account

package
v0.0.0-...-820a931 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: AGPL-3.0 Imports: 27 Imported by: 10

Documentation

Index

Constants

View Source 
const (
	AuthorizationCode          = "authorization_code"
	AuthorizationCodeAndSecret = "authorization_code+secret"
	ImplicitGrant              = "token"
	ImplicitGrantRedirectURL   = "token_redirect_url"
	BIWebauth                  = "bi_webauth"
	BIWebauthAndSecret         = "bi_webauth+secret"
	BIWebview                  = "bi_webview"
	BIWebviewAndSecret         = "bi_webview+secret"
	SecretGrant                = "secret"
)

Various grant types

  • AuthorizationCode is the server-side grant type.
  • ImplicitGrant is the implicit grant type
  • ImplicitGrantRedirectURL is the implicit grant type but with redirect_url instead of redirect_uri
  • BIWebauth is the specific webauth protocol from Budget Insight
  • SecretGrant is for other secrets (not OAuth)
  • BIWebauthAndSecret is a combination of BIWebauth and SecretGrant
  • BIWebview is the specific webview protocol from Budget Insight
  • BIWebviewAndSecret is a combination of BIWebview and SecretGrant
View Source 
const (
	FormTokenAuthMode  = "form"
	BasicTokenAuthMode = "basic"
	GetTokenAuthMode   = "get"
)

Token Request authentication modes for AuthorizationCode grant type normal is through form parameters some services requires it as Basic

Variables

View Source 
var (

	// ErrBadCredentials is used when an account credentials cannot be decrypted
	ErrBadCredentials = errors.New("accounts: bad credentials")
)
View Source 
var ErrUnrefreshable = errors.New("this account can not be refreshed")

ErrUnrefreshable is the error when an account type or information within an account does not allow refreshing it.

View Source 
var RefreshToken = "refresh_token"

RefreshToken is the refresh grant type

Functions

func CleanAndWait 

func CleanAndWait(inst *instance.Instance, toClean []CleanEntry) error

CleanAndWait deletes the accounts. If an account is for a konnector with "on_delete_account", a job is pushed and it waits for the job success to continue. Finally, the associated trigger can be deleted.

func ComputeName 

func ComputeName(doc couchdb.JSONDoc)

ComputeName tries to use the value of the `auth` attribute pointed by the value of the `identifier` attribute as the Account name and set it in the JSON document.

See https://github.com/cozy/cozy-doctypes/blob/master/docs/io.cozy.accounts.md#about-the-name-of-the-account

func Decrypt 

func Decrypt(doc couchdb.JSONDoc) bool

Decrypt decrypts sensitive fields inside the account. The document is modified in place.

func DecryptBufferWithKey 

func DecryptBufferWithKey(decryptorKey *keyring.NACLKey, encryptedBuffer []byte) ([]byte, error)

DecryptBufferWithKey takes an encrypted buffer and decrypts it using the given private key.

func DecryptCredentials 

func DecryptCredentials(encryptedData string) (login, password string, err error)

DecryptCredentials takes an encrypted credentials, constiting of a login / password pair, and decrypts it using the vault private key.

func DecryptCredentialsData 

func DecryptCredentialsData(encryptedData string) (interface{}, error)

DecryptCredentialsData takes an encryted buffer and decrypts and decode its content.

func DecryptCredentialsWithKey 

func DecryptCredentialsWithKey(decryptorKey *keyring.NACLKey, encryptedCreds []byte) (login, password string, err error)

DecryptCredentialsWithKey takes an encrypted credentials, constiting of a login / password pair, and decrypts it using the given private key.

func Encrypt 

func Encrypt(doc couchdb.JSONDoc) bool

Encrypt encrypts sensitive fields inside the account. The document is modified in place.

func EncryptBufferWithKey 

func EncryptBufferWithKey(encryptorKey *keyring.NACLKey, buf []byte) ([]byte, error)

EncryptBufferWithKey encrypts the given bytee buffer with the specified encryption key.

func EncryptCredentials 

func EncryptCredentials(login, password string) (string, error)

EncryptCredentials encrypts the given credentials with the specified encryption key.

func EncryptCredentialsData 

func EncryptCredentialsData(data interface{}) (string, error)

EncryptCredentialsData takes any json encodable data and encode and encrypts it using the vault public key.

func EncryptCredentialsWithKey 

func EncryptCredentialsWithKey(encryptorKey *keyring.NACLKey, login, password string) (string, error)

EncryptCredentialsWithKey takes a login / password and encrypts their values using the vault public key.

func GetTriggers 

func GetTriggers(jobsSystem job.JobSystem, db prefixer.Prefixer, accountID string) ([]job.Trigger, error)

GetTriggers returns the list of triggers associated with the given accountID. In particular, the stack will need to remove them when the account is deleted.

func PushAccountDeletedJob 

func PushAccountDeletedJob(jobsSystem job.JobSystem, db prefixer.Prefixer, accountID, accountRev, konnector string) (*job.Job, error)

PushAccountDeletedJob adds a job for the given account and konnector with the AccountDeleted flag, to allow the konnector to clear the account remotely.

Types

type Account 

type Account struct {
	DocID         string                 `json:"_id,omitempty"`
	DocRev        string                 `json:"_rev,omitempty"`
	Relationships map[string]interface{} `json:"relationships,omitempty"`
	Metadata      *metadata.CozyMetadata `json:"cozyMetadata,omitempty"`

	AccountType       string                   `json:"account_type"`
	Name              string                   `json:"name"`                        // Filled during creation request
	FolderPath        string                   `json:"folderPath,omitempty"`        // Legacy. Replaced by DefaultFolderPath
	DefaultFolderPath string                   `json:"defaultFolderPath,omitempty"` // Computed from other attributes if not provided
	Identifier        string                   `json:"identifier,omitempty"`        // Name of the Basic attribute used as identifier
	Basic             *BasicInfo               `json:"auth,omitempty"`
	Oauth             *OauthInfo               `json:"oauth,omitempty"`
	Extras            map[string]interface{}   `json:"oauth_callback_results,omitempty"`
	Data              map[string]interface{}   `json:"data,omitempty"`
	State             string                   `json:"state,omitempty"`
	TwoFACode         string                   `json:"twoFACode,omitempty"`
	MutedErrors       []map[string]interface{} `json:"mutedErrors,omitempty"`
	Token             string                   `json:"token,omitempty"`   // Used by bi-aggregator
	UserID            string                   `json:"user_id,omitempty"` // Used by bi-aggregator-user

	// When an account is deleted, the stack cleans the triggers and calls its
	// konnector to clean the account remotely (when available). It is done via
	// a hook on deletion, but when the konnector is removed, this cleaning is
	// done manually before uninstalling the konnector, and this flag is used
	// to not try doing the cleaning in the hook as it is already too late (the
	// konnector is no longer available).
	ManualCleaning bool `json:"manual_cleaning,omitempty"`
}

Account holds configuration information for an account

func (*Account) Clone 

func (ac *Account) Clone() couchdb.Doc

Clone implements couchdb.Doc

func (*Account) DocType 

func (ac *Account) DocType() string

DocType implements couchdb.Doc

func (*Account) Fetch 

func (ac *Account) Fetch(field string) []string

Fetch implements permission.Fetcher

func (*Account) ID 

func (ac *Account) ID() string

ID is used to implement the couchdb.Doc interface

func (*Account) Rev 

func (ac *Account) Rev() string

Rev is used to implement the couchdb.Doc interface

func (*Account) SetID 

func (ac *Account) SetID(id string)

SetID is used to implement the couchdb.Doc interface

func (*Account) SetRev 

func (ac *Account) SetRev(rev string)

SetRev is used to implement the couchdb.Doc interface

type AccountType 

type AccountType struct {
	DocID  string `json:"_id,omitempty"`
	DocRev string `json:"_rev,omitempty"`
	Slug   string `json:"slug,omitempty"`

	// OAuth parameters
	GrantMode             string            `json:"grant_mode,omitempty"`
	ClientID              string            `json:"client_id,omitempty"`
	ClientSecret          string            `json:"client_secret,omitempty"`
	AuthEndpoint          string            `json:"auth_endpoint,omitempty"`
	ManageEndpoint        string            `json:"manage_endpoint,omitempty"`
	ReconnectEndpoint     string            `json:"reconnect_endpoint,omitempty"`
	TokenEndpoint         string            `json:"token_endpoint,omitempty"`
	TokenAuthMode         string            `json:"token_mode,omitempty"`
	RegisteredRedirectURI string            `json:"redirect_uri,omitempty"`
	ExtraAuthQuery        map[string]string `json:"extras,omitempty"`
	SkipRedirectURI       bool              `json:"skip_redirect_uri_on_authorize,omitempty"`
	SkipState             bool              `json:"skip_state_on_token,omitempty"`

	// Other secrets that can be used by the konnectors
	Secret interface{} `json:"secret,omitempty"`

	// For sending notifications via Firebase Cloud Messaging
	AndroidAPIKey string `json:"android_api_key"`
}

AccountType holds configuration information for

func FindAccountTypesBySlug 

func FindAccountTypesBySlug(slug, contextName string) ([]*AccountType, error)

FindAccountTypesBySlug returns the AccountType documents for the given slug

func TypeInfo 

func TypeInfo(id, contextName string) (*AccountType, error)

TypeInfo returns the AccountType document for a given id

func (*AccountType) Clone 

func (at *AccountType) Clone() couchdb.Doc

Clone implements couchdb.Doc

func (*AccountType) DocType 

func (at *AccountType) DocType() string

DocType implements couchdb.Doc

func (*AccountType) HasSecretGrant 

func (at *AccountType) HasSecretGrant() bool

HasSecretGrant tells if the account type has non-OAuth secrets.

func (*AccountType) ID 

func (at *AccountType) ID() string

ID is used to implement the couchdb.Doc interface

func (*AccountType) MakeManageURL 

func (at *AccountType) MakeManageURL(i *instance.Instance, state string, params url.Values) (string, error)

MakeManageURL returns the url at which the user can be redirected to access the BI manage webview

func (*AccountType) MakeOauthStartURL 

func (at *AccountType) MakeOauthStartURL(i *instance.Instance, state string, params url.Values) (string, error)

MakeOauthStartURL returns the url at which direct the user to start the oauth flow

func (*AccountType) MakeReconnectURL 

func (at *AccountType) MakeReconnectURL(i *instance.Instance, state string, params url.Values) (string, error)

MakeReconnectURL returns the url at which the user can be redirected for a BI webauth reconnect flow.

func (*AccountType) RedirectURI 

func (at *AccountType) RedirectURI(i *instance.Instance) string

RedirectURI returns the redirectURI for an account, it can be either the

func (*AccountType) RefreshAccount 

func (at *AccountType) RefreshAccount(a Account) error

RefreshAccount requires a new AccessToken using the RefreshToken as specified in https://tools.ietf.org/html/rfc6749#section-6

func (*AccountType) RequestAccessToken 

func (at *AccountType) RequestAccessToken(i *instance.Instance, accessCode, state, nonce string) (*Account, error)

RequestAccessToken asks the service an access token https://tools.ietf.org/html/rfc6749#section-4

func (*AccountType) Rev 

func (at *AccountType) Rev() string

Rev is used to implement the couchdb.Doc interface

func (*AccountType) ServiceID 

func (at *AccountType) ServiceID() string

ServiceID is the ID, without the (optional) context prefix

func (*AccountType) SetID 

func (at *AccountType) SetID(id string)

SetID is used to implement the couchdb.Doc interface

func (*AccountType) SetRev 

func (at *AccountType) SetRev(rev string)

SetRev is used to implement the couchdb.Doc interface

type BasicInfo 

type BasicInfo struct {
	Login                string `json:"login,omitempty"`
	Email                string `json:"email,omitempty"`          // Legacy, used in some accounts instead of login
	Identifier           string `json:"identifier,omitempty"`     // Legacy, used in some accounts instead of login
	NewIdentifier        string `json:"new_identifier,omitempty"` // Legacy, used in some accounts instead of login
	AccountName          string `json:"accountName,omitempty"`    // Used when konnector has no credentials
	Password             string `json:"password,omitempty"`       // Legacy, used when no encryption
	EncryptedCredentials string `json:"credentials_encrypted,omitempty"`
	Token                string `json:"token,omitempty"` // Used by legacy OAuth konnectors
}

BasicInfo holds configuration information for an user/pass account

type CleanEntry 

type CleanEntry struct {
	Account          *Account
	Triggers         []job.Trigger
	ManifestOnDelete bool // the manifest of the konnector has a field "on_delete_account"
	Slug             string
}

CleanEntry is a struct with an account and its associated trigger.

type OauthInfo 

type OauthInfo struct {
	AccessToken  string      `json:"access_token,omitempty"`
	TokenType    string      `json:"token_type,omitempty"`
	ExpiresAt    time.Time   `json:"expires_at,omitempty"`
	RefreshToken string      `json:"refresh_token,omitempty"`
	ClientID     string      `json:"client_id,omitempty"`
	ClientSecret string      `json:"client_secret,omitempty"`
	Query        *url.Values `json:"query,omitempty"`
}

OauthInfo holds configuration information for an oauth account

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.