Documentation ¶
Index ¶
- Variables
- func NewFileCryptoHashFromConfig(config schema.AuthenticationBackendFilePassword) (hash algorithm.Hash, err error)
- type FileDatabaseModel
- type FileDatabaseUserDetailsModel
- type FileUserDatabase
- func (m *FileUserDatabase) GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error)
- func (m *FileUserDatabase) Load() (err error)
- func (m *FileUserDatabase) LoadAliases() (err error)
- func (m *FileUserDatabase) Save() (err error)
- func (m *FileUserDatabase) SetUserDetails(username string, details *FileUserDatabaseUserDetails)
- func (m *FileUserDatabase) ToDatabaseModel() (model *FileDatabaseModel)
- type FileUserDatabaseUserDetails
- type FileUserProvider
- func (p *FileUserProvider) CheckUserPassword(username string, password string) (match bool, err error)
- func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, err error)
- func (p *FileUserProvider) Reload() (reloaded bool, err error)
- func (p *FileUserProvider) StartupCheck() (err error)
- func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (err error)
- type FileUserProviderDatabase
- type LDAPClient
- type LDAPClientFactory
- type LDAPSupportedControlTypes
- type LDAPSupportedExtensions
- type LDAPSupportedFeatures
- type LDAPUserProvider
- func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)
- func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)
- func (p *LDAPUserProvider) StartupCheck() (err error)
- func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
- type Level
- type ProductionLDAPClientFactory
- type UserDetails
- type UserProvider
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUserNotFound indicates the user wasn't found in the authentication backend. ErrUserNotFound = errors.New("user not found") // ErrNoContent is returned when the file is empty. ErrNoContent = errors.New("no file content") )
Functions ¶
func NewFileCryptoHashFromConfig ¶ added in v4.37.0
func NewFileCryptoHashFromConfig(config schema.AuthenticationBackendFilePassword) (hash algorithm.Hash, err error)
NewFileCryptoHashFromConfig returns a crypt.Hash given a valid configuration.
Types ¶
type FileDatabaseModel ¶ added in v4.38.0
type FileDatabaseModel struct {
Users map[string]FileDatabaseUserDetailsModel `` /* 126-byte string literal not displayed */
}
FileDatabaseModel is the model of users file database.
func (*FileDatabaseModel) Read ¶ added in v4.38.0
func (m *FileDatabaseModel) Read(filePath string) (err error)
Read a FileDatabaseModel from disk.
func (*FileDatabaseModel) ReadToFileUserDatabase ¶ added in v4.38.0
func (m *FileDatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error)
ReadToFileUserDatabase reads the FileDatabaseModel into a FileUserDatabase.
func (*FileDatabaseModel) Write ¶ added in v4.38.0
func (m *FileDatabaseModel) Write(fileName string) (err error)
Write a FileDatabaseModel to disk.
type FileDatabaseUserDetailsModel ¶ added in v4.38.0
type FileDatabaseUserDetailsModel struct { Password string `yaml:"password" valid:"required"` DisplayName string `yaml:"displayname" valid:"required"` Email string `yaml:"email"` Groups []string `yaml:"groups"` Disabled bool `yaml:"disabled"` }
FileDatabaseUserDetailsModel is the model of user details in the file database.
func (FileDatabaseUserDetailsModel) ToDatabaseUserDetailsModel ¶ added in v4.38.0
func (m FileDatabaseUserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *FileUserDatabaseUserDetails, err error)
ToDatabaseUserDetailsModel converts a FileDatabaseUserDetailsModel into a *FileUserDatabaseUserDetails.
type FileUserDatabase ¶ added in v4.37.0
type FileUserDatabase struct { *sync.RWMutex `json:"-"` Users map[string]FileUserDatabaseUserDetails `json:"users" jsonschema:"required,title=Users" jsonschema_description:"The dictionary of users."` Path string `json:"-"` Emails map[string]string `json:"-"` Aliases map[string]string `json:"-"` SearchEmail bool `json:"-"` SearchCI bool `json:"-"` }
FileUserDatabase is a user details database that is concurrency safe database and can be reloaded.
func NewFileUserDatabase ¶ added in v4.37.0
func NewFileUserDatabase(filePath string, searchEmail, searchCI bool) (database *FileUserDatabase)
NewFileUserDatabase creates a new FileUserDatabase.
func (*FileUserDatabase) GetUserDetails ¶ added in v4.37.0
func (m *FileUserDatabase) GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error)
GetUserDetails get a FileUserDatabaseUserDetails given a username as a value type where the username must be the users actual username.
func (*FileUserDatabase) Load ¶ added in v4.37.0
func (m *FileUserDatabase) Load() (err error)
Load the database from disk.
func (*FileUserDatabase) LoadAliases ¶ added in v4.37.0
func (m *FileUserDatabase) LoadAliases() (err error)
LoadAliases performs the loading of alias information from the database.
func (*FileUserDatabase) Save ¶ added in v4.37.0
func (m *FileUserDatabase) Save() (err error)
Save the database to disk.
func (*FileUserDatabase) SetUserDetails ¶ added in v4.37.0
func (m *FileUserDatabase) SetUserDetails(username string, details *FileUserDatabaseUserDetails)
SetUserDetails sets the FileUserDatabaseUserDetails for a given user.
func (*FileUserDatabase) ToDatabaseModel ¶ added in v4.37.0
func (m *FileUserDatabase) ToDatabaseModel() (model *FileDatabaseModel)
ToDatabaseModel converts the FileUserDatabase into the FileDatabaseModel for saving.
type FileUserDatabaseUserDetails ¶ added in v4.38.0
type FileUserDatabaseUserDetails struct { Username string `json:"-"` Password *schema.PasswordDigest `json:"password" jsonschema:"required,title=Password" jsonschema_description:"The hashed password for the user."` DisplayName string `json:"displayname" jsonschema:"required,title=Display Name" jsonschema_description:"The display name for the user."` Email string `json:"email" jsonschema:"title=Email" jsonschema_description:"The email for the user."` Groups []string `json:"groups" jsonschema:"title=Groups" jsonschema_description:"The groups list for the user."` Disabled bool `json:"disabled" jsonschema:"default=false,title=Disabled" jsonschema_description:"The disabled status for the user."` }
FileUserDatabaseUserDetails is the model of user details in the file database.
func (FileUserDatabaseUserDetails) ToUserDetails ¶ added in v4.38.0
func (m FileUserDatabaseUserDetails) ToUserDetails() (details *UserDetails)
ToUserDetails converts FileUserDatabaseUserDetails into a *UserDetails given a username.
func (FileUserDatabaseUserDetails) ToUserDetailsModel ¶ added in v4.38.0
func (m FileUserDatabaseUserDetails) ToUserDetailsModel() (model FileDatabaseUserDetailsModel)
ToUserDetailsModel converts FileUserDatabaseUserDetails into a FileDatabaseUserDetailsModel.
type FileUserProvider ¶
type FileUserProvider struct {
// contains filtered or unexported fields
}
FileUserProvider is a provider reading details from a file.
func NewFileUserProvider ¶
func NewFileUserProvider(config *schema.AuthenticationBackendFile) (provider *FileUserProvider)
NewFileUserProvider creates a new instance of FileUserProvider.
func (*FileUserProvider) CheckUserPassword ¶
func (p *FileUserProvider) CheckUserPassword(username string, password string) (match bool, err error)
CheckUserPassword checks if provided password matches for the given user.
func (*FileUserProvider) GetDetails ¶
func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, err error)
GetDetails retrieve the groups a user belongs to.
func (*FileUserProvider) Reload ¶ added in v4.37.0
func (p *FileUserProvider) Reload() (reloaded bool, err error)
Reload the database.
func (*FileUserProvider) StartupCheck ¶ added in v4.31.0
func (p *FileUserProvider) StartupCheck() (err error)
StartupCheck implements the startup check provider interface.
func (*FileUserProvider) UpdatePassword ¶
func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (err error)
UpdatePassword update the password of the given user.
type FileUserProviderDatabase ¶ added in v4.38.0
type FileUserProviderDatabase interface { Save() (err error) Load() (err error) GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error) SetUserDetails(username string, details *FileUserDatabaseUserDetails) }
type LDAPClient ¶ added in v4.35.3
type LDAPClient interface { Close() (err error) IsClosing() bool SetTimeout(timeout time.Duration) TLSConnectionState() (state tls.ConnectionState, ok bool) StartTLS(config *tls.Config) (err error) Unbind() (err error) Bind(username, password string) (err error) SimpleBind(request *ldap.SimpleBindRequest) (result *ldap.SimpleBindResult, err error) MD5Bind(host string, username string, password string) (err error) DigestMD5Bind(request *ldap.DigestMD5BindRequest) (result *ldap.DigestMD5BindResult, err error) UnauthenticatedBind(username string) (err error) ExternalBind() (err error) NTLMBind(domain string, username string, password string) (err error) NTLMUnauthenticatedBind(domain string, username string) (err error) NTLMBindWithHash(domain string, username string, hash string) (err error) NTLMChallengeBind(request *ldap.NTLMBindRequest) (result *ldap.NTLMBindResult, err error) Modify(request *ldap.ModifyRequest) (err error) ModifyWithResult(request *ldap.ModifyRequest) (result *ldap.ModifyResult, err error) ModifyDN(m *ldap.ModifyDNRequest) (err error) PasswordModify(request *ldap.PasswordModifyRequest) (result *ldap.PasswordModifyResult, err error) Add(request *ldap.AddRequest) (err error) Del(request *ldap.DelRequest) (err error) Search(request *ldap.SearchRequest) (result *ldap.SearchResult, err error) SearchWithPaging(request *ldap.SearchRequest, pagingSize uint32) (result *ldap.SearchResult, err error) Compare(dn string, attribute string, value string) (same bool, err error) WhoAmI(controls []ldap.Control) (result *ldap.WhoAmIResult, err error) }
LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.
Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.
type LDAPClientFactory ¶ added in v4.35.3
type LDAPClientFactory interface {
DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
}
LDAPClientFactory an interface of factory of LDAP clients.
type LDAPSupportedControlTypes ¶ added in v4.35.3
LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.
type LDAPSupportedExtensions ¶ added in v4.35.3
LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.
type LDAPSupportedFeatures ¶ added in v4.35.3
type LDAPSupportedFeatures struct { Extensions LDAPSupportedExtensions ControlTypes LDAPSupportedControlTypes }
LDAPSupportedFeatures represents features which a server may support which are implemented in code.
type LDAPUserProvider ¶
type LDAPUserProvider struct {
// contains filtered or unexported fields
}
LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.
func NewLDAPUserProvider ¶
func NewLDAPUserProvider(config schema.AuthenticationBackend, certPool *x509.CertPool) (provider *LDAPUserProvider)
NewLDAPUserProvider creates a new instance of LDAPUserProvider with the ProductionLDAPClientFactory.
func NewLDAPUserProviderWithFactory ¶ added in v4.38.0
func NewLDAPUserProviderWithFactory(config schema.AuthenticationBackendLDAP, disableResetPassword bool, certPool *x509.CertPool, factory LDAPClientFactory) (provider *LDAPUserProvider)
NewLDAPUserProviderWithFactory creates a new instance of LDAPUserProvider with the specified LDAPClientFactory.
func (*LDAPUserProvider) CheckUserPassword ¶
func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)
CheckUserPassword checks if provided password matches for the given user.
func (*LDAPUserProvider) GetDetails ¶
func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)
GetDetails retrieve the groups a user belongs to.
func (*LDAPUserProvider) StartupCheck ¶ added in v4.31.0
func (p *LDAPUserProvider) StartupCheck() (err error)
StartupCheck implements the startup check provider interface.
func (*LDAPUserProvider) UpdatePassword ¶
func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)
UpdatePassword update the password of the given user.
type ProductionLDAPClientFactory ¶ added in v4.35.3
type ProductionLDAPClientFactory struct{}
ProductionLDAPClientFactory the production implementation of an ldap connection factory.
func NewProductionLDAPClientFactory ¶ added in v4.35.3
func NewProductionLDAPClientFactory() *ProductionLDAPClientFactory
NewProductionLDAPClientFactory create a concrete ldap connection factory.
func (*ProductionLDAPClientFactory) DialURL ¶ added in v4.35.3
func (f *ProductionLDAPClientFactory) DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
DialURL creates a client from an LDAP URL when successful.
type UserDetails ¶
UserDetails represent the details retrieved for a given user.
func (UserDetails) Addresses ¶ added in v4.36.3
func (d UserDetails) Addresses() (addresses []mail.Address)
Addresses returns the Emails []string as []mail.Address formatted with DisplayName as the Name attribute.
type UserProvider ¶
type UserProvider interface { model.StartupCheck CheckUserPassword(username string, password string) (valid bool, err error) GetDetails(username string) (details *UserDetails, err error) UpdatePassword(username string, newPassword string) (err error) }
UserProvider is the interface for checking user password and gathering user details.