auth

package

v0.0.0-...-c407d37 Latest Latest Go to latest Published: Apr 12, 2024 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/transcom/mymove

Documentation ¶

Index ¶

Constants
func DeleteCSRFCookies(w http.ResponseWriter)
func DeleteCookie(w http.ResponseWriter, name string)
func GetExpiryTimeFromMinutes(min int64) time.Time
func MaskedCSRFMiddleware(useSecureCookie bool) func(next http.Handler) http.Handler
func SessionCookieMiddleware(globalLogger *zap.Logger, appnames ApplicationServername, ...) func(next http.Handler) http.Handler
func SessionIDFromContext(ctx context.Context) string
func SessionIDMiddleware(appnames ApplicationServername, sessionManagers AppSessionManagers) func(next http.Handler) http.Handler
func SetSessionInContext(ctx context.Context, session *Session) context.Context
func SetSessionInRequestContext(r *http.Request, session *Session) context.Context
func WriteMaskedCSRFCookie(w http.ResponseWriter, csrfToken string, useSecureCookie bool)
type AppSessionManagers
- func SetupSessionManagers(redisPool *redis.Pool, useSecureCookie bool, idleTimeout time.Duration, ...) AppSessionManagers
- func (a AppSessionManagers) SessionManagerForApplication(app Application) SessionManager
type Application
- func ApplicationName(hostname string, appnames ApplicationServername) (Application, error)
- func (a Application) IsAdminApp() bool
- func (a Application) IsMilApp() bool
- func (a Application) IsOfficeApp() bool
type ApplicationServername
type OktaSessionInfo
type ScsSessionManagerWrapper
- func (s ScsSessionManagerWrapper) Commit(ctx context.Context) (string, time.Time, error)
- func (s ScsSessionManagerWrapper) Destroy(ctx context.Context) error
- func (s ScsSessionManagerWrapper) Get(ctx context.Context, key string) interface{}
- func (s ScsSessionManagerWrapper) Load(ctx context.Context, token string) (context.Context, error)
- func (s ScsSessionManagerWrapper) LoadAndSave(next http.Handler) http.Handler
- func (s ScsSessionManagerWrapper) Put(ctx context.Context, key string, val interface{})
- func (s ScsSessionManagerWrapper) RenewToken(ctx context.Context) error
- func (s ScsSessionManagerWrapper) SessionCookie() scs.SessionCookie
- func (s ScsSessionManagerWrapper) Store() scs.Store
type Session
- func SessionFromContext(ctx context.Context) *Session
- func SessionFromRequestContext(r *http.Request) *Session
- func (s *Session) IsAdminApp() bool
- func (s *Session) IsAdminUser() bool
- func (s *Session) IsMilApp() bool
- func (s *Session) IsOfficeApp() bool
- func (s *Session) IsOfficeUser() bool
- func (s *Session) IsProgramAdmin() bool
- func (s *Session) IsServiceMember() bool
- func (s *Session) IsSystemAdmin() bool
type SessionManager

Constants ¶

View Source

const GorillaCSRFToken = "_gorilla_csrf"

GorillaCSRFToken is the name of the base CSRF token RA Summary: gosec - G101 - Password Management: Hardcoded Password RA: This line was flagged because it detected use of the word "token" RA: This line is used to identify the name of the token. GorillaCSRFToken is the name of the base CSRF token. RA: This variable does not store an application token. RA Developer Status: Mitigated RA Validator Status: Mitigated RA Validator: jneuner@mitre.org RA Modified Severity: CAT III #nosec G101

View Source

const MaskedGorillaCSRFToken = "masked_gorilla_csrf"

MaskedGorillaCSRFToken is the masked CSRF token used to send back in the 'X-CSRF-Token' request header

View Source

const SessionExpiryInMinutes = 15

SessionExpiryInMinutes is the number of minutes before a fallow session is harvested

Variables ¶

This section is empty.

Functions ¶

func DeleteCSRFCookies ¶

func DeleteCSRFCookies(w http.ResponseWriter)

DeleteCSRFCookies deletes the base and masked CSRF cookies

func DeleteCookie ¶

func DeleteCookie(w http.ResponseWriter, name string)

DeleteCookie sends a delete request for the named cookie

func GetExpiryTimeFromMinutes ¶

func GetExpiryTimeFromMinutes(min int64) time.Time

GetExpiryTimeFromMinutes returns 'min' minutes from now

func MaskedCSRFMiddleware ¶

func MaskedCSRFMiddleware(useSecureCookie bool) func(next http.Handler) http.Handler

MaskedCSRFMiddleware handles setting the CSRF Token cookie

func SessionCookieMiddleware ¶

func SessionCookieMiddleware(globalLogger *zap.Logger, appnames ApplicationServername, sessionManagers AppSessionManagers) func(next http.Handler) http.Handler

SessionCookieMiddleware handle serializing and de-serializing the session between the user_session cookie and the request context

func SessionIDFromContext ¶

func SessionIDFromContext(ctx context.Context) string

func SessionIDMiddleware ¶

func SessionIDMiddleware(appnames ApplicationServername, sessionManagers AppSessionManagers) func(next http.Handler) http.Handler

func SetSessionInContext ¶

func SetSessionInContext(ctx context.Context, session *Session) context.Context

SetSessionInContext modifies the context to add the session data.

func SetSessionInRequestContext ¶

func SetSessionInRequestContext(r *http.Request, session *Session) context.Context

SetSessionInRequestContext modifies the request's Context() to add the session data

func WriteMaskedCSRFCookie ¶

func WriteMaskedCSRFCookie(w http.ResponseWriter, csrfToken string, useSecureCookie bool)

WriteMaskedCSRFCookie update the masked_gorilla_csrf cookie value

Types ¶

type AppSessionManagers ¶

type AppSessionManagers struct {
	Mil    SessionManager
	Office SessionManager
	Admin  SessionManager
}

func SetupSessionManagers ¶

func SetupSessionManagers(redisPool *redis.Pool, useSecureCookie bool, idleTimeout time.Duration, lifetime time.Duration) AppSessionManagers

SetupSessionManagers configures the session manager for each app: mil, admin, and office. It's necessary to have separate session managers to allow users to be signed in on multiple apps at the same time.

func (AppSessionManagers) SessionManagerForApplication ¶

func (a AppSessionManagers) SessionManagerForApplication(app Application) SessionManager

sessionManagerForSession returns the appropriate session manager for the session

type Application ¶

type Application string

Application describes the application name

const (
	// OfficeApp indicates office.move.mil
	OfficeApp Application = "office"
	// MilApp indicates my.move.mil (DNS still points to my.move.mil and not mil.move.mil)
	MilApp Application = "mil"
	// AdminApp indicates admin.move.mil
	AdminApp Application = "admin"
)

func ApplicationName ¶

func ApplicationName(hostname string, appnames ApplicationServername) (Application, error)

ApplicationName returns the application name given the hostname

func (Application) IsAdminApp ¶

func (a Application) IsAdminApp() bool

IsAdminApp returns true if the application is the admin app

func (Application) IsMilApp ¶

func (a Application) IsMilApp() bool

IsMilApp returns true if the application is the mil app

func (Application) IsOfficeApp ¶

func (a Application) IsOfficeApp() bool

IsOfficeApp returns true if the application is the office app

type ApplicationServername ¶

type ApplicationServername struct {
	MilServername    string
	OfficeServername string
	AdminServername  string
	OrdersServername string
	PrimeServername  string
}

ApplicationServername is a collection of all the servernames for the application

type OktaSessionInfo ¶

type OktaSessionInfo struct {
	Login                 string
	Email                 string
	FirstName             string
	LastName              string
	Edipi                 string
	Sub                   string
	SignedInWithSmartCard bool
}

type ScsSessionManagerWrapper ¶

type ScsSessionManagerWrapper struct {
	ScsSessionManager *scs.SessionManager
}

func (ScsSessionManagerWrapper) Commit ¶

func (s ScsSessionManagerWrapper) Commit(ctx context.Context) (string, time.Time, error)

func (ScsSessionManagerWrapper) Destroy ¶

func (s ScsSessionManagerWrapper) Destroy(ctx context.Context) error

func (ScsSessionManagerWrapper) Get ¶

func (s ScsSessionManagerWrapper) Get(ctx context.Context, key string) interface{}

func (ScsSessionManagerWrapper) Load ¶

func (s ScsSessionManagerWrapper) Load(ctx context.Context, token string) (context.Context, error)

func (ScsSessionManagerWrapper) LoadAndSave ¶

func (s ScsSessionManagerWrapper) LoadAndSave(next http.Handler) http.Handler

func (ScsSessionManagerWrapper) Put ¶

func (s ScsSessionManagerWrapper) Put(ctx context.Context, key string, val interface{})

func (ScsSessionManagerWrapper) RenewToken ¶

func (s ScsSessionManagerWrapper) RenewToken(ctx context.Context) error

func (ScsSessionManagerWrapper) SessionCookie ¶

func (s ScsSessionManagerWrapper) SessionCookie() scs.SessionCookie

func (ScsSessionManagerWrapper) Store ¶

func (s ScsSessionManagerWrapper) Store() scs.Store

type Session ¶

type Session struct {
	ApplicationName Application
	Hostname        string
	IDToken         string
	UserID          uuid.UUID
	Email           string
	FirstName       string
	Middle          string
	LastName        string
	ServiceMemberID uuid.UUID
	OfficeUserID    uuid.UUID
	AdminUserID     uuid.UUID
	AdminUserRole   string
	Roles           roles.Roles
	Permissions     []string
	AccessToken     string
	ClientID        string
	OktaSessionInfo OktaSessionInfo
}

Session stores information about the currently logged in session

func SessionFromContext ¶

func SessionFromContext(ctx context.Context) *Session

SessionFromContext gets the reference to the Session stored in the request.Context()

func SessionFromRequestContext ¶

func SessionFromRequestContext(r *http.Request) *Session

SessionFromRequestContext gets the reference to the Session stored in the request.Context()

func (*Session) IsAdminApp ¶

func (s *Session) IsAdminApp() bool

IsAdminApp returns true iff the request is for the admin.move.mil host

func (*Session) IsAdminUser ¶

func (s *Session) IsAdminUser() bool

IsAdminUser checks whether the authenticated user is an AdminUser

func (*Session) IsMilApp ¶

func (s *Session) IsMilApp() bool

IsMilApp returns true iff the request is for the my.move.mil host

func (*Session) IsOfficeApp ¶

func (s *Session) IsOfficeApp() bool

IsOfficeApp returns true iff the request is for the office.move.mil host

func (*Session) IsOfficeUser ¶

func (s *Session) IsOfficeUser() bool

IsOfficeUser checks whether the authenticated user is an OfficeUser

func (*Session) IsProgramAdmin ¶

func (s *Session) IsProgramAdmin() bool

IsProgramAdmin checks whether the authenticated admin user is a program admin

func (*Session) IsServiceMember ¶

func (s *Session) IsServiceMember() bool

IsServiceMember checks whether the authenticated user is a ServiceMember

func (*Session) IsSystemAdmin ¶

func (s *Session) IsSystemAdmin() bool

IsSystemAdmin checks whether the authenticated admin user is a system admin

type SessionManager ¶

type SessionManager interface {
	Get(context.Context, string) interface{}
	Put(context.Context, string, interface{})
	Destroy(context.Context) error
	RenewToken(context.Context) error
	Commit(context.Context) (string, time.Time, error)
	Load(context.Context, string) (context.Context, error)
	LoadAndSave(http.Handler) http.Handler
	Store() scs.Store
	SessionCookie() scs.SessionCookie
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL