneTimeCode) Consume added in v4.38.0

func (otp *OneTimeCode) Consume(ctx Context)

Consume sets the values required to consume the one-time code.

type OpenIDSession added in v4.35.0

type OpenIDSession interface {
	oauthelia2.Session

	GetChallengeID() uuid.NullUUID
}

OpenIDSession represents the types available for an oidc.Session that are required in the models package.

type SchemaMigration

type SchemaMigration struct {
	Version  int
	Name     string
	Provider string
	Up       bool
	Query    string
}

SchemaMigration represents an intended migration.

func (SchemaMigration) After

func (m SchemaMigration) After() (after int)

After returns the version the schema will be at After the migration is applied.

func (SchemaMigration) Before

func (m SchemaMigration) Before() (before int)

Before returns the version the schema should be at Before the migration is applied.

func (SchemaMigration) NotEmpty added in v4.38.0

func (m SchemaMigration) NotEmpty() bool

NotEmpty returns true if the SchemaMigration is not an empty string.

type SemanticVersion added in v4.36.0

type SemanticVersion struct {
	Major      int
	Minor      int
	Patch      int
	PreRelease []string
	Metadata   []string
}

SemanticVersion represents a semantic 2.0 version.

func NewSemanticVersion added in v4.36.0

func NewSemanticVersion(input string) (version *SemanticVersion, err error)

NewSemanticVersion creates a SemanticVersion from a string.

func (SemanticVersion) Copy added in v4.38.0

Copy the values for this SemanticVersion.

func (SemanticVersion) Equal added in v4.36.0

func (v SemanticVersion) Equal(version SemanticVersion) (equals bool)

Equal returns true if this SemanticVersion is equal to the provided SemanticVersion.

func (SemanticVersion) GreaterThan added in v4.36.0

func (v SemanticVersion) GreaterThan(version SemanticVersion) (gt bool)

GreaterThan returns true if this SemanticVersion is greater than the provided SemanticVersion.

func (SemanticVersion) GreaterThanOrEqual added in v4.36.0

func (v SemanticVersion) GreaterThanOrEqual(version SemanticVersion) (ge bool)

GreaterThanOrEqual returns true if this SemanticVersion is greater than or equal to the provided SemanticVersion.

func (SemanticVersion) IsAbsolute added in v4.38.0

func (v SemanticVersion) IsAbsolute() bool

IsAbsolute returns true if the pre release and metadata values are empty.

func (SemanticVersion) IsStable added in v4.38.0

func (v SemanticVersion) IsStable() bool

IsStable returns true if the pre release and metadata values are empty and the major value is above 0.

func (SemanticVersion) LessThan added in v4.36.0

func (v SemanticVersion) LessThan(version SemanticVersion) (gt bool)

LessThan returns true if this SemanticVersion is less than the provided SemanticVersion.

func (SemanticVersion) LessThanOrEqual added in v4.36.0

func (v SemanticVersion) LessThanOrEqual(version SemanticVersion) (ge bool)

LessThanOrEqual returns true if this SemanticVersion is less than or equal to the provided SemanticVersion.

func (SemanticVersion) NextMajor added in v4.38.0

func (v SemanticVersion) NextMajor() (version SemanticVersion)

NextMajor returns the next major SemanticVersion from this current SemanticVersion.

func (SemanticVersion) NextMinor added in v4.38.0

func (v SemanticVersion) NextMinor() (version SemanticVersion)

NextMinor returns the next minor SemanticVersion from this current SemanticVersion.

func (SemanticVersion) NextPatch added in v4.38.0

func (v SemanticVersion) NextPatch() (version SemanticVersion)

NextPatch returns the next patch SemanticVersion from this current SemanticVersion.

func (SemanticVersion) String added in v4.36.0

func (v SemanticVersion) String() (value string)

String is a function to provide a nice representation of a SemanticVersion.

type StartupCheck

type StartupCheck interface {
	StartupCheck() (err error)
}

StartupCheck represents a provider that has a startup check.

type StringSlicePipeDelimited added in v4.35.0

type StringSlicePipeDelimited []string

StringSlicePipeDelimited is a string slice that is stored in the database delimited by pipes.

func (*StringSlicePipeDelimited) Scan added in v4.35.0

func (s *StringSlicePipeDelimited) Scan(value any) (err error)

Scan is the StringSlicePipeDelimited implementation of the sql.Scanner.

func (StringSlicePipeDelimited) Value added in v4.35.0

Value is the StringSlicePipeDelimited implementation of the databases/sql driver.Valuer.

type TOTPConfiguration

type TOTPConfiguration struct {
	ID         int          `db:"id"`
	CreatedAt  time.Time    `db:"created_at"`
	LastUsedAt sql.NullTime `db:"last_used_at"`
	Username   string       `db:"username"`
	Issuer     string       `db:"issuer"`
	Algorithm  string       `db:"algorithm"`
	Digits     uint32       `db:"digits"`
	Period     uint         `db:"period"`
	Secret     []byte       `db:"secret"`
}

TOTPConfiguration represents a users TOTP configuration row in the database.

func (*TOTPConfiguration) HistorySince added in v4.38.0

func (c *TOTPConfiguration) HistorySince(now time.Time, skew *int) time.Time

HistorySince provides a reasonably accurate window for previously successful attempts to check for history.

func (*TOTPConfiguration) Image

func (c *TOTPConfiguration) Image(width, height int) (img image.Image, err error)

Image returns the image.Image of the TOTPConfiguration using the Image func from the return of TOTPConfiguration.Key.

func (*TOTPConfiguration) Key

func (c *TOTPConfiguration) Key() (key *otp.Key, err error)

Key returns the *otp.Key using TOTPConfiguration.URI with otp.NewKeyFromURL.

func (*TOTPConfiguration) LastUsed added in v4.37.0

func (c *TOTPConfiguration) LastUsed() *time.Time

LastUsed provides LastUsedAt as a *time.Time instead of sql.NullTime.

func (TOTPConfiguration) MarshalJSON added in v4.38.0

func (c TOTPConfiguration) MarshalJSON() (data []byte, err error)

MarshalJSON returns the TOTPConfiguration in a JSON friendly manner.

func (*TOTPConfiguration) MarshalYAML added in v4.38.0

func (c *TOTPConfiguration) MarshalYAML() (any, error)

MarshalYAML marshals this model into YAML.

func (*TOTPConfiguration) ToData added in v4.38.0

ToData converts this TOTPConfiguration into the data format for exporting etc.

func (*TOTPConfiguration) URI

func (c *TOTPConfiguration) URI() (uri string)

URI shows the configuration in the URI representation.

func (*TOTPConfiguration) UnmarshalYAML added in v4.38.0

func (c *TOTPConfiguration) UnmarshalYAML(value *yaml.Node) (err error)

UnmarshalYAML unmarshalls YAML into this model.

func (*TOTPConfiguration) UpdateSignInInfo

func (c *TOTPConfiguration) UpdateSignInInfo(now time.Time)

UpdateSignInInfo adjusts the values of the TOTPConfiguration after a sign in.

type TOTPConfigurationData added in v4.38.0

type TOTPConfigurationData struct {
	CreatedAt  time.Time  `` /* 130-byte string literal not displayed */
	LastUsedAt *time.Time `` /* 141-byte string literal not displayed */
	Username   string     `` /* 140-byte string literal not displayed */
	Issuer     string     `yaml:"issuer" json:"issuer" jsonschema:"title=Issuer" jsonschema_description:"The issuer name this was generated with."`
	Algorithm  string     `` /* 126-byte string literal not displayed */
	Digits     uint32     `yaml:"digits" json:"digits" jsonschema:"title=Digits" jsonschema_description:"The number of digits this configuration uses."`
	Period     uint       `yaml:"period" json:"period" jsonschema:"title=Period" jsonschema_description:"The period of time this configuration uses."`
	Secret     string     `yaml:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"The secret shared key for this configuration."`
}

TOTPConfigurationData is used for marshalling/unmarshalling tasks.

type TOTPConfigurationDataExport added in v4.38.0

type TOTPConfigurationDataExport struct {
	TOTPConfigurations []TOTPConfigurationData `` /* 150-byte string literal not displayed */
}

TOTPConfigurationDataExport represents a TOTPConfiguration export file.

type TOTPConfigurationExport added in v4.38.0

type TOTPConfigurationExport struct {
	TOTPConfigurations []TOTPConfiguration `yaml:"totp_configurations"`
}

TOTPConfigurationExport represents a TOTPConfiguration export file.

func (TOTPConfigurationExport) MarshalYAML added in v4.38.0

func (export TOTPConfigurationExport) MarshalYAML() (any, error)

MarshalYAML marshals this model into YAML.

func (TOTPConfigurationExport) ToData added in v4.38.0

ToData converts this TOTPConfigurationExport into a TOTPConfigurationDataExport.

type TOTPConfigurationJSON added in v4.38.0

type TOTPConfigurationJSON struct {
	CreatedAt  time.Time  `json:"created_at"`
	LastUsedAt *time.Time `json:"last_used_at,omitempty"`
	Issuer     string     `json:"issuer"`
	Algorithm  string     `json:"algorithm"`
	Digits     uint32     `json:"digits"`
	Period     uint       `json:"period"`
}

TOTPConfigurationJSON is the JSON representation for a TOTPConfiguration.

type TOTPOptions added in v4.38.0

type TOTPOptions struct {
	Algorithm  string   `json:"algorithm"`
	Algorithms []string `json:"algorithms"`

	Length  int   `json:"length"`
	Lengths []int `json:"lengths"`

	Period  int   `json:"period"`
	Periods []int `json:"periods"`
}

type UserInfo

type UserInfo struct {
	// The users display name.
	DisplayName string `db:"-" json:"display_name"`

	// The preferred 2FA method.
	Method string `db:"second_factor_method" json:"method" valid:"required"`

	// True if a TOTP device has been registered.
	HasTOTP bool `db:"has_totp" json:"has_totp" valid:"required"`

	// True if a WebAuthn credential has been registered.
	HasWebAuthn bool `db:"has_webauthn" json:"has_webauthn" valid:"required"`

	// True if a duo device has been configured as the preferred.
	HasDuo bool `db:"has_duo" json:"has_duo" valid:"required"`
}

UserInfo represents the user information required by the web UI.

func (*UserInfo) SetDefaultPreferred2FAMethod added in v4.34.6

func (i *UserInfo) SetDefaultPreferred2FAMethod(methods []string, fallback string) (changed bool)

SetDefaultPreferred2FAMethod configures the default method based on what is configured as available and the users available methods.

type UserOpaqueIdentifier added in v4.35.0

type UserOpaqueIdentifier struct {
	ID       int    `db:"id" yaml:"-"`
	Service  string `` /* 135-byte string literal not displayed */
	SectorID string `` /* 152-byte string literal not displayed */
	Username string `` /* 141-byte string literal not displayed */

	Identifier uuid.UUID `` /* 150-byte string literal not displayed */
}

UserOpaqueIdentifier represents an opaque identifier for a user. Commonly used with OAuth 2.0 and OpenID Connect.

func NewUserOpaqueIdentifier added in v4.35.0

func NewUserOpaqueIdentifier(service, sectorID, username string) (id *UserOpaqueIdentifier, err error)

NewUserOpaqueIdentifier either creates a new UserOpaqueIdentifier or returns an error.

type UserOpaqueIdentifiersExport added in v4.35.0

type UserOpaqueIdentifiersExport struct {
	Identifiers []UserOpaqueIdentifier `yaml:"identifiers" json:"identifiers" jsonschema:"title=Identifiers" jsonschema_description:"The list of opaque identifiers."`
}

UserOpaqueIdentifiersExport represents a UserOpaqueIdentifier export file.

type WebAuthnCredential added in v4.38.0

type WebAuthnCredential struct {
	ID              int           `db:"id"`
	CreatedAt       time.Time     `db:"created_at"`
	LastUsedAt      sql.NullTime  `db:"last_used_at"`
	RPID            string        `db:"rpid"`
	Username        string        `db:"username"`
	Description     string        `db:"description"`
	KID             Base64        `db:"kid"`
	AAGUID          uuid.NullUUID `db:"aaguid"`
	AttestationType string        `db:"attestation_type"`
	Attachment      string        `db:"attachment"`
	Transport       string        `db:"transport"`
	SignCount       uint32        `db:"sign_count"`
	CloneWarning    bool          `db:"clone_warning"`
	Legacy          bool          `db:"legacy"`
	Discoverable    bool          `db:"discoverable"`
	Present         bool          `db:"present"`
	Verified        bool          `db:"verified"`
	BackupEligible  bool          `db:"backup_eligible"`
	BackupState     bool          `db:"backup_state"`
	PublicKey       []byte        `db:"public_key"`
}

WebAuthnCredential represents a WebAuthn Credential in the database storage.

func NewWebAuthnCredential added in v4.38.0

func NewWebAuthnCredential(ctx Context, rpid, username, description string, credential *webauthn.Credential) (c WebAuthnCredential)

NewWebAuthnCredential creates a WebAuthnCredential from a webauthn.Credential.

func (*WebAuthnCredential) DataValueAAGUID added in v4.38.0

func (c *WebAuthnCredential) DataValueAAGUID() *string

DataValueAAGUID provides AAGUID as a *string instead of uuid.NullUUID.

func (*WebAuthnCredential) DataValueLastUsedAt added in v4.38.0

func (c *WebAuthnCredential) DataValueLastUsedAt() *time.Time

DataValueLastUsedAt provides LastUsedAt as a *time.Time instead of sql.NullTime.

func (*WebAuthnCredential) MarshalJSON added in v4.38.0

func (c *WebAuthnCredential) MarshalJSON() (data []byte, err error)

MarshalJSON returns the WebAuthnCredential in a JSON friendly manner.

func (*WebAuthnCredential) MarshalYAML added in v4.38.0

func (c *WebAuthnCredential) MarshalYAML() (any, error)

MarshalYAML marshals this model into YAML.

func (*WebAuthnCredential) ToData added in v4.38.0

func (*WebAuthnCredential) UnmarshalYAML added in v4.38.0

func (c *WebAuthnCredential) UnmarshalYAML(value *yaml.Node) (err error)

UnmarshalYAML unmarshalls YAML into this model.

func (*WebAuthnCredential) UpdateSignInInfo added in v4.38.0

func (c *WebAuthnCredential) UpdateSignInInfo(config *webauthn.Config, now time.Time, authenticator webauthn.Authenticator)

UpdateSignInInfo adjusts the values of the WebAuthnCredential after a sign in.

