authentication

package
v0.0.0-...-bd43069 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2020 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("authentication has expired")
	// ErrFailsRequirements indicates the password fails to meet the system requirements
	ErrFailsRequirements = errors.New("password fails requirements")
	// ErrPasswordEmpty indicates the password is empty
	ErrPasswordEmpty = errors.New("password is empty")

	// DefaultTokenExpiry indicates the default duration of a JWT if the TokenExpiry in AuthSettings is nil
	DefaultTokenExpiry = shared.HumanDuration{Duration: 24 * time.Hour}
)

Functions

func CheckPasswordRequirement

func CheckPasswordRequirement(password string) bool

CheckPasswordRequirement ensures the password meets sane requirements of 8+ characters, at least one number, one special character, and both an upper and lowercase letter

func Register

func Register(name string, plugin AuthDriver)

Register makes a storage backend available to the system

Types

type AuthAPI

type AuthAPI interface {
	// Login to the authentication backend with the given username and password
	Login(username, password string) (user *storage.User, err error)
	// CreateUser stores the user into the storage backend and takes any necessary actions to create the user that will function in this backend
	CreateUser(user storage.User) (err error)
	// UserCanChangePassword indicates if a user is able to change his or her's password in this backend
	UserCanChangePassword() bool
	// GenerateSecurePassword returns a secure version that is safe for long-term storage of the password passed into the function
	GenerateSecurePassword(password string) (string, error)
	// CanUsersRegister indicates if users are able to register on the system
	CanUsersRegister() bool
}

AuthAPI describes the APIs that authentication backends must implement

type AuthClaim

type AuthClaim struct {
	Username string `json:"username"`
	UserUUID string `json:"user_uuid"`
	Email    string `json:"email"`
	IsAdmin  bool   `json:"is_admin"`
	APIOnly  bool   `json:"api_only"`
	jwt.Claims
}

AuthClaim is a JWT claim describing metadata about an authenticated user

type AuthDriver

type AuthDriver interface {
	Open(AuthStorageBackend, PluginSettings) (AuthAPI, error)
}

type AuthSettings

type AuthSettings struct {
	Backend     string                 `yaml:"backend"`
	Settings    map[string]interface{} `yaml:"backend_settings,omitempty"`
	TokenExpiry *shared.HumanDuration  `yaml:"token_expiry,omitempty"`
	SecretKey   *string                `yaml:"secret_key,omitempty"`
}

AuthSettings describes the basic configuration options for the modula authentication backend

func (*AuthSettings) Validate

func (s *AuthSettings) Validate() error

Validate the configuration; setting default values and returning any errors

type AuthStorageBackend

type AuthStorageBackend interface {
	CreateUser(*storage.User) error
	SearchForUserByPassword(string, storage.PasswordCheckFunc) (*storage.User, error)
	GetUsers() ([]storage.User, error)
}

AuthStorageBackend defines the APIs we need from the storage driver to implement a authentication driver

type AuthWrapper

type AuthWrapper struct {
	AuthAPI
	// contains filtered or unexported fields
}

AuthWrapper wraps the requested provider

func Open

Open creates the authentication plugin

func WrapProvider

func WrapProvider(prov AuthAPI, as AuthSettings) *AuthWrapper

WrapProvider returns an auth wrapper that is used by services like the API to perform authentication

func (*AuthWrapper) Login

func (s *AuthWrapper) Login(username, password string, APIOnly bool) (string, error)

Login the user and set the JWT token to the header

func (*AuthWrapper) VerifyClaim

func (s *AuthWrapper) VerifyClaim(rawclaim, expSubj string, expAuds ...string) (*AuthClaim, error)

VerifyClaim parses a raw JWT claim and validates it

type PluginSettings

type PluginSettings map[string]interface{}

PluginSettings contains settings related to a specific authentication plugin

type ProviderAPI

type ProviderAPI interface {
	Login(username, password string, APIOnly bool) (claimStr string, err error)
	VerifyClaim(rawclaim, expectedSubject string, auds ...string) (claim *AuthClaim, err error)
}

ProviderAPI describes the APIs available to the a service that requires authentication

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL