package module
v1.1.17 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 7, 2024 License: MIT Imports: 13 Imported by: 0


Bronzecod SSO SDK

Go Reference

Provides an interface to the bronzecod SSO server REST API for managing

  • User accounts
  • User Sessions
  • Teams and Members
  • API Accounts
  • Permission list and access
  • Organisation/enterprise entities


To connect to the API, you will need your API account API Key, API Secret, the baseURL for your platforms deployment.
With these, call Dial to create a new API connection and validate the credentials access.

    connection, err := sso.Dial("", apiKey, apiSecret, nil)
    if err != nil {
        // handle connection error
        // common causes:
        //   - incorrect baseURL
        //   - incorrect credentials
        //   - server running outside APIs configured whitelist

    // use API connection here

If required, TLS configuration can be provided with the 4th argument.


Each method in the SDK wraps the corresponding API endpoint in the reference manual provided with your deployment.
For specifics of each call, consult that manual.

Documentation on this specific package can be found in the Go reference documentation Go Reference



Package sso is a golang SDK for the Bronzecod SSO platforms REST API

it provides type safe bindings for the APIs core features and entities as well as the various API endpoints available to get, enumerate and mutate them.



This section is empty.


View Source
var (
	ErrQueryNoSubject = errors.New("must supply a source, target or product to query")


This section is empty.


type APIEndpoints added in v1.1.1

type APIEndpoints interface {

	// APICheckCredentials attempts to get an API user by its provided Key
	// checking its credentials match, it has access to the provided service key
	// and the IP is valid in its whitelist.
	// it returns the API if the above conditions are met, or an error explaining the conditions failed
	APICheckCredentials(key, secret, ip, service string) (APIUser, error)

	// APIPlatformList returns a list of API users for the platform the requester is part of
	// on the condition the requesting API is one authorized to do so.
	// else it returns an error
	APIPlatformList() ([]APIUser, error)

	// APIGet will attempt to get an API by its canonical UUID, so long as it is part of the same platform as the requestor
	// and the requestor has permission to make the request.
	APIGet(id uuid.UUID) (APIUser, error)

	// APIList returns a list of platform APIs whose IDs are found in the provided list
	APIList(ids []uuid.UUID) ([]APIUser, error)

	// APICreate will create a new API user in the platform with the provided details
	// the APIs key is generated during creation and is found in the returned APIUser.
	APICreate(email, name, password string, whitelist []APIWhitelistEntry, permissions map[string]string, product uuid.UUID) (APIUser, error)

	// APIUpdateDetails updates the identified APIs details with the provided name and contact email
	APIUpdateDetails(id uuid.UUID, name, email string) error

	// APIUpdatePermissions updates the identified APIs access permission map with the provided set
	// if merge is true, the existing permissions will be merged with the provided set
	// otherwise it will replace the permissions entirely with those provided
	APIUpdatePermissions(id uuid.UUID, permissions map[string]string, merge bool) error

	// APIDelete removes an APIUser from the platform,
	// also deleting all owned by the API user, and all permissions pointing to it.
	// If the API user is owner of a target (has "Owner"=>"true" permission flag) this process will abort
	APIDelete(id uuid.UUID) error

type APIUser

type APIUser struct {
	ID           uuid.UUID           `json:"id"`
	CreatedAt    time.Time           `json:"createdAt"`
	UpdatedAt    time.Time           `json:"updatedAt"`
	Key          string              `json:"key"`
	Email        string              `json:"email"`
	Name         string              `json:"name"`
	Platform     uuid.UUID           `json:"platform"`
	Permission   string              `json:"permission"`
	Whitelist    []APIWhitelistEntry `json:"whitelist"`
	Organisation *uuid.UUID          `json:"organisation"`

APIUser represents a set of API credentials existing in a platform

type APIWhitelistEntry

type APIWhitelistEntry struct {
	Label string               `json:"label"`
	Type  APIWhitelistRuleType `json:"type"`
	Rule  string               `json:"rule"`

APIWhitelistEntry represents a single rule in an APIs whitelist

type APIWhitelistRuleType

type APIWhitelistRuleType string

APIWhitelistRuleType is a string enumeration of supported rule types for API Whitelists

const (
	// APIWhitelistTypeIP indicates a whitelist rule whitelists a single IP address
	APIWhitelistTypeIP APIWhitelistRuleType = "ipAddress"
	// APIWhitelistTypeRange indicates a whitelist rule whitelists a range of IP addresses
	APIWhitelistTypeRange APIWhitelistRuleType = "ipRange"
	// APIWhitelistTypeRegex indicates a whitelist rule allows all IP addresses that match the rules regular expression
	APIWhitelistTypeRegex APIWhitelistRuleType = "regex"

list of API Whitelist Rule Types

type Connection

type Connection interface {

	// SetCache sets a cache manager to allow api calls to be cached and reduce round trip times for common queries
	SetCache(cache bufferCache.BufferCache)
	// GetID gets the ID of the API user the SDK is connected as
	GetID() uuid.UUID
	// GetPlatformID gets the ID of the white label platform the API is connected as a part of
	GetPlatformID() uuid.UUID
	// GetHost gets the default hostname the platform is configured for
	GetHost() string
	// GetCookieKey gets the key the platform is configured for its session cookies to use
	GetCookieKey() string
	// UtilGetCookie gets the value of the cookie on the provided request (if it exists) that corresponds to a session
	// in this APIs platform
	UtilGetCookie(r *http.Request) string
	// UtilGetChildPlatformCookie gets the value of the cookie on the provided request (if it exists) that corresponds to
	// a session on the identified platform so long as that platform