type WebAuthnCredentialData added in v4.38.0

type WebAuthnCredentialData struct {
	ID              int        `json:"id" yaml:"-"`
	CreatedAt       time.Time  `` /* 128-byte string literal not displayed */
	LastUsedAt      *time.Time `` /* 156-byte string literal not displayed */
	RPID            string     `` /* 139-byte string literal not displayed */
	Username        string     `` /* 137-byte string literal not displayed */
	Description     string     `` /* 134-byte string literal not displayed */
	KID             string     `yaml:"kid" json:"kid" jsonschema:"title=Public Key ID" jsonschema_description:"The Public Key ID of this credential."`
	AAGUID          *string    `` /* 173-byte string literal not displayed */
	AttestationType string     `` /* 158-byte string literal not displayed */
	Attachment      string     `` /* 136-byte string literal not displayed */
	Transports      []string   `` /* 131-byte string literal not displayed */
	SignCount       uint32     `` /* 131-byte string literal not displayed */
	CloneWarning    bool       `` /* 143-byte string literal not displayed */
	Legacy          bool       `` /* 154-byte string literal not displayed */
	Discoverable    bool       `` /* 140-byte string literal not displayed */
	Present         bool       `` /* 126-byte string literal not displayed */
	Verified        bool       `yaml:"verified" json:"verified" jsonschema:"title=Verified" jsonschema_description:"The verified status of this credential."`
	BackupEligible  bool       `` /* 152-byte string literal not displayed */
	BackupState     bool       `` /* 146-byte string literal not displayed */
	PublicKey       string     `yaml:"public_key" json:"public_key" jsonschema:"title=Public Key" jsonschema_description:"The credential public key."`
}

WebAuthnCredentialData represents a WebAuthn Credential in a way which can be serialized.

func (*WebAuthnCredentialData) ToCredential added in v4.38.0

func (c *WebAuthnCredentialData) ToCredential() (credential *WebAuthnCredential, err error)

type WebAuthnCredentialDataExport added in v4.38.0

type WebAuthnCredentialDataExport struct {
	WebAuthnCredentials []WebAuthnCredentialData `` /* 154-byte string literal not displayed */
}

WebAuthnCredentialDataExport represents a WebAuthnCredential export file.

type WebAuthnCredentialExport added in v4.38.0

type WebAuthnCredentialExport struct {
	WebAuthnCredentials []WebAuthnCredential `yaml:"webauthn_credentials"`
}

WebAuthnCredentialExport represents a WebAuthnCredential export file.

func (WebAuthnCredentialExport) MarshalYAML added in v4.38.0

func (export WebAuthnCredentialExport) MarshalYAML() (any, error)

MarshalYAML marshals this model into YAML.

func (WebAuthnCredentialExport) ToData added in v4.38.0

ToData converts this WebAuthnCredentialExport into a WebAuthnCredentialDataExport.

type WebAuthnUser added in v4.38.0

type WebAuthnUser struct {
	ID          int    `db:"id"`
	RPID        string `db:"rpid"`
	Username    string `db:"username"`
	UserID      string `db:"userid"`
	DisplayName string `db:"-"`

	Credentials []WebAuthnCredential `db:"-"`
}

WebAuthnUser is an object to represent a user for the WebAuthn lib.

func (WebAuthnUser) HasFIDOU2F added in v4.38.0

func (u WebAuthnUser) HasFIDOU2F() bool

HasFIDOU2F returns true if the user has any attestation type `fido-u2f` credentials.

func (WebAuthnUser) WebAuthnCredentialDescriptors added in v4.38.0

func (u WebAuthnUser) WebAuthnCredentialDescriptors() (descriptors []protocol.CredentialDescriptor)

WebAuthnCredentialDescriptors decodes the users credentials into protocol.CredentialDescriptor's.

func (WebAuthnUser) WebAuthnCredentials added in v4.38.0

func (u WebAuthnUser) WebAuthnCredentials() (credentials []webauthn.Credential)

WebAuthnCredentials implements the webauthn.User interface.

func (WebAuthnUser) WebAuthnDisplayName added in v4.38.0

func (u WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName implements the webauthn.User interface.

func (WebAuthnUser) WebAuthnID added in v4.38.0

func (u WebAuthnUser) WebAuthnID() []byte

WebAuthnID implements the webauthn.User interface.

func (WebAuthnUser) WebAuthnIcon added in v4.38.0

func (u WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon implements the webauthn.User interface.

func (WebAuthnUser) WebAuthnName added in v4.38.0

func (u WebAuthnUser) WebAuthnName() string

WebAuthnName implements the webauthn.User interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL