providers

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2019 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// GoogleProviderName identifies the Google provider
	GoogleProviderName = "google"
)

Variables

View Source 
var (
	// ErrBadRequest represents 400 Bad Request errors
	ErrBadRequest = errors.New("BAD_REQUEST")

	// ErrTokenRevoked represents 400 Token Revoked errors
	ErrTokenRevoked = errors.New("TOKEN_REVOKED")

	// ErrGroupNotFound respesnts a 404 Not Found errors for groups
	ErrGroupNotFound = errors.New("GROUP_NOT_FOUND")

	// ErrRateLimitExceeded represents 429 Rate Limit Exceeded errors
	ErrRateLimitExceeded = errors.New("RATE_LIMIT_EXCEEDED")

	// ErrNotImplemented represents 501 Not Implemented errors
	ErrNotImplemented = errors.New("NOT_IMPLEMENTED")

	// ErrServiceUnavailable represents 503 Service Unavailable errors
	ErrServiceUnavailable = errors.New("SERVICE_UNAVAILABLE")
)
View Source 
var (
	ErrUnexpectedReturnType = errors.New("received unexpected return type from single flight func call")
)

ErrUnexpectedReturnType is an error for an unexpected return type

Functions

This section is empty.

Types

type AdminService 

type AdminService interface {
	ListMemberships(group string, depth int) (members []string, err error)
	CheckMemberships(groups []string, user string) (inGroups []string, errr error)
}

AdminService wraps calls to provider admin APIs

type GoogleAdminService 

type GoogleAdminService struct {
	StatsdClient *statsd.Client
	// contains filtered or unexported fields
}

GoogleAdminService is an AdminService for the google provider

func (*GoogleAdminService) CheckMemberships added in v1.2.0 

func (gs *GoogleAdminService) CheckMemberships(groups []string, email string) ([]string, error)

CheckMemberships given a list of groups and a user email, returns a string slice of the groups the user is a member of. This func leverages the google HasMember endpoint to verify if a user has membership of the given groups.

func (*GoogleAdminService) ListMemberships added in v1.2.0 

func (gs *GoogleAdminService) ListMemberships(groupName string, maxDepth int) ([]string, error)

ListMemberships returns a slice of the members of a google group

type GoogleProvider 

type GoogleProvider struct {
	*ProviderData
	StatsdClient *statsd.Client
	AdminService AdminService

	GroupsCache groups.MemberSetCache
	// contains filtered or unexported fields
}

GoogleProvider is an implementation of the Provider interface.

func NewGoogleProvider 

func NewGoogleProvider(p *ProviderData, adminEmail, credsFilePath string) (*GoogleProvider, error)

NewGoogleProvider returns a new GoogleProvider and sets the provider url endpoints.

func (*GoogleProvider) GetSignInURL 

func (p *GoogleProvider) GetSignInURL(redirectURI, state string) string

GetSignInURL returns the sign in url with typical oauth parameters

func (*GoogleProvider) PopulateMembers 

func (p *GoogleProvider) PopulateMembers(group string) (groups.MemberSet, error)

PopulateMembers is the fill function for the groups cache

func (*GoogleProvider) Redeem 

func (p *GoogleProvider) Redeem(redirectURL, code string) (*sessions.SessionState, error)

Redeem fulfills the Provider interface. The authenticator uses this method to redeem the code provided to /callback after the user logs into their Google account. The code is redeemed for an access token and refresh token 1. POSTs the code and grant_type to https://www.googleapis.com/oauth2/v3/token 2. If the request fails, the authenticator will return a 500 and display an error page (see oauth_proxy.go#OAuthCallback) 3. If the request succeeds, the data from Google contains:

  • the access token which we use to get data from Google
  • the refresh token which we can use to get a new access_token
  • the expiration time of the access token
  • a Base64 encoded id token which contains the user's email address and whether or not that email address is verified

func (*GoogleProvider) RefreshAccessToken 

func (p *GoogleProvider) RefreshAccessToken(refreshToken string) (token string, expires time.Duration, err error)

RefreshAccessToken takes in a refresh token and returns the new access token along with an expiration date.

func (*GoogleProvider) RefreshSessionIfNeeded 

func (p *GoogleProvider) RefreshSessionIfNeeded(s *sessions.SessionState) (bool, error)

RefreshSessionIfNeeded takes in a SessionState and returns false if the session is not refreshed and true if it is.

func (*GoogleProvider) Revoke 

func (p *GoogleProvider) Revoke(s *sessions.SessionState) error

Revoke revokes the access token a given session state.

func (*GoogleProvider) SetStatsdClient 

func (p *GoogleProvider) SetStatsdClient(statsdClient *statsd.Client)

SetStatsdClient sets the google provider and admin service statsd client

func (*GoogleProvider) Stop 

func (p *GoogleProvider) Stop()

Stop calls stop on the groups cache

func (*GoogleProvider) ValidateGroupMembership 

func (p *GoogleProvider) ValidateGroupMembership(email string, allGroups []string) ([]string, error)

ValidateGroupMembership takes in an email and the allowed groups and returns the groups that the email is part of in that list. If `allGroups` is an empty list, returns an empty list.

func (*GoogleProvider) ValidateSessionState 

func (p *GoogleProvider) ValidateSessionState(s *sessions.SessionState) bool

ValidateSessionState attempts to validate the session state's access token.

type MockAdminService 

type MockAdminService struct {
	Members      []string
	Groups       []string
	MembersError error
	GroupsError  error
}

MockAdminService is an implementation of AdminService to be used for testing

func (*MockAdminService) CheckMemberships added in v1.2.0 

func (ms *MockAdminService) CheckMemberships([]string, string) ([]string, error)

CheckMemberships mocks the CheckMemberships function

func (*MockAdminService) ListMemberships added in v1.2.0 

func (ms *MockAdminService) ListMemberships(string, int) ([]string, error)

ListMemberships mocks the ListMemebership function

type Provider 

type Provider interface {
	Data() *ProviderData
	Redeem(string, string) (*sessions.SessionState, error)
	ValidateSessionState(*sessions.SessionState) bool
	GetSignInURL(redirectURI, finalRedirect string) string
	RefreshSessionIfNeeded(*sessions.SessionState) (bool, error)
	ValidateGroupMembership(string, []string) ([]string, error)
	Revoke(*sessions.SessionState) error
	RefreshAccessToken(string) (string, time.Duration, error)
	Stop()
}

Provider is an interface exposing functions necessary to authenticate with a given provider.

type ProviderData 

type ProviderData struct {
	ProviderName       string
	ClientID           string
	ClientSecret       string
	SignInURL          *url.URL
	RedeemURL          *url.URL
	RevokeURL          *url.URL
	ProfileURL         *url.URL
	ValidateURL        *url.URL
	Scope              string
	ApprovalPrompt     string
	SessionLifetimeTTL time.Duration
}

ProviderData holds the fields associated with providers necessary to implement the Provider interface.

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

Data returns a ProviderData.

func (*ProviderData) GetEmailAddress 

func (p *ProviderData) GetEmailAddress(s *sessions.SessionState) (string, error)

GetEmailAddress returns the email address associated with a session.

func (*ProviderData) GetSignInURL 

func (p *ProviderData) GetSignInURL(redirectURI, state string) string

GetSignInURL returns the sign in url with typical oauth parameters

func (*ProviderData) Redeem 

func (p *ProviderData) Redeem(redirectURL, code string) (s *sessions.SessionState, err error)

Redeem takes in a redirect url and code and calls the redeem url endpoint, returning a session state if a valid access token is redeemed.

func (*ProviderData) RefreshAccessToken 

func (p *ProviderData) RefreshAccessToken(refreshToken string) (string, time.Duration, error)

RefreshAccessToken returns a nont implemented error.

func (*ProviderData) RefreshSessionIfNeeded 

func (p *ProviderData) RefreshSessionIfNeeded(s *sessions.SessionState) (bool, error)

RefreshSessionIfNeeded refreshes a session

func (*ProviderData) Revoke 

func (p *ProviderData) Revoke(s *sessions.SessionState) error

Revoke returns an ErrNotImplemented

func (*ProviderData) Stop 

func (p *ProviderData) Stop()

Stop fulfills the Provider interface

func (*ProviderData) ValidateGroup 

func (p *ProviderData) ValidateGroup(email string) bool

ValidateGroup validates that the provided email exists in the configured provider email group(s).

func (*ProviderData) ValidateGroupMembership 

func (p *ProviderData) ValidateGroupMembership(string, []string) ([]string, error)

ValidateGroupMembership returns an ErrNotImplemented.

func (*ProviderData) ValidateSessionState 

func (p *ProviderData) ValidateSessionState(s *sessions.SessionState) bool

ValidateSessionState attempts to validate the session state's access token.

type SingleFlightProvider 

type SingleFlightProvider struct {
	StatsdClient *statsd.Client
	// contains filtered or unexported fields
}

SingleFlightProvider middleware provider that multiple requests for the same object to be processed as a single request. This is often called request collpasing or coalesce. This middleware leverages the golang singlelflight provider, with modifications for metrics.

It's common among HTTP reverse proxy cache servers such as nginx, Squid or Varnish - they all call it something else but works similarly.

* https://www.varnish-cache.org/docs/3.0/tutorial/handling_misbehaving_servers.html * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock * http://wiki.squid-cache.org/Features/CollapsedForwarding

func NewSingleFlightProvider 

func NewSingleFlightProvider(provider Provider) *SingleFlightProvider

NewSingleFlightProvider returns a new SingleFlightProvider

func (*SingleFlightProvider) AssignStatsdClient 

func (p *SingleFlightProvider) AssignStatsdClient(StatsdClient *statsd.Client)

AssignStatsdClient adds a statsd client to the provider if possible.

func (*SingleFlightProvider) Data 

func (p *SingleFlightProvider) Data() *ProviderData

Data returns the provider data

func (*SingleFlightProvider) GetSignInURL 

func (p *SingleFlightProvider) GetSignInURL(redirectURI, finalRedirect string) string

GetSignInURL calls the provider's GetSignInURL function.

func (*SingleFlightProvider) Redeem 

func (p *SingleFlightProvider) Redeem(redirectURL, code string) (*sessions.SessionState, error)

Redeem wraps the provider's Redeem function.

func (*SingleFlightProvider) RefreshAccessToken 

func (p *SingleFlightProvider) RefreshAccessToken(refreshToken string) (string, time.Duration, error)

RefreshAccessToken wraps the provider's RefreshAccessToken function in a single flight call.

func (*SingleFlightProvider) RefreshSessionIfNeeded 

func (p *SingleFlightProvider) RefreshSessionIfNeeded(s *sessions.SessionState) (bool, error)

RefreshSessionIfNeeded wraps the provider's RefreshSessionIfNeeded function in a single flight call.

func (*SingleFlightProvider) Revoke 

func (p *SingleFlightProvider) Revoke(s *sessions.SessionState) error

Revoke wraps the provider's Revoke function in a single flight call.

func (*SingleFlightProvider) Stop 

func (p *SingleFlightProvider) Stop()

Stop calls the provider's stop function

func (*SingleFlightProvider) ValidateGroupMembership 

func (p *SingleFlightProvider) ValidateGroupMembership(email string, allowedGroups []string) ([]string, error)

ValidateGroupMembership wraps the provider's GroupsResource function in a single flight call.

func (*SingleFlightProvider) ValidateSessionState 

func (p *SingleFlightProvider) ValidateSessionState(s *sessions.SessionState) bool

ValidateSessionState wraps the provider's ValidateSessionState in a single flight call.

type TestProvider 

type TestProvider struct {
	*ProviderData

	ValidToken   bool
	ValidGroup   bool
	SignInURL    string
	Refresh      bool
	RefreshFunc  func(string) (string, time.Duration, error)
	RefreshError error
	Session      *sessions.SessionState
	RedeemError  error
	RevokeError  error
	Groups       []string
	GroupsError  error
	GroupsCall   int
}

TestProvider is a test implementation of the Provider interface.

func NewTestProvider 

func NewTestProvider(providerURL *url.URL) *TestProvider

NewTestProvider creates a new mock test provider.

func (*TestProvider) GetSignInURL 

func (tp *TestProvider) GetSignInURL(redirectURI, finalRedirect string) string

GetSignInURL returns the mock provider's SignInURL field value.

func (*TestProvider) Redeem 

func (tp *TestProvider) Redeem(redirectURI, code string) (*sessions.SessionState, error)

Redeem returns the mock provider's Session and RedeemError field value.

func (*TestProvider) RefreshAccessToken 

func (tp *TestProvider) RefreshAccessToken(s string) (string, time.Duration, error)

RefreshAccessToken returns the mock provider's refresh access token information

func (*TestProvider) RefreshSessionIfNeeded 

func (tp *TestProvider) RefreshSessionIfNeeded(*sessions.SessionState) (bool, error)

RefreshSessionIfNeeded returns the mock provider's Refresh value, or an error.

func (*TestProvider) Revoke 

func (tp *TestProvider) Revoke(*sessions.SessionState) error

Revoke returns nil

func (*TestProvider) Stop 

func (tp *TestProvider) Stop()

Stop fulfills the Provider interface

func (*TestProvider) ValidateGroupMembership 

func (tp *TestProvider) ValidateGroupMembership(string, []string) ([]string, error)

ValidateGroupMembership returns the mock provider's GroupsError if not nil, or the Groups field value.

func (*TestProvider) ValidateSessionState 

func (tp *TestProvider) ValidateSessionState(*sessions.SessionState) bool

ValidateSessionState returns the mock provider's ValidToken field value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.