auth

package
v0.28.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 30, 2021 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source
const CookieName = "goalert_session.2"

CookieName is the name of the auth session cookie.

Variables

This section is empty.

Functions

func ClearCookie

func ClearCookie(w http.ResponseWriter, req *http.Request, name string)

ClearCookie will clear and expire the cookie with the given name, for all API prefixes.

func Delay

func Delay(ctx context.Context)

Delay will block for a random delay (or until the context is Done).

It is useful in situations where there has been an auth failure.

func GetToken

func GetToken(req *http.Request) string

GetToken will return the auth token associated with a request.

Supported options (in priority order): - `token` (field or query) - Authorization: Bearer header

func SetCookie

func SetCookie(w http.ResponseWriter, req *http.Request, name, value string)

SetCookie will set a cookie value for all API prefixes, respecting the current config parameters.

func SetCookieAge

func SetCookieAge(w http.ResponseWriter, req *http.Request, name, value string, age time.Duration)

SetCookieAge behaves like SetCookie but also sets the MaxAge.

Types

type Error

type Error string

An Error can be returned to indicate an error message that should be displayed to the user attempting to authenticate.

func (Error) ClientError

func (Error) ClientError() bool

ClientError indicates an error meant for the client to see.

func (Error) Error

func (a Error) Error() string

type Field

type Field struct {
	// ID is the unique name/identifier of the field.
	// It will be used as the key name in the POST request.
	ID string

	// Label is the text displayed to the user for the field.
	Label string

	// Required indicates a field that must not be empty.
	Required bool

	// Password indicates the field should be treated as a password (gererally masked).
	Password bool

	// Scannable indicates the field can be entered via QR-code scan.
	Scannable bool
}

Field represents a single form field for authentication.

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler will serve authentication requests for registered identity providers.

func NewHandler

func NewHandler(ctx context.Context, db *sql.DB, cfg HandlerConfig) (*Handler, error)

NewHandler creates a new Handler using the provided config.

func (*Handler) AddIdentityProvider

func (h *Handler) AddIdentityProvider(id string, idp IdentityProvider) error

AddIdentityProvider registers a new IdentityProvider with the given ID.

func (*Handler) CreateSession

func (h *Handler) CreateSession(ctx context.Context, userAgent, userID string) (*authtoken.Token, error)

CreateSession will start a new session for the given UserID, returning a newly signed token.

func (*Handler) EndAllUserSessionsTx added in v0.26.0

func (h *Handler) EndAllUserSessionsTx(ctx context.Context, tx *sql.Tx) error

EndAllUserSessionsTx ends all sessions other than the user's currently active session

func (*Handler) EndUserSessionTx added in v0.26.0

func (h *Handler) EndUserSessionTx(ctx context.Context, tx *sql.Tx, id ...string) error

func (*Handler) FindAllUserSessions added in v0.26.0

func (h *Handler) FindAllUserSessions(ctx context.Context, userID string) ([]UserSession, error)

func (*Handler) IdentityProviderHandler

func (h *Handler) IdentityProviderHandler(id string) http.HandlerFunc

IdentityProviderHandler will return a handler for the given provider ID.

It panics if the id has not been registered with AddIdentityProvider.

func (*Handler) ServeLogout

func (h *Handler) ServeLogout(w http.ResponseWriter, req *http.Request)

ServeLogout will clear the current session cookie and end the session (if any).

func (*Handler) ServeProviders

func (h *Handler) ServeProviders(w http.ResponseWriter, req *http.Request)

ServeProviders will return a list of the currently enabled identity providers.

func (*Handler) WrapHandler

func (h *Handler) WrapHandler(wrapped http.Handler) http.Handler

WrapHandler will wrap an existing http.Handler so the Context of the request includes authentication information (if the request is authorized).

Updating and clearing the session cookie is automatically handled.

type HandlerConfig

type HandlerConfig struct {
	UserStore      *user.Store
	SessionKeyring keyring.Keyring
	APIKeyring     keyring.Keyring
	IntKeyStore    integrationkey.Store
	CalSubStore    *calendarsubscription.Store
}

HandlerConfig provides configuration for the auth handler.

type Identity

type Identity struct {
	// SubjectID should be a provider-specific identifier for an individual.
	SubjectID     string
	Email         string
	EmailVerified bool
	Name          string
}

Identity represents a user's proven identity.

type IdentityProvider

type IdentityProvider interface {
	Info(context.Context) ProviderInfo

	ExtractIdentity(*RouteInfo, http.ResponseWriter, *http.Request) (*Identity, error)
}

An IdentityProvider provides an option for a user to login (identify themselves).

Examples include user/pass, OIDC, LDAP, etc..

type ProviderInfo

type ProviderInfo struct {
	// Title is a user-viewable string for identifying this provider.
	Title string

	// LogoURL is the optional URL of an icon to display with the provider.
	LogoURL string `json:",omitempty"`

	// Fields holds a list of fields to include with the request.
	// The order specified is the order displayed.
	Fields []Field `json:",omitempty"`

	// Hidden indicates that the provider is not intended for user visibility.
	Hidden bool `json:"-"`

	// Enabled indicates that the provider is currently turned on.
	Enabled bool `json:"-"`
}

ProviderInfo holds the details for using a provider.

type RedirectURL

type RedirectURL string

RedirectURL is a convenience type that can be returned as an error resulting in redirection. It implements the error and Redirector interfaces.

func (RedirectURL) Error

func (RedirectURL) Error() string

func (RedirectURL) RedirectURL

func (r RedirectURL) RedirectURL() string

RedirectURL implements the Redirector interface.

type Redirector

type Redirector interface {
	RedirectURL() string
}

A Redirector provides a target URL for redirecting a user.

type RouteInfo

type RouteInfo struct {
	// Relative provides a path, relative to the base of the current
	// identity provider.
	RelativePath string

	// CurrentURL is calculated using the AuthRefererURLs and
	// the current auth attempt's referer. It does not include
	// query parameters of the current request.
	CurrentURL string
}

RouteInfo represents path information for the current request.

type UserSession added in v0.26.0

type UserSession struct {
	ID           string
	UserAgent    string
	CreatedAt    time.Time
	LastAccessAt time.Time
	UserID       string
}

UserSession represents an active user session.

Directories

Path Synopsis
Package basic implements a simple auth provider and backend that identifies a user via username & password combination.
Package basic implements a simple auth provider and backend that identifies a user via username & password combination.
Package github implements an auth provider and backend that identifies a user via github account.
Package github implements an auth provider and backend that identifies a user via github account.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL