authentication

package
v4.38.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrUserNotFound indicates the user wasn't found in the authentication backend.
	ErrUserNotFound = errors.New("user not found")

	// ErrNoContent is returned when the file is empty.
	ErrNoContent = errors.New("no file content")
)

Functions

func NewFileCryptoHashFromConfig added in v4.37.0 

func NewFileCryptoHashFromConfig(config schema.AuthenticationBackendFilePassword) (hash algorithm.Hash, err error)

NewFileCryptoHashFromConfig returns a crypt.Hash given a valid configuration.

Types

type FileDatabaseModel added in v4.38.0 

type FileDatabaseModel struct {
	Users map[string]FileDatabaseUserDetailsModel `` /* 126-byte string literal not displayed */
}

FileDatabaseModel is the model of users file database.

func (*FileDatabaseModel) Read added in v4.38.0 

func (m *FileDatabaseModel) Read(filePath string) (err error)

Read a FileDatabaseModel from disk.

func (*FileDatabaseModel) ReadToFileUserDatabase added in v4.38.0 

func (m *FileDatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error)

ReadToFileUserDatabase reads the FileDatabaseModel into a FileUserDatabase.

func (*FileDatabaseModel) Write added in v4.38.0 

func (m *FileDatabaseModel) Write(fileName string) (err error)

Write a FileDatabaseModel to disk.

type FileDatabaseUserDetailsModel added in v4.38.0 

type FileDatabaseUserDetailsModel struct {
	Password    string   `yaml:"password" valid:"required"`
	DisplayName string   `yaml:"displayname" valid:"required"`
	Email       string   `yaml:"email"`
	Groups      []string `yaml:"groups"`
	Disabled    bool     `yaml:"disabled"`
}

FileDatabaseUserDetailsModel is the model of user details in the file database.

func (FileDatabaseUserDetailsModel) ToDatabaseUserDetailsModel added in v4.38.0 

func (m FileDatabaseUserDetailsModel) ToDatabaseUserDetailsModel(username string) (model *FileUserDatabaseUserDetails, err error)

ToDatabaseUserDetailsModel converts a FileDatabaseUserDetailsModel into a *FileUserDatabaseUserDetails.

type FileUserDatabase added in v4.37.0 

type FileUserDatabase struct {
	*sync.RWMutex `json:"-"`

	Users map[string]FileUserDatabaseUserDetails `json:"users" jsonschema:"required,title=Users" jsonschema_description:"The dictionary of users."`

	Path    string            `json:"-"`
	Emails  map[string]string `json:"-"`
	Aliases map[string]string `json:"-"`

	SearchEmail bool `json:"-"`
	SearchCI    bool `json:"-"`
}

FileUserDatabase is a user details database that is concurrency safe database and can be reloaded.

func NewFileUserDatabase added in v4.37.0 

func NewFileUserDatabase(filePath string, searchEmail, searchCI bool) (database *FileUserDatabase)

NewFileUserDatabase creates a new FileUserDatabase.

func (*FileUserDatabase) GetUserDetails added in v4.37.0 

func (m *FileUserDatabase) GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error)

GetUserDetails get a FileUserDatabaseUserDetails given a username as a value type where the username must be the users actual username.

func (*FileUserDatabase) Load added in v4.37.0 

func (m *FileUserDatabase) Load() (err error)

Load the database from disk.

func (*FileUserDatabase) LoadAliases added in v4.37.0 

func (m *FileUserDatabase) LoadAliases() (err error)

LoadAliases performs the loading of alias information from the database.

func (*FileUserDatabase) Save added in v4.37.0 

func (m *FileUserDatabase) Save() (err error)

Save the database to disk.

func (*FileUserDatabase) SetUserDetails added in v4.37.0 

func (m *FileUserDatabase) SetUserDetails(username string, details *FileUserDatabaseUserDetails)

SetUserDetails sets the FileUserDatabaseUserDetails for a given user.

func (*FileUserDatabase) ToDatabaseModel added in v4.37.0 

func (m *FileUserDatabase) ToDatabaseModel() (model *FileDatabaseModel)

ToDatabaseModel converts the FileUserDatabase into the FileDatabaseModel for saving.

type FileUserDatabaseUserDetails added in v4.38.0 

type FileUserDatabaseUserDetails struct {
	Username    string                 `json:"-"`
	Password    *schema.PasswordDigest `json:"password" jsonschema:"required,title=Password" jsonschema_description:"The hashed password for the user."`
	DisplayName string                 `json:"displayname" jsonschema:"required,title=Display Name" jsonschema_description:"The display name for the user."`
	Email       string                 `json:"email" jsonschema:"title=Email" jsonschema_description:"The email for the user."`
	Groups      []string               `json:"groups" jsonschema:"title=Groups" jsonschema_description:"The groups list for the user."`
	Disabled    bool                   `json:"disabled" jsonschema:"default=false,title=Disabled" jsonschema_description:"The disabled status for the user."`
}

FileUserDatabaseUserDetails is the model of user details in the file database.

func (FileUserDatabaseUserDetails) ToUserDetails added in v4.38.0 

func (m FileUserDatabaseUserDetails) ToUserDetails() (details *UserDetails)

ToUserDetails converts FileUserDatabaseUserDetails into a *UserDetails given a username.

func (FileUserDatabaseUserDetails) ToUserDetailsModel added in v4.38.0 

func (m FileUserDatabaseUserDetails) ToUserDetailsModel() (model FileDatabaseUserDetailsModel)

ToUserDetailsModel converts FileUserDatabaseUserDetails into a FileDatabaseUserDetailsModel.

type FileUserProvider 

type FileUserProvider struct {
	// contains filtered or unexported fields
}

FileUserProvider is a provider reading details from a file.

func NewFileUserProvider 

func NewFileUserProvider(config *schema.AuthenticationBackendFile) (provider *FileUserProvider)

NewFileUserProvider creates a new instance of FileUserProvider.

func (*FileUserProvider) CheckUserPassword 

func (p *FileUserProvider) CheckUserPassword(username string, password string) (match bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*FileUserProvider) GetDetails 

func (p *FileUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*FileUserProvider) Reload added in v4.37.0 

func (p *FileUserProvider) Reload() (reloaded bool, err error)

Reload the database.

func (*FileUserProvider) StartupCheck added in v4.31.0 

func (p *FileUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*FileUserProvider) UpdatePassword 

func (p *FileUserProvider) UpdatePassword(username string, newPassword string) (err error)

UpdatePassword update the password of the given user.

type FileUserProviderDatabase added in v4.38.0 

type FileUserProviderDatabase interface {
	Save() (err error)
	Load() (err error)
	GetUserDetails(username string) (user FileUserDatabaseUserDetails, err error)
	SetUserDetails(username string, details *FileUserDatabaseUserDetails)
}

type LDAPClient added in v4.35.3 

type LDAPClient interface {
	Close() (err error)
	IsClosing() bool
	SetTimeout(timeout time.Duration)

	TLSConnectionState() (state tls.ConnectionState, ok bool)
	StartTLS(config *tls.Config) (err error)

	Unbind() (err error)
	Bind(username, password string) (err error)
	SimpleBind(request *ldap.SimpleBindRequest) (result *ldap.SimpleBindResult, err error)
	MD5Bind(host string, username string, password string) (err error)
	DigestMD5Bind(request *ldap.DigestMD5BindRequest) (result *ldap.DigestMD5BindResult, err error)
	UnauthenticatedBind(username string) (err error)
	ExternalBind() (err error)
	NTLMBind(domain string, username string, password string) (err error)
	NTLMUnauthenticatedBind(domain string, username string) (err error)
	NTLMBindWithHash(domain string, username string, hash string) (err error)
	NTLMChallengeBind(request *ldap.NTLMBindRequest) (result *ldap.NTLMBindResult, err error)

	Modify(request *ldap.ModifyRequest) (err error)
	ModifyWithResult(request *ldap.ModifyRequest) (result *ldap.ModifyResult, err error)
	ModifyDN(m *ldap.ModifyDNRequest) (err error)
	PasswordModify(request *ldap.PasswordModifyRequest) (result *ldap.PasswordModifyResult, err error)

	Add(request *ldap.AddRequest) (err error)
	Del(request *ldap.DelRequest) (err error)

	Search(request *ldap.SearchRequest) (result *ldap.SearchResult, err error)
	SearchWithPaging(request *ldap.SearchRequest, pagingSize uint32) (result *ldap.SearchResult, err error)
	Compare(dn string, attribute string, value string) (same bool, err error)

	WhoAmI(controls []ldap.Control) (result *ldap.WhoAmIResult, err error)
}

LDAPClient is a cut down version of the ldap.Client interface with just the methods we use.

Methods added to this interface that have a direct correlation with one from ldap.Client should have the same signature.

type LDAPClientFactory added in v4.35.3 

type LDAPClientFactory interface {
	DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)
}

LDAPClientFactory an interface of factory of LDAP clients.

type LDAPSupportedControlTypes added in v4.35.3 

type LDAPSupportedControlTypes struct {
	MsftPwdPolHints           bool
	MsftPwdPolHintsDeprecated bool
}

LDAPSupportedControlTypes represents control types which a server may support which are implemented in code.

type LDAPSupportedExtensions added in v4.35.3 

type LDAPSupportedExtensions struct {
	TLS           bool
	PwdModifyExOp bool
}

LDAPSupportedExtensions represents extensions which a server may support which are implemented in code.

type LDAPSupportedFeatures added in v4.35.3 

type LDAPSupportedFeatures struct {
	Extensions   LDAPSupportedExtensions
	ControlTypes LDAPSupportedControlTypes
}

LDAPSupportedFeatures represents features which a server may support which are implemented in code.

type LDAPUserProvider 

type LDAPUserProvider struct {
	// contains filtered or unexported fields
}

LDAPUserProvider is a UserProvider that connects to LDAP servers like ActiveDirectory, OpenLDAP, OpenDJ, FreeIPA, etc.

func NewLDAPUserProvider 

func NewLDAPUserProvider(config schema.AuthenticationBackend, certPool *x509.CertPool) (provider *LDAPUserProvider)

NewLDAPUserProvider creates a new instance of LDAPUserProvider with the ProductionLDAPClientFactory.

func NewLDAPUserProviderWithFactory added in v4.38.0 

func NewLDAPUserProviderWithFactory(config schema.AuthenticationBackendLDAP, disableResetPassword bool, certPool *x509.CertPool, factory LDAPClientFactory) (provider *LDAPUserProvider)

NewLDAPUserProviderWithFactory creates a new instance of LDAPUserProvider with the specified LDAPClientFactory.

func (*LDAPUserProvider) CheckUserPassword 

func (p *LDAPUserProvider) CheckUserPassword(username string, password string) (valid bool, err error)

CheckUserPassword checks if provided password matches for the given user.

func (*LDAPUserProvider) GetDetails 

func (p *LDAPUserProvider) GetDetails(username string) (details *UserDetails, err error)

GetDetails retrieve the groups a user belongs to.

func (*LDAPUserProvider) StartupCheck added in v4.31.0 

func (p *LDAPUserProvider) StartupCheck() (err error)

StartupCheck implements the startup check provider interface.

func (*LDAPUserProvider) UpdatePassword 

func (p *LDAPUserProvider) UpdatePassword(username, password string) (err error)

UpdatePassword update the password of the given user.

type Level 

type Level int

Level is the type representing a level of authentication. 

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota

	// OneFactor if the user has passed first factor only.
	OneFactor

	// TwoFactor if the user has passed two factors.
	TwoFactor
)

func (Level) String added in v4.37.5 

func (l Level) String() string

String returns a string representation of an authentication.Level.

type ProductionLDAPClientFactory added in v4.35.3 

type ProductionLDAPClientFactory struct{}

ProductionLDAPClientFactory the production implementation of an ldap connection factory.

func NewProductionLDAPClientFactory added in v4.35.3 

func NewProductionLDAPClientFactory() *ProductionLDAPClientFactory

NewProductionLDAPClientFactory create a concrete ldap connection factory.

func (*ProductionLDAPClientFactory) DialURL added in v4.35.3 

func (f *ProductionLDAPClientFactory) DialURL(addr string, opts ...ldap.DialOpt) (client LDAPClient, err error)

DialURL creates a client from an LDAP URL when successful.

type UserDetails 

type UserDetails struct {
	Username    string
	DisplayName string
	Emails      []string
	Groups      []string
}

UserDetails represent the details retrieved for a given user.

func (UserDetails) Addresses added in v4.36.3 

func (d UserDetails) Addresses() (addresses []mail.Address)

Addresses returns the Emails []string as []mail.Address formatted with DisplayName as the Name attribute.

type UserProvider 

type UserProvider interface {
	model.StartupCheck

	CheckUserPassword(username string, password string) (valid bool, err error)
	GetDetails(username string) (details *UserDetails, err error)
	UpdatePassword(username string, newPassword string) (err error)
}

UserProvider is the interface for checking user password and gathering user details.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.