authentication

package

v0.0.0-...-0388672 Latest Latest Go to latest Published: Dec 12, 2023 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mandiant/gocrack

Documentation ¶

Index ¶

Variables
func CheckPasswordRequirement(password string) bool
func Register(name string, plugin AuthDriver)
type AuthAPI
type AuthClaim
type AuthDriver
type AuthSettings
- func (s *AuthSettings) Validate() error
type AuthStorageBackend
type AuthWrapper
- func Open(db AuthStorageBackend, cfg AuthSettings) (*AuthWrapper, error)
- func WrapProvider(prov AuthAPI, as AuthSettings) *AuthWrapper
- func (s *AuthWrapper) Login(username, password string, APIOnly bool) (string, error)
- func (s *AuthWrapper) VerifyClaim(rawclaim, expSubj string, expAuds ...string) (*AuthClaim, error)
type PluginSettings
type ProviderAPI

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("authentication has expired")
	// ErrFailsRequirements indicates the password fails to meet the system requirements
	ErrFailsRequirements = errors.New("password fails requirements")
	// ErrPasswordEmpty indicates the password is empty
	ErrPasswordEmpty = errors.New("password is empty")

	// DefaultTokenExpiry indicates the default duration of a JWT if the TokenExpiry in AuthSettings is nil
	DefaultTokenExpiry = shared.HumanDuration{Duration: 24 * time.Hour}
)

Functions ¶

func CheckPasswordRequirement ¶

func CheckPasswordRequirement(password string) bool

CheckPasswordRequirement ensures the password meets sane requirements of 8+ characters, at least one number, one special character, and both an upper and lowercase letter

func Register ¶

func Register(name string, plugin AuthDriver)

Register makes a storage backend available to the system

Types ¶

type AuthAPI ¶

type AuthAPI interface {
	// Login to the authentication backend with the given username and password
	Login(username, password string) (user *storage.User, err error)
	// CreateUser stores the user into the storage backend and takes any necessary actions to create the user that will function in this backend
	CreateUser(user storage.User) (err error)
	// UserCanChangePassword indicates if a user is able to change his or her's password in this backend
	UserCanChangePassword() bool
	// GenerateSecurePassword returns a secure version that is safe for long-term storage of the password passed into the function
	GenerateSecurePassword(password string) (string, error)
	// CanUsersRegister indicates if users are able to register on the system
	CanUsersRegister() bool
}

AuthAPI describes the APIs that authentication backends must implement

type AuthClaim ¶

type AuthClaim struct {
	Username string `json:"username"`
	UserUUID string `json:"user_uuid"`
	Email    string `json:"email"`
	IsAdmin  bool   `json:"is_admin"`
	APIOnly  bool   `json:"api_only"`
	jwt.Claims
}

AuthClaim is a JWT claim describing metadata about an authenticated user

type AuthDriver ¶

type AuthDriver interface {
	Open(AuthStorageBackend, PluginSettings) (AuthAPI, error)
}

type AuthSettings ¶

type AuthSettings struct {
	Backend     string                 `yaml:"backend"`
	Settings    map[string]interface{} `yaml:"backend_settings,omitempty"`
	TokenExpiry *shared.HumanDuration  `yaml:"token_expiry,omitempty"`
	SecretKey   *string                `yaml:"secret_key,omitempty"`
}

AuthSettings describes the basic configuration options for the modula authentication backend

func (*AuthSettings) Validate ¶

func (s *AuthSettings) Validate() error

Validate the configuration; setting default values and returning any errors

type AuthStorageBackend ¶

type AuthStorageBackend interface {
	CreateUser(*storage.User) error
	SearchForUserByPassword(string, storage.PasswordCheckFunc) (*storage.User, error)
	GetUsers() ([]storage.User, error)
}

AuthStorageBackend defines the APIs we need from the storage driver to implement a authentication driver

type AuthWrapper ¶

type AuthWrapper struct {
	AuthAPI
	// contains filtered or unexported fields
}

AuthWrapper wraps the requested provider

func Open ¶

func Open(db AuthStorageBackend, cfg AuthSettings) (*AuthWrapper, error)

Open creates the authentication plugin

func WrapProvider ¶

func WrapProvider(prov AuthAPI, as AuthSettings) *AuthWrapper

WrapProvider returns an auth wrapper that is used by services like the API to perform authentication

func (s *AuthWrapper) Login(username, password string, APIOnly bool) (string, error)

Login the user and set the JWT token to the header

func (*AuthWrapper) VerifyClaim ¶

func (s *AuthWrapper) VerifyClaim(rawclaim, expSubj string, expAuds ...string) (*AuthClaim, error)

VerifyClaim parses a raw JWT claim and validates it

type PluginSettings ¶

type PluginSettings map[string]interface{}

PluginSettings contains settings related to a specific authentication plugin

type ProviderAPI ¶

type ProviderAPI interface {
	Login(username, password string, APIOnly bool) (claimStr string, err error)
	VerifyClaim(rawclaim, expectedSubject string, auds ...string) (claim *AuthClaim, err error)
}

ProviderAPI describes the APIs available to the a service that requires authentication

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
database
ldap
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL