Documentation ¶
Index ¶
- Constants
- Variables
- func AccountEnumerationPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, ip string) ratelimit.BucketSpec
- func Input(i interface{}, input interface{}) bool
- func IntentKind(intent Intent) string
- func IsAdminAPI(input interface{}) bool
- func NodeKind(node Node) string
- func RegisterIntent(intent Intent)
- func RegisterNode(node Node)
- func SignupPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, isAnonymous bool, ip string) ratelimit.BucketSpec
- func SortAuthenticators(preferred []model.AuthenticatorType, slice interface{}, ...)
- type AnonymousIdentityProvider
- type AnonymousUserPromotionCodeStore
- type AuthenticationInfoService
- type AuthenticatorService
- type AuthenticatorUpdateReason
- type BiometricIdentityProvider
- type ChallengeProvider
- type Context
- type ContextValues
- type CookieManager
- type Edge
- type Effect
- type EffectOnCommit
- type EffectRun
- type ErrClearCookie
- type ErrInputRequired
- type EventService
- type ForgotPasswordService
- type Graph
- func (g *Graph) Apply(ctx *Context) error
- func (g *Graph) CurrentNode() Node
- func (g *Graph) FillDetails(err error) error
- func (g *Graph) FindLastNode(node interface{}) bool
- func (g *Graph) FindLastNodeAndPosition(node interface{}) int
- func (g *Graph) FindLastNodeFromList(nodes []interface{}) (node interface{})
- func (g *Graph) GetAMR() []string
- func (g *Graph) GetAuthenticationInfoEntry() (*authenticationinfo.Entry, bool)
- func (g *Graph) GetNewUserID() (string, bool)
- func (g *Graph) GetRequireUpdateAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, *AuthenticatorUpdateReason, bool)
- func (g *Graph) GetUsedAuthenticationLockoutMethods() []config.AuthenticationLockoutMethod
- func (g *Graph) GetUserAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, bool)
- func (g *Graph) GetUserLastIdentity() (*identity.Info, bool)
- func (g *Graph) GetUserNewAuthenticators() []*authenticator.Info
- func (g *Graph) GetUserNewIdentities() []*identity.Info
- func (g *Graph) MarshalJSON() ([]byte, error)
- func (g *Graph) MustGetUpdateIdentityID() string
- func (g *Graph) MustGetUserID() string
- func (g *Graph) MustGetUserLastIdentity() *identity.Info
- func (g *Graph) UnmarshalJSON(d []byte) error
- type IdentityService
- type Intent
- type IntentFactory
- type Logger
- type MFAService
- type Node
- type NodeFactory
- type NonceService
- type OAuthClientResolver
- type OAuthProviderFactory
- type OAuthRedirectURIBuilder
- type OAuthSessions
- type OOBType
- type OTPCodeService
- type OTPSender
- type OfflineGrantStore
- type PasskeyService
- type RateLimiter
- type ResetPasswordService
- type Service
- func (s *Service) Accept(ctx *Context, graph *Graph, input interface{}) (*Graph, []Edge, error)
- func (s *Service) DryRun(contextValues ContextValues, fn func(*Context) (*Graph, error)) (err error)
- func (s *Service) Get(instanceID string) (*Graph, error)
- func (s *Service) NewGraph(ctx *Context, intent Intent) (*Graph, error)
- func (s *Service) Run(contextValues ContextValues, graph *Graph) (err error)
- type SessionManager
- type SessionProvider
- type SortableAuthenticator
- type SortableAuthenticatorInfo
- type StdAttrsService
- type Store
- type StoreRedis
- type UserService
- type VerificationService
Constants ¶
View Source
const ( SignupAnonymousPerIP ratelimit.BucketName = "SignupAnonymousPerIP" SignupPerIP ratelimit.BucketName = "SignupPerIP" AccountEnumerationPerIP ratelimit.BucketName = "AccountEnumerationPerIP" )
View Source
const GraphLifetime = duration.UserInteraction
Variables ¶
View Source
var DependencySet = wire.NewSet( wire.Struct(new(Context), "*"), wire.Struct(new(StoreRedis), "*"), wire.Bind(new(Store), new(*StoreRedis)), NewLogger, wire.Struct(new(Service), "*"), )
View Source
var ErrGraphNotFound = errors.New("invalid graph or graph not found")
View Source
var ErrIncompatibleInput = errors.New("incompatible input type for this node")
View Source
var ErrSameNode = errors.New("the edge points to the same current node")
Functions ¶
func AccountEnumerationPerIPRateLimitBucketSpec ¶
func AccountEnumerationPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, ip string) ratelimit.BucketSpec
func IntentKind ¶
func IsAdminAPI ¶
func IsAdminAPI(input interface{}) bool
func RegisterIntent ¶
func RegisterIntent(intent Intent)
func RegisterNode ¶
func RegisterNode(node Node)
func SignupPerIPRateLimitBucketSpec ¶
func SignupPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, isAnonymous bool, ip string) ratelimit.BucketSpec
func SortAuthenticators ¶
func SortAuthenticators( preferred []model.AuthenticatorType, slice interface{}, toSortable func(i int) SortableAuthenticator, )
SortAuthenticators sorts slice in-place by considering preferred as the order. The item in the slice must somehow associated with a single AuthenticatorType.
Types ¶
type AnonymousIdentityProvider ¶
type AnonymousIdentityProvider interface { Get(userID string, id string) (*identity.Anonymous, error) ParseRequestUnverified(requestJWT string) (*anonymous.Request, error) GetByKeyID(keyID string) (*identity.Anonymous, error) ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error) }
type AnonymousUserPromotionCodeStore ¶
type AnonymousUserPromotionCodeStore interface { GetPromotionCode(codeHash string) (*anonymous.PromotionCode, error) DeletePromotionCode(code *anonymous.PromotionCode) error }
type AuthenticationInfoService ¶
type AuthenticationInfoService interface {
Save(entry *authenticationinfo.Entry) error
}
type AuthenticatorService ¶
type AuthenticatorService interface { Get(id string) (*authenticator.Info, error) List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error) New(spec *authenticator.Spec) (*authenticator.Info, error) NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error) WithSpec(authenticatorInfo *authenticator.Info, spec *authenticator.Spec) (changed bool, info *authenticator.Info, err error) Create(authenticatorInfo *authenticator.Info, markVerified bool) error Update(authenticatorInfo *authenticator.Info) error Delete(authenticatorInfo *authenticator.Info) error VerifyWithSpec(info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error) VerifyOneWithSpec(userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error) ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error MarkOOBIdentityVerified(info *authenticator.Info) error }
type AuthenticatorUpdateReason ¶
type AuthenticatorUpdateReason string
const ( AuthenticatorUpdateReasonPolicy AuthenticatorUpdateReason = "policy" AuthenticatorUpdateReasonExpiry AuthenticatorUpdateReason = "expiry" )
type ChallengeProvider ¶
type Context ¶
type Context struct { IsCommitting bool `wire:"-"` WebSessionID string `wire:"-"` OAuthSessionID string `wire:"-"` Request *http.Request RemoteIP httputil.RemoteIP Database *appdb.SQLExecutor Clock clock.Clock Config *config.AppConfig FeatureConfig *config.FeatureConfig OAuthClientResolver OAuthClientResolver OfflineGrants OfflineGrantStore Identities IdentityService Authenticators AuthenticatorService AnonymousIdentities AnonymousIdentityProvider AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore BiometricIdentities BiometricIdentityProvider OTPCodeService OTPCodeService OTPSender OTPSender OAuthProviderFactory OAuthProviderFactory OAuthRedirectURIBuilder OAuthRedirectURIBuilder MFA MFAService ForgotPassword ForgotPasswordService ResetPassword ResetPasswordService Passkey PasskeyService Verification VerificationService RateLimiter RateLimiter Nonces NonceService Challenges ChallengeProvider Users UserService StdAttrsService StdAttrsService Events EventService CookieManager CookieManager AuthenticationInfoService AuthenticationInfoService Sessions SessionProvider SessionManager SessionManager SessionCookie session.CookieDef OAuthSessions OAuthSessions MFADeviceTokenCookie mfa.CookieDef }
type ContextValues ¶
type CookieManager ¶
type Edge ¶
type Edge interface { // Instantiate instantiates the node pointed by the edge. // It is ran once only for the pointed node, so side effects visible // outside the transaction (e.g. sending messages) is allowed. // It may return ErrSameNode if the edge loops back to self. // This is used to model side-effect only actions, such as sending // OTP message. Instantiate(ctx *Context, graph *Graph, input interface{}) (Node, error) }
type ErrClearCookie ¶
func (*ErrClearCookie) Error ¶
func (e *ErrClearCookie) Error() string
func (*ErrClearCookie) Unwrap ¶
func (e *ErrClearCookie) Unwrap() error
type ErrInputRequired ¶
type ErrInputRequired struct {
Inner error
}
func (*ErrInputRequired) Error ¶
func (e *ErrInputRequired) Error() string
func (*ErrInputRequired) Unwrap ¶
func (e *ErrInputRequired) Unwrap() error
type EventService ¶
type ForgotPasswordService ¶
type ForgotPasswordService interface {
SendCode(loginID string, options *forgotpassword.CodeOptions) error
}
type Graph ¶
type Graph struct { // GraphID is the unique ID for a graph. // It is a constant value through out a graph. // It is used to keep track of which instances belong to a particular graph. // When one graph is committed, any other instances sharing the same GraphID become invalid. GraphID string // InstanceID is a unique ID for a particular instance of a graph. InstanceID string // Intent is the intent (i.e. flow type) of the graph Intent Intent // Nodes are nodes in a specific path from intent of the interaction graph. Nodes []Node }
func (*Graph) CurrentNode ¶
func (*Graph) FillDetails ¶
func (*Graph) FindLastNode ¶
func (*Graph) FindLastNodeAndPosition ¶
func (*Graph) FindLastNodeFromList ¶
func (g *Graph) FindLastNodeFromList(nodes []interface{}) (node interface{})
FindLastNodeFromList find the last node from a list of node interface
func (*Graph) GetAuthenticationInfoEntry ¶
func (g *Graph) GetAuthenticationInfoEntry() (*authenticationinfo.Entry, bool)
func (*Graph) GetNewUserID ¶
func (*Graph) GetRequireUpdateAuthenticator ¶
func (g *Graph) GetRequireUpdateAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, *AuthenticatorUpdateReason, bool)
func (*Graph) GetUsedAuthenticationLockoutMethods ¶
func (g *Graph) GetUsedAuthenticationLockoutMethods() []config.AuthenticationLockoutMethod
func (*Graph) GetUserAuthenticator ¶
func (g *Graph) GetUserAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, bool)
func (*Graph) GetUserNewAuthenticators ¶
func (g *Graph) GetUserNewAuthenticators() []*authenticator.Info
func (*Graph) GetUserNewIdentities ¶
func (*Graph) MarshalJSON ¶
func (*Graph) MustGetUpdateIdentityID ¶
func (*Graph) MustGetUserID ¶
func (*Graph) MustGetUserLastIdentity ¶
func (*Graph) UnmarshalJSON ¶
type IdentityService ¶
type IdentityService interface { Get(id string) (*identity.Info, error) SearchBySpec(spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error) ListByUser(userID string) ([]*identity.Info, error) New(userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error) UpdateWithSpec(is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error) Create(is *identity.Info) error Update(oldInfo *identity.Info, newInfo *identity.Info) error Delete(is *identity.Info) error CheckDuplicated(info *identity.Info) (*identity.Info, error) }
type Intent ¶
type Intent interface { InstantiateRootNode(ctx *Context, graph *Graph) (Node, error) DeriveEdgesForNode(graph *Graph, node Node) ([]Edge, error) }
func InstantiateIntent ¶
type IntentFactory ¶
type IntentFactory func() Intent
type MFAService ¶
type MFAService interface { GenerateDeviceToken() string CreateDeviceToken(userID string, token string) (*mfa.DeviceToken, error) VerifyDeviceToken(userID string, token string) error InvalidateAllDeviceTokens(userID string) error VerifyRecoveryCode(userID string, code string) (*mfa.RecoveryCode, error) ConsumeRecoveryCode(rc *mfa.RecoveryCode) error GenerateRecoveryCodes() []string ReplaceRecoveryCodes(userID string, codes []string) ([]*mfa.RecoveryCode, error) ListRecoveryCodes(userID string) ([]*mfa.RecoveryCode, error) }
type Node ¶
type Node interface { // Prepare the node with data required by DeriveEdges. Prepare(ctx *Context, graph *Graph) error // GetEffects describe the effects of this node. // The effects may be ran multiple times, due replaying the graph. // So no external visible side effect is allowed. GetEffects() (effs []Effect, err error) DeriveEdges(graph *Graph) ([]Edge, error) }
func InstantiateNode ¶
type NodeFactory ¶
type NodeFactory func() Node
type NonceService ¶
type OAuthClientResolver ¶
type OAuthClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type OAuthProviderFactory ¶
type OAuthProviderFactory interface {
NewOAuthProvider(alias string) sso.OAuthProvider
}
type OAuthRedirectURIBuilder ¶
type OAuthSessions ¶
type OAuthSessions interface { Get(entryID string) (*oauthsession.Entry, error) Save(entry *oauthsession.Entry) (err error) }
type OTPCodeService ¶
type OTPSender ¶
type OTPSender interface { Prepare(channel model.AuthenticatorOOBChannel, target string, form otp.Form, typ otp.MessageType) (*otp.PreparedMessage, error) Send(msg *otp.PreparedMessage, opts otp.SendOptions) error }
type OfflineGrantStore ¶
type OfflineGrantStore interface {
ListClientOfflineGrants(clientID string, userID string) ([]*oauth.OfflineGrant, error)
}
type PasskeyService ¶
type RateLimiter ¶
type RateLimiter interface { Allow(spec ratelimit.BucketSpec) error Reserve(spec ratelimit.BucketSpec) *ratelimit.Reservation Cancel(r *ratelimit.Reservation) }
type ResetPasswordService ¶
type SessionManager ¶
type SessionProvider ¶
type SessionProvider interface { MakeSession(*session.Attrs) (*idpsession.IDPSession, string) Create(*idpsession.IDPSession) error Reauthenticate(idpSessionID string, amr []string) error }
type SortableAuthenticator ¶
type SortableAuthenticator interface { AuthenticatorType() model.AuthenticatorType IsDefaultAuthenticator() bool }
type SortableAuthenticatorInfo ¶
type SortableAuthenticatorInfo authenticator.Info
func (*SortableAuthenticatorInfo) AuthenticatorType ¶
func (i *SortableAuthenticatorInfo) AuthenticatorType() model.AuthenticatorType
func (*SortableAuthenticatorInfo) IsDefaultAuthenticator ¶
func (i *SortableAuthenticatorInfo) IsDefaultAuthenticator() bool
type StdAttrsService ¶
type StoreRedis ¶
func (*StoreRedis) CreateGraph ¶
func (s *StoreRedis) CreateGraph(graph *Graph) error
func (*StoreRedis) CreateGraphInstance ¶
func (s *StoreRedis) CreateGraphInstance(graph *Graph) error
func (*StoreRedis) DeleteGraph ¶
func (s *StoreRedis) DeleteGraph(graph *Graph) error
func (*StoreRedis) GetGraphInstance ¶
func (s *StoreRedis) GetGraphInstance(instanceID string) (*Graph, error)
type UserService ¶
type UserService interface { Get(id string, role accesscontrol.Role) (*model.User, error) GetRaw(id string) (*user.User, error) Create(userID string) (*user.User, error) AfterCreate( user *user.User, identities []*identity.Info, authenticators []*authenticator.Info, isAdminAPI bool, ) error UpdateLoginTime(userID string, lastLoginAt time.Time) error }
type VerificationService ¶
type VerificationService interface { GetIdentityVerificationStatus(i *identity.Info) ([]verification.ClaimStatus, error) GetAuthenticatorVerificationStatus(a *authenticator.Info) (verification.AuthenticatorStatus, error) NewVerifiedClaim(userID string, claimName string, claimValue string) *verification.Claim MarkClaimVerified(claim *verification.Claim) error }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.