password

package
v0.0.3-alpha.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 30, 2020 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	LoginPath = "/self-service/browser/flows/login/strategies/password"
)
View Source 
const (
	RegistrationPath = "/self-service/browser/flows/registration/strategies/password"
)

Variables

View Source 
var (
	ErrInvalidHash               = errors.New("the encoded hash is not in the correct format")
	ErrIncompatibleVersion       = errors.New("incompatible version of argon2")
	ErrMismatchedHashAndPassword = errors.New("passwords do not match")
)

Functions

This section is empty.

Types

type CredentialsConfig 

type CredentialsConfig struct {
	// HashedPassword is a hash-representation of the password.
	HashedPassword string `json:"hashed_password"`
}

CredentialsConfig is the struct that is being used as part of the identity credentials.

type DefaultPasswordValidator 

type DefaultPasswordValidator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

DefaultPasswordValidator implements Validator. It is based on best practices as defined in the following blog posts:

- https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/ - https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf

Additionally passwords are being checked against Troy Hunt's [haveibeenpwnd](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) service to check if the password has been breached in a previous data leak using k-anonymity.

func NewDefaultPasswordValidatorStrategy 

func NewDefaultPasswordValidatorStrategy() *DefaultPasswordValidator

func NewDefaultPasswordValidatorStrategyStrict 

func NewDefaultPasswordValidatorStrategyStrict() *DefaultPasswordValidator

func (*DefaultPasswordValidator) Validate 

func (s *DefaultPasswordValidator) Validate(identifier, password string) error

type HashProvider 

type HashProvider interface {
	PasswordHasher() Hasher
}

type Hasher 

type Hasher interface {
	// Compare a password to a hash and return nil if they match or an error otherwise.
	Compare(password []byte, hash []byte) error

	// Generate returns a hash derived from the password or an error if the hash method failed.
	Generate(password []byte) ([]byte, error)
}

Hasher provides methods for generating and comparing password hashes.

type HasherArgon2 

type HasherArgon2 struct {
	// contains filtered or unexported fields
}

func NewHasherArgon2 

func NewHasherArgon2(c HasherArgon2Configuration) *HasherArgon2

func (*HasherArgon2) Compare 

func (h *HasherArgon2) Compare(password []byte, hash []byte) error

func (*HasherArgon2) Generate 

func (h *HasherArgon2) Generate(password []byte) ([]byte, error)

type HasherArgon2Configuration 

type HasherArgon2Configuration interface {
	HashersArgon2() *configuration.HasherArgon2Config
}

type LoginFormPayload 

type LoginFormPayload struct {
	Password   string `form:"password"`
	Identifier string `form:"identifier"`
}

LoginFormPayload is used to decode the login form payload.

type RegistrationFormPayload 

type RegistrationFormPayload struct {
	Password string          `json:"password"`
	Traits   json.RawMessage `json:"traits"`
}

type RequestMethod 

type RequestMethod struct {
	*form.HTMLForm
}

RequestMethod contains the configuration for this selfservice strategy.

type Strategy 

type Strategy struct {
	// contains filtered or unexported fields
}

func NewStrategy 

func NewStrategy(
	d registrationStrategyDependencies,
	c configuration.Provider,
) *Strategy

func (*Strategy) ID 

func (s *Strategy) ID() identity.CredentialsType

func (*Strategy) LoginStrategyID 

func (s *Strategy) LoginStrategyID() identity.CredentialsType

func (*Strategy) PopulateLoginMethod 

func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Request) error

func (*Strategy) PopulateRegistrationMethod 

func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Request) error

func (*Strategy) RegisterLoginRoutes 

func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)

func (*Strategy) RegisterRegistrationRoutes 

func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)

func (*Strategy) RegistrationStrategyID 

func (s *Strategy) RegistrationStrategyID() identity.CredentialsType

func (*Strategy) WithTokenGenerator 

func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)

type ValidationProvider 

type ValidationProvider interface {
	PasswordValidator() Validator
}

type Validator 

type Validator interface {
	// Validate returns nil if the password is passing the validation strategy and an error otherwise. If a validation error
	// occurs, a regular error will be returned. If some other type of error occurs (e.g. HTTP request failed), an error
	// of type *herodot.DefaultError will be returned.
	Validate(identifier, password string) error
}

Validator implements a validation strategy for passwords. One example is that the password has to have at least 6 characters and at least one lower and one uppercase password.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.