credentialpassword

package module
v0.1.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package credentialpassword provides credential(email/username) and password authentication for the limen library.

Index

Constants

View Source 
const (
	CredentialPasswordUserSchemaUsernameField limen.SchemaField = "username"
)
View Source 
const (
	PasswordResetAction = "password_reset"
)

Variables

View Source 
var (
	ErrInvalidCredential         = limen.NewLimenError("invalid credential", http.StatusUnauthorized, nil)
	ErrInvalidPassword           = limen.NewLimenError("invalid password", http.StatusUnauthorized, nil)
	ErrEmailNotFound             = limen.NewLimenError("email not found", http.StatusNotFound, nil)
	ErrEmailRequired             = limen.NewLimenError("email is required", http.StatusUnprocessableEntity, nil)
	ErrPasswordRequired          = limen.NewLimenError("password is required", http.StatusUnprocessableEntity, nil)
	ErrEmailAlreadyExists        = limen.NewLimenError("email already exists", http.StatusConflict, nil)
	ErrPasswordTooShort          = limen.NewLimenError("password is too short", http.StatusUnprocessableEntity, nil)
	ErrPasswordRequiresUppercase = limen.NewLimenError("password requires uppercase letters", http.StatusUnprocessableEntity, nil)
	ErrPasswordRequiresNumbers   = limen.NewLimenError("password requires numbers", http.StatusUnprocessableEntity, nil)
	ErrPasswordRequiresSymbols   = limen.NewLimenError("password requires symbols", http.StatusUnprocessableEntity, nil)
	ErrResetTokenInvalid         = limen.NewLimenError("invalid or expired token. Please request a new one.", http.StatusBadRequest, nil)
	ErrInvalidCurrentPassword    = limen.NewLimenError("current password is invalid", http.StatusUnauthorized, nil)
	ErrUsernameAlreadyExists     = limen.NewLimenError("username already exists", http.StatusConflict, nil)
	ErrUsernameRequired          = limen.NewLimenError("username is required", http.StatusUnprocessableEntity, nil)
	ErrUsernameTooShort          = limen.NewLimenError("username is too short", http.StatusUnprocessableEntity, nil)
	ErrUsernameTooLong           = limen.NewLimenError("username is too long", http.StatusUnprocessableEntity, nil)
	ErrUsernameInvalidFormat     = limen.NewLimenError("username contains invalid characters", http.StatusUnprocessableEntity, nil)
	ErrPasswordNotSet            = limen.NewLimenError("password is not set", http.StatusForbidden, nil)
	ErrPasswordAlreadySet        = limen.NewLimenError("password is already set", http.StatusForbidden, nil)
	ErrUsernameNotEnabled        = limen.NewLimenError("username support is not enabled", http.StatusBadRequest, nil)
)

Functions

func DefaultPasswordHasherConfig 

func DefaultPasswordHasherConfig(opts ...PasswordHasherConfigOption) passwordHasherConfig

DefaultPasswordHasherConfig creates a new password hasher configuration with default values the default configuration follows the RFC9106-second recommendation: t=3 iterations, m ≥ 64MiB memory, p=4 lanes, s=128-bits salt and k=256-bits tag size.

@see https://datatracker.ietf.org/doc/html/rfc9106#section-7.4

These parameters provide a good balance between security and performance.

func New 

func New(opts ...ConfigOption) *credentialPasswordPlugin

New returns a new config with the default values. ConfigOptions can be provided to customize the configuration.

func NewCredentialPasswordAPI 

func NewCredentialPasswordAPI(emailPasswordPlugin *credentialPasswordPlugin, httpCore *limen.LimenHTTPCore, routeBuilder *limen.RouteBuilder) *credentialPasswordHandlers

Types

type API 

type API interface {
	SignInWithCredentialAndPassword(ctx context.Context, credential string, password string) (*limen.AuthenticationResult, error)

	SignUpWithCredentialAndPassword(ctx context.Context, user *limen.User, additionalFields map[string]any) (*limen.AuthenticationResult, error)

	HashPassword(password string) (string, error)

	ComparePassword(password string, hash *string) (bool, error)

	RequestPasswordReset(ctx context.Context, email string) (*limen.Verification, error)

	ResetPassword(ctx context.Context, token string, newPassword string) error

	UpdatePassword(ctx context.Context, user *limen.User, currentPassword string, newPassword string, revokeOtherSessions bool) error

	// SetPassword sets a password for a user who doesn't have one (e.g., signed up via OAuth).
	SetPassword(ctx context.Context, user *limen.User, newPassword string, revokeOtherSessions bool) error

	FindUserByUsername(ctx context.Context, username string) (*limen.User, error)

	CheckUsernameAvailability(ctx context.Context, username string) (bool, error)
}

API is the public interface for the credential-password plugin. Call the Use() function to obtain a type-safe reference from a Limen instance.

func Use 

func Use(a *limen.Limen) API

Use returns a type-safe API for the credential-password plugin. Panics if the plugin was not registered in Config.Plugins, making it suitable for method chaining.

type ConfigOption 

type ConfigOption func(*config)

func WithAutoSignInOnSignUp 

func WithAutoSignInOnSignUp(autoSignInOnSignUp bool) ConfigOption

WithAutoSignInOnSignUp sets whether to auto sign in the user after sign up

func WithCompareFn 

func WithCompareFn(compareFn func(password string, hash string) (bool, error)) ConfigOption

WithCompareFn sets the function to compare the password and the hash

func WithGenerateResetToken 

func WithGenerateResetToken(generateResetToken func(*limen.User) (string, error)) ConfigOption

WithGenerateResetToken sets the function to generate the reset token

func WithHashFn 

func WithHashFn(hashFn func(password string) (string, error)) ConfigOption

WithHashFn sets the function to hash the password

func WithOnPasswordResetSuccess 

func WithOnPasswordResetSuccess(onPasswordResetSuccess func(ctx context.Context, user *limen.User)) ConfigOption

WithOnPasswordResetSuccess sets the function to call when the password reset is successful

func WithPasswordHasherConfigOptions 

func WithPasswordHasherConfigOptions(opts ...PasswordHasherConfigOption) ConfigOption

WithPasswordHasherConfigOptions sets the Argon2id configuration for the password hasher

func WithPasswordMinLength 

func WithPasswordMinLength(passwordMinLength int) ConfigOption

WithPasswordMinLength sets the minimum length of the password

func WithPasswordRequireNumbers 

func WithPasswordRequireNumbers(passwordRequireNumbers bool) ConfigOption

WithPasswordRequireNumbers sets whether to require numbers in the password

func WithPasswordRequireSymbols 

func WithPasswordRequireSymbols(passwordRequireSymbols bool) ConfigOption

WithPasswordRequireSymbols sets whether to require symbols in the password

func WithPasswordRequireUppercase 

func WithPasswordRequireUppercase(passwordRequireUppercase bool) ConfigOption

WithPasswordRequireUppercase sets whether to require uppercase letters in the password

func WithRequireUsernameOnSignUp 

func WithRequireUsernameOnSignUp(requireUsername bool) ConfigOption

WithRequireUsernameOnSignUp sets whether a username is required during sign up. If requireUsername is true, username support will be automatically enabled.

func WithResetTokenExpiration 

func WithResetTokenExpiration(resetTokenExpiration time.Duration) ConfigOption

WithResetTokenExpiration sets the expiration duration for the reset token

func WithSendPasswordResetEmail 

func WithSendPasswordResetEmail(sendPasswordResetEmail func(email string, token string)) ConfigOption

WithSendPasswordResetEmail sets the function to send the password reset message

func WithUsernameMaxLength 

func WithUsernameMaxLength(maxLength int) ConfigOption

WithUsernameMaxLength sets the maximum length of the username

func WithUsernameMinLength 

func WithUsernameMinLength(minLength int) ConfigOption

WithUsernameMinLength sets the minimum length of the username

func WithUsernameSupport 

func WithUsernameSupport(enabled bool) ConfigOption

WithUsernameSupport enables or disables username support for the credential-password plugin. When enabled, users can sign in and sign up using either email or username. Default: false (username support is disabled)

func WithUsernameValidationRegex 

func WithUsernameValidationRegex(pattern *regexp.Regexp) ConfigOption

WithUsernameValidationRegex sets a custom regex pattern for username validation

type CredentialPasswordUserSchema 

type CredentialPasswordUserSchema struct {
	*limen.UserSchema
}

CredentialPasswordUserSchema extends UserSchema with username-specific functionality.

func (*CredentialPasswordUserSchema) GetUsernameField 

func (s *CredentialPasswordUserSchema) GetUsernameField() string

GetUsernameField returns the resolved username field column name.

type PasswordHasherConfigOption 

type PasswordHasherConfigOption func(*passwordHasherConfig)

func WithPasswordHasherKeyLen 

func WithPasswordHasherKeyLen(keyLen uint32) PasswordHasherConfigOption

WithPasswordHasherKeyLen sets the output key length in bytes

func WithPasswordHasherMemoryKiB 

func WithPasswordHasherMemoryKiB(memoryKiB uint32) PasswordHasherConfigOption

WithPasswordHasherMemoryKiB sets the memory usage in KiB (m parameter)

func WithPasswordHasherParallel 

func WithPasswordHasherParallel(parallel uint8) PasswordHasherConfigOption

WithPasswordHasherParallel sets the number of parallel threads (p parameter)

func WithPasswordHasherSaltLen 

func WithPasswordHasherSaltLen(saltLen uint32) PasswordHasherConfigOption

WithPasswordHasherSaltLen sets the salt length in bytes

func WithPasswordHasherTime 

func WithPasswordHasherTime(time uint32) PasswordHasherConfigOption

WithPasswordHasherTime sets the number of iterations (t parameter)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.