Affected by GO-2024-3083 and 3 other vulnerabilities

GO-2024-3083: Openshift Console insufficient entropy vulnerability in github.com/openshift/console

GO-2024-3211: Graphql: information disclosure via graphql introspection in openshift in github.com/openshift/console

GO-2024-3289: OpenShift Console Server Side Request Forgery vulnerability in github.com/openshift/console

GO-2025-3539: OpenShift Console Has a Path Traversal Vulnerability in github.com/openshift/console

auth

package

v6.0.4+incompatible Latest Latest Go to latest Published: Apr 19, 2018 License: Apache-2.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openshift/console

Links

Documentation ¶

Index ¶

Constants
func NewDexClient(hostAndPort string, caCrt, clientCrt, clientKey string) (api.DexClient, error)
type Authenticator
- func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error)
type Config
type LoginJSON
type SessionStore
- func NewSessionStore(maxSessions int) *SessionStore
type User

Constants ¶

View Source

const (
	CSRFCookieName = "csrf-token"
	CSRFHeader     = "X-CSRFToken"
)

Variables ¶

This section is empty.

Functions ¶

func NewDexClient ¶

func NewDexClient(hostAndPort string, caCrt, clientCrt, clientKey string) (api.DexClient, error)

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

func NewAuthenticator ¶

func NewAuthenticator(ctx context.Context, c *Config) (*Authenticator, error)

NewAuthenticator initializes an Authenticator struct. It blocks until the authenticator is able to contact the provider.

func (*Authenticator) Authenticate ¶

func (a *Authenticator) Authenticate(r *http.Request) (*User, error)

func (*Authenticator) CallbackFunc ¶

func (a *Authenticator) CallbackFunc(fn func(loginInfo LoginJSON, successURL string, w http.ResponseWriter)) func(w http.ResponseWriter, r *http.Request)

CallbackFunc handles OAuth2 callbacks and code/token exchange. Requests with unexpected params are redirected to the root route.

func (*Authenticator) ExchangeAuthCode ¶

func (a *Authenticator) ExchangeAuthCode(code string) (idToken, refreshToken string, err error)

ExchangeAuthCode allows callers to return a raw token response given a OAuth2 code. This is useful for clients which need to request refresh tokens.

func (*Authenticator) LoginFunc ¶

func (a *Authenticator) LoginFunc(w http.ResponseWriter, r *http.Request)

LoginFunc redirects to the OIDC provider for user login.

func (*Authenticator) LogoutFunc ¶

func (a *Authenticator) LogoutFunc(w http.ResponseWriter, r *http.Request)

LogoutFunc cleans up session cookies.

func (*Authenticator) SetCSRFCookie ¶

func (a *Authenticator) SetCSRFCookie(path string, w *http.ResponseWriter)

func (*Authenticator) VerifyCSRFToken ¶

func (a *Authenticator) VerifyCSRFToken(r *http.Request) (err error)

func (*Authenticator) VerifyReferer ¶

func (a *Authenticator) VerifyReferer(r *http.Request) (err error)

type Config ¶

type Config struct {
	IssuerURL    string
	IssuerCA     string
	RedirectURL  string
	ClientID     string
	ClientSecret string
	Scope        []string

	SuccessURL  string
	ErrorURL    string
	RefererPath string
	// cookiePath is an abstraction leak. (unfortunately, a necessary one.)
	CookiePath    string
	SecureCookies bool
}

type LoginJSON ¶

type LoginJSON struct {
	UserID string `json:"userID"`
	Name   string `json:"name"`
	Email  string `json:"email"`
	Exp    int64  `json:"exp"`
}

type SessionStore ¶

type SessionStore struct {
	// contains filtered or unexported fields
}

func NewSessionStore ¶

func NewSessionStore(maxSessions int) *SessionStore

type User ¶

type User struct {
	ID       string
	Username string
	Token    string
}

User holds fields representing a user.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL