autentigo

command module

v1.9.2 Latest Latest Go to latest Published: Nov 20, 2020 License: GPL-3.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/isi-nc/autentigo

Links

Open Source Insights

README ¶

Running

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout tls.key -out tls.crt -subj /CN=localhost
TLS_CRT="$(<test/tls.crt)" TLS_KEY="$(<test/tls.key)" SIGNING_METHOD=RS256 ./autentigo

Request examples

Simple authentication:

$ curl -H'Content-Type: application/json' localhost:8080/simple -d'{"user":"test-user","password":"test-password"}' |jq .
{
  "token": "<TOKEN>",
  "claims": {
    "exp": 1531110508,
    "iat": 1531106908,
    "sub": "test-user",
    "display_name": "Display Name",
    "email": "email@example.com",
    "email_verified": true,
    "groups": [
      "group1",
      "group2"
    ]
  }
  "claims":
}

Basic authentication:

$ curl -i localhost:8080/basic
HTTP/1.1 401 Unauthorized
Www-Authenticate: Basic realm="Autorizo"
Date: Wed, 27 Jun 2018 06:50:59 GMT
Content-Length: 14
Content-Type: text/plain; charset=utf-8

Unauthorized.

$ curl --basic --user test-user:test-password localhost:8080/basic |jq .
{
  "token": "<TOKEN>",
  "claims": {
    "exp": 1531110508,
    "iat": 1531106908,
    "sub": "test-user",
    "display_name": "Display Name",
    "email": "email@example.com",
    "email_verified": true,
    "groups": [
      "group1",
      "group2"
    ]
  }
}

Basic authentication, setting only a cookie (also supported on /simple):

$ curl --basic --user test-user:test-password localhost:8080/basic -H'X-Set-Cookie: token' -i
HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: token=<TOKEN>; HttpOnly; Secure
Date: Thu, 28 Jun 2018 22:59:57 GMT
Content-Length: 67

{
  "exp": 1530230397,
  "iat": 1530226797,
  "sub": "test-user",
  ...
 }

Flags

autentigo --help

Environment

Variable	Description
`TLS_CRT`	The certificate to check tokens
`TLS_KEY`	The key to sign tokens
`SIGNING_METHOD`	The signing method to use (https://tools.ietf.org/html/rfc7518#section-3.1)
`AUTH_BACKEND`	choose an authentication backend (default: stupid)

Auth backends

stupid

Always accept the given credentials.

file

Reads a file, defined by the AUTH_FILE env, in the format:

<user name>:<password SHA256 (hex)>:email:email_validated:groups

Only user and password are required.

Adding an entry can be done this way:

echo test-user:$(echo -n test-password |sha256sum |awk '{print $1}'):Display Name:email@example.com:yes:group1,group2 >>users

LDAP simple bind

Tries to bind to an LDAP server, defined by the LDAP_SERVER env, with the given credentials and using LDAP_USER as a username template.

Example:

AUTH_BACKEND=ldap-bind \
LDAP_SERVER=ldap://localhost:389 \
LDAP_USER=uid=%s,ou=users,dc=example,dc=com \
autentigo

etcd lookup

Looks up the user in etcd, with a key like prefix/user-name. Takes an optionnal ETCD_TIMEOUT to change the lookup timeout.

Example:

AUTH_BACKEND=etcd \
ETCD_ENDPOINTS=http://localhost:2379 \
ETCD_PREFIX=/users \
autentigo

Allowed extra claims in the etcd object:

{
    "password_hash": "<password sha256, hex encoded)>",
    "groups": [ "app1-admin", "app2-reader" ],
    "display_name": "Display Name",
    "email": "user@host",
    "email_verified": true
}

SQL database lookup

Looks up the user in the SQL database.

Example:

docker run --name autentigo-postgres --network host -e POSTGRES_PASSWORD=password -e POSTGRES_USER=postgres -e POSTGRES_DB=postgres -p 5432:5432 -d postgres:12-alpine

CREATE TABLE IF NOT EXISTS auth_users(
ID VARCHAR PRIMARY KEY NOT NULL,
PASSWORD_HASH VARCHAR NOT NULL,
DISPLAY_NAME VARCHAR NOT NULL,
EMAIL VARCHAR NOT NULL,
EMAIL_VERIFIED BOOLEAN,
GROUPS VARCHAR NOT NULL
);

INSERT INTO auth_users(id,password_hash, display_name, email, email_verified, groups) VALUES('test-user','5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8','Test User','user@test.com',false,'group1,group2,group3');

AUTH_BACKEND=sql \
SQL_DRIVER=postgres\
SQL_DSN="user=postgres password=postgres host=localhost dbname=postgres sslmode=disable"\
SQL_USER_TABLE=users \
autentigo

Allowed extra claims in the object:

{
    "password_hash": "<password sha256, hex encoded)>",
    "groups": [ "app1-admin", "app2-reader" ],
    "display_name": "Display Name",
    "email": "user@host",
    "email_verified": true
}

mongo lookup

Looks up the user in mongo, with a key defined on MONGO_FIELD.

Example:

AUTH_BACKEND=mongo \
MONGO_ENDPOINT=mongodb://mongodb:27017 \
MONGO_DATABASE=projectx \
MONGO_COLLECTION=users \
MONGO_FIELD=email \
autentigo

Testing

You need docker to test because it will automatically download and start a postgres server.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
auth
etcd
ldap-bind
mongo
sql
stupid-auth
users-file
client
cmd
ag-companion-api
ag2dovecot-passwd-file
agctl
pkg
companion-api/api
companion-api/backend
companion-api/backend/etcd
companion-api/backend/sql
companion-api/backend/users-file
rbac
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL