Version: v0.10.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 1, 2022 License: Apache-2.0 Imports: 40 Imported by: 0




This section is empty.


View Source
var (
	ErrNetworkFailure       = stderrs.New("unable to check if password has been leaked because an unexpected network error occurred")
	ErrUnexpectedStatusCode = stderrs.New("unexpected status code")
	ErrTooManyBreaches      = stderrs.New("the password has been found in data breaches and must no longer be used")


func NewPasswordNode

func NewPasswordNode(name string) *node.Node


type DefaultPasswordValidator

type DefaultPasswordValidator struct {
	Client *retryablehttp.Client
	// contains filtered or unexported fields

DefaultPasswordValidator implements Validator. It is based on best practices as defined in the following blog posts:

- -

Additionally passwords are being checked against Troy Hunt's [haveibeenpwnd]( service to check if the password has been breached in a previous data leak using k-anonymity.

func NewDefaultPasswordValidatorStrategy

func NewDefaultPasswordValidatorStrategy(reg validatorDependencies) (*DefaultPasswordValidator, error)

func (*DefaultPasswordValidator) Validate

func (s *DefaultPasswordValidator) Validate(ctx context.Context, identifier, password string) error

type FlowMethod

type FlowMethod struct {

FlowMethod contains the configuration for this selfservice strategy.

type Strategy

type Strategy struct {
	// contains filtered or unexported fields

func NewStrategy

func NewStrategy(d registrationStrategyDependencies) *Strategy

func (*Strategy) CompletedAuthenticationMethod

func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod

func (*Strategy) CountActiveFirstFactorCredentials

func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)

func (*Strategy) CountActiveMultiFactorCredentials

func (s *Strategy) CountActiveMultiFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)

func (*Strategy) ID

func (*Strategy) Login

func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, ss *session.Session) (i *identity.Identity, err error)

func (*Strategy) NodeGroup

func (s *Strategy) NodeGroup() node.UiNodeGroup

func (*Strategy) PopulateLoginMethod

func (s *Strategy) PopulateLoginMethod(r *http.Request, requestedAAL identity.AuthenticatorAssuranceLevel, sr *login.Flow) error

func (*Strategy) PopulateRegistrationMethod

func (s *Strategy) PopulateRegistrationMethod(r *http.Request, f *registration.Flow) error

func (*Strategy) PopulateSettingsMethod

func (s *Strategy) PopulateSettingsMethod(r *http.Request, _ *identity.Identity, f *settings.Flow) error

func (*Strategy) Register

func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error)

func (*Strategy) RegisterLoginRoutes

func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)

func (*Strategy) RegisterRegistrationRoutes

func (s *Strategy) RegisterRegistrationRoutes(_ *x.RouterPublic)

func (*Strategy) RegisterSettingsRoutes

func (s *Strategy) RegisterSettingsRoutes(_ *x.RouterPublic)

func (*Strategy) Settings

func (*Strategy) SettingsStrategyID

func (s *Strategy) SettingsStrategyID() string

type SubmitSelfServiceRegistrationFlowWithPasswordMethodBody

type SubmitSelfServiceRegistrationFlowWithPasswordMethodBody struct {
	// Password to sign the user up with
	// required: true
	Password string `json:"password"`

	// The identity's traits
	// required: true
	Traits json.RawMessage `json:"traits"`

	// The CSRF Token
	CSRFToken string `json:"csrf_token"`

	// Method to use
	// This field must be set to `password` when using the password method.
	// required: true
	Method string `json:"method"`

SubmitSelfServiceRegistrationFlowWithPasswordMethodBody is used to decode the registration form payload when using the password method.

swagger:model submitSelfServiceRegistrationFlowWithPasswordMethodBody

type ValidationProvider

type ValidationProvider interface {
	PasswordValidator() Validator

type Validator

type Validator interface {
	// Validate returns nil if the password is passing the validation strategy and an error otherwise. If a validation error
	// occurs, a regular error will be returned. If some other type of error occurs (e.g. HTTP request failed), an error
	// of type *herodot.DefaultError will be returned.
	Validate(ctx context.Context, identifier, password string) error

Validator implements a validation strategy for passwords. One example is that the password has to have at least 6 characters and at least one lower and one uppercase password.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL