auth

package
Version: v3.3.4+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 31, 2017 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const AuthCookieName = "ATC-Authorization"
View Source
const BuildContextKey = "build"
View Source
const CSRFHeaderName = "X-Csrf-Token"
View Source
const CSRFRequiredKey = "CSRFRequired"
View Source
const CSRFTokenKey = "csrfToken"
View Source
const OAuthStateCookie = "_concourse_oauth_state"
View Source
const PipelineContextKey = "pipeline"
View Source
const TokenTypeBearer = "Bearer"

Variables

View Source
var ErrUnparsableHeader = errors.New("cannot parse 'Authorization' header")
View Source
var SigningMethod = jwt.SigningMethodRS256

Functions

func CSRFValidationHandler

func CSRFValidationHandler(
	handler http.Handler,
	rejector Rejector,
	userContextReader UserContextReader,
) http.Handler

func CheckAdminHandler

func CheckAdminHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthenticationHandler

func CheckAuthenticationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthorizationHandler

func CheckAuthorizationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func IsAdmin

func IsAdmin(r *http.Request) bool

func IsAuthenticated

func IsAuthenticated(r *http.Request) bool

func IsAuthorized

func IsAuthorized(r *http.Request) bool

func IsSystem

func IsSystem(r *http.Request) bool

func NewCheckBuildReadAccessHandlerFactory

func NewCheckBuildReadAccessHandlerFactory(
	buildFactory db.BuildFactory,
) *checkBuildReadAccessHandlerFactory

func NewCheckBuildWriteAccessHandlerFactory

func NewCheckBuildWriteAccessHandlerFactory(
	buildFactory db.BuildFactory,
) *checkBuildWriteAccessHandlerFactory

func NewCheckPipelineAccessHandlerFactory

func NewCheckPipelineAccessHandlerFactory(
	teamFactory db.TeamFactory,
) *checkPipelineAccessHandlerFactory

func NewLogOutHandler

func NewLogOutHandler(logger lager.Logger) http.Handler

func NewOAuthBeginHandler

func NewOAuthBeginHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamFactory db.TeamFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthCallbackHandler

func NewOAuthCallbackHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamFactory db.TeamFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthHandler

func NewOAuthHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	teamFactory db.TeamFactory,
	signingKey *rsa.PrivateKey,
	expire time.Duration,
	isTLSEnabled bool,
) (http.Handler, error)

func WrapHandler

func WrapHandler(
	handler http.Handler,
	validator Validator,
	userContextReader UserContextReader,
) http.Handler

Types

type AuthTokenGenerator

type AuthTokenGenerator interface {
	GenerateToken(expiration time.Time, teamName string, isAdmin bool, csrfToken string) (TokenType, TokenValue, error)
}

func NewAuthTokenGenerator

func NewAuthTokenGenerator(privateKey *rsa.PrivateKey) AuthTokenGenerator

type CSRFTokenGenerator

type CSRFTokenGenerator interface {
	GenerateToken() (string, error)
}

func NewCSRFTokenGenerator

func NewCSRFTokenGenerator() CSRFTokenGenerator

type CheckBuildReadAccessHandlerFactory

type CheckBuildReadAccessHandlerFactory interface {
	AnyJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
	CheckIfPrivateJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckBuildWriteAccessHandlerFactory

type CheckBuildWriteAccessHandlerFactory interface {
	HandlerFor(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckPipelineAccessHandlerFactory

type CheckPipelineAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

type CheckWorkerTeamAccessHandlerFactory

type CheckWorkerTeamAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

func NewCheckWorkerTeamAccessHandlerFactory

func NewCheckWorkerTeamAccessHandlerFactory(
	workerFactory db.WorkerFactory,
) CheckWorkerTeamAccessHandlerFactory

type CookieSetHandler

type CookieSetHandler struct {
	Handler http.Handler
}

func (CookieSetHandler) ServeHTTP

func (handler CookieSetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type JWTReader

type JWTReader struct {
	PublicKey *rsa.PublicKey
}

func (JWTReader) GetCSRFToken

func (jr JWTReader) GetCSRFToken(r *http.Request) (string, bool)

func (JWTReader) GetSystem

func (jr JWTReader) GetSystem(r *http.Request) (bool, bool)

func (JWTReader) GetTeam

func (jr JWTReader) GetTeam(r *http.Request) (string, bool, bool)

type JWTValidator

type JWTValidator struct {
	PublicKey *rsa.PublicKey
}

func (JWTValidator) IsAuthenticated

func (validator JWTValidator) IsAuthenticated(r *http.Request) bool

type LogOutHandler

type LogOutHandler struct {
	// contains filtered or unexported fields
}

func (*LogOutHandler) ServeHTTP

func (handler *LogOutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthBeginHandler

type OAuthBeginHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthBeginHandler) ServeHTTP

func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthCallbackHandler

type OAuthCallbackHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthCallbackHandler) ServeHTTP

func (handler *OAuthCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthFactory

type OAuthFactory struct {
	// contains filtered or unexported fields
}

func NewOAuthFactory

func NewOAuthFactory(logger lager.Logger, atcExternalURL string, routes rata.Routes, callback string) OAuthFactory

func (OAuthFactory) GetProvider

func (of OAuthFactory) GetProvider(team db.Team, providerName string) (provider.Provider, bool, error)

type OAuthState

type OAuthState struct {
	Redirect     string `json:"redirect"`
	TeamName     string `json:"team_name"`
	FlyLocalPort string `json:"fly_local_port"`
}

type ProviderFactory

type ProviderFactory interface {
	GetProvider(db.Team, string) (provider.Provider, bool, error)
}

type Rejector

type Rejector interface {
	Unauthorized(http.ResponseWriter, *http.Request)
	Forbidden(http.ResponseWriter, *http.Request)
}

type Team

type Team interface {
	Name() string
	IsAdmin() bool
	IsAuthorized(teamName string) bool
}

func GetTeam

func GetTeam(r *http.Request) (Team, bool)

type TokenType

type TokenType string

type TokenValue

type TokenValue string

type UnauthorizedRejector

type UnauthorizedRejector struct{}

func (UnauthorizedRejector) Forbidden

func (UnauthorizedRejector) Unauthorized

func (UnauthorizedRejector) Unauthorized(w http.ResponseWriter, r *http.Request)

type UserContextReader

type UserContextReader interface {
	GetTeam(r *http.Request) (string, bool, bool)
	GetSystem(r *http.Request) (bool, bool)
	GetCSRFToken(r *http.Request) (string, bool)
}

type Validator

type Validator interface {
	IsAuthenticated(*http.Request) bool
}

func NewBasicAuthValidator

func NewBasicAuthValidator(team db.Team) Validator

func NewGetTokenValidator

func NewGetTokenValidator(
	teamFactory db.TeamFactory,
) Validator

func NewTeamAuthValidator

func NewTeamAuthValidator(
	teamFactory db.TeamFactory,
	jwtValidator Validator,
) Validator

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.
githubfakes
Code generated by counterfeiter.
Code generated by counterfeiter.
gitlabfakes
Code generated by counterfeiter.
Code generated by counterfeiter.
providerfakes
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL