handlers

package
v1.0.12-0...-3a330c3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2019 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Forbidden means the user is forbidden the access to a resource
	Forbidden authorizationMatching = iota
	// NotAuthorized means the user can access the resource with more permissions.
	NotAuthorized authorizationMatching = iota
	// Authorized means the user is authorized given her current permissions.
	Authorized authorizationMatching = iota
)
View Source 
const InternalError = "Internal error."

InternalError is the error message sent when there was an internal error but it should be hidden to the end user. In that case the error should be in the server logs.

View Source 
const ResetPasswordAction = "ResetPassword"

ResetPasswordAction is the string representation of the action for which the token has been produced.

View Source 
const TOTPRegistrationAction = "RegisterTOTPDevice"

TOTPRegistrationAction is the string representation of the action for which the token has been produced.

View Source 
const U2FRegistrationAction = "RegisterU2FDevice"

U2FRegistrationAction is the string representation of the action for which the token has been produced.

View Source 
const UnauthorizedError = "You're not authorized."

UnauthorizedError is the error message sent when the user is not authorized.

Variables

View Source 
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{ActionClaim: ResetPasswordAction}, resetPasswordIdentityFinish)

ResetPasswordIdentityFinish the handler for finishing the identity validation

View Source 
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailSubject:           "[Authelia] Reset your password",
	MailTitle:             "Reset your password",
	MailButtonContent:     "Reset",
	TargetEndpoint:        "/reset-password/step2",
	ActionClaim:           ResetPasswordAction,
	IdentityRetrieverFunc: identityRetrieverFromStorage,
})

ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by alway replying with 200 whatever what happens in backend.

View Source 
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          TOTPRegistrationAction,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, secondFactorTOTPIdentityFinish)

SecondFactorTOTPIdentityFinish the handler for finishing the identity validation

View Source 
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailSubject:           "[Authelia] Register your mobile",
	MailTitle:             "Register your mobile",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/one-time-password/register",
	ActionClaim:           TOTPRegistrationAction,
	IdentityRetrieverFunc: identityRetrieverFromSession,
})

SecondFactorTOTPIdentityStart the handler for initiating the identity validation.

View Source 
var SecondFactorU2FIdentityFinish = middlewares.IdentityVerificationFinish(
	middlewares.IdentityVerificationFinishArgs{
		ActionClaim:          U2FRegistrationAction,
		IsTokenUserValidFunc: isTokenUserValidFor2FARegistration,
	}, secondFactorU2FIdentityFinish)

SecondFactorU2FIdentityFinish the handler for finishing the identity validation

View Source 
var SecondFactorU2FIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{
	MailSubject:           "[Authelia] Register your key",
	MailTitle:             "Register your key",
	MailButtonContent:     "Register",
	TargetEndpoint:        "/security-key/register",
	ActionClaim:           U2FRegistrationAction,
	IdentityRetrieverFunc: identityRetrieverFromSession,
})

SecondFactorU2FIdentityStart the handler for initiating the identity validation.

Functions

func ConfigurationGet 

func ConfigurationGet(ctx *middlewares.AutheliaCtx)

func ExtendedConfigurationGet 

func ExtendedConfigurationGet(ctx *middlewares.AutheliaCtx)

ExtendedConfigurationGet get the extended configuration accessbile to authenticated users.

func FirstFactorPost 

func FirstFactorPost(ctx *middlewares.AutheliaCtx)

FirstFactorPost is the handler performing the first factory.

func LogoutPost 

func LogoutPost(ctx *middlewares.AutheliaCtx)

LogoutPost is the handler logging out the user attached to the given cookie.

func MethodPreferencePost 

func MethodPreferencePost(ctx *middlewares.AutheliaCtx)

MethodPreferencePost update the user preferences regarding 2FA method.

func ResetPasswordPost 

func ResetPasswordPost(ctx *middlewares.AutheliaCtx)

ResetPasswordPost handler for resetting passwords

func SecondFactorDuoPost 

func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler

SecondFactorDuoPost handler for sending a push notification via duo api.

func SecondFactorTOTPPost 

func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)

SecondFactorTOTPPost validate the TOTP passcode provided by the user.

func SecondFactorU2FRegister 

func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)

SecondFactorU2FRegister handler validating the client has successfully validated the challenge to complete the U2F registration.

func SecondFactorU2FSignGet 

func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)

SecondFactorU2FSignGet handler for initiating a signing request.

func SecondFactorU2FSignPost 

func SecondFactorU2FSignPost(ctx *middlewares.AutheliaCtx)

SecondFactorU2FSignPost handler for completing a signing request.

func StateGet 

func StateGet(ctx *middlewares.AutheliaCtx)

StateGet is the handler serving the user state.

func UserInfoGet 

func UserInfoGet(ctx *middlewares.AutheliaCtx)

UserInfoGet get the info related to the user identitified by the session.

func VerifyGet 

func VerifyGet(ctx *middlewares.AutheliaCtx)

VerifyGet is the handler verifying if a request is allowed to go through.

Types

type ConfigurationBody 

type ConfigurationBody struct {
	GoogleAnalyticsTrackingID string `json:"ga_tracking_id,omitempty"`
}

type ExtendedConfigurationBody 

type ExtendedConfigurationBody struct {
	AvailableMethods MethodList `json:"available_methods"`
}

type MethodBody 

type MethodBody struct {
	Method string `json:"method" valid:"required"`
}

type MethodList 

type MethodList = []string

MethodList is the list of available methods.

type StateResponse 

type StateResponse struct {
	Username              string               `json:"username"`
	AuthenticationLevel   authentication.Level `json:"authentication_level"`
	DefaultRedirectionURL string               `json:"default_redirection_url"`
}

StateResponse represents the response sent by the state endpoint.

type TOTPKeyResponse 

type TOTPKeyResponse struct {
	Base32Secret string `json:"base32_secret"`
	OTPAuthURL   string `json:"otpauth_url"`
}

TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.

type UserPreferences 

type UserPreferences struct {
	// The prefered 2FA method.
	Method string `json:"method" valid:"required"`

	// True if a security key has been registered
	HasU2F bool `json:"has_u2f" valid:"required"`

	// True if a TOTP device has been registered
	HasTOTP bool `json:"has_totp" valid:"required"`
}

UserInfo is the model of user second factor preferences

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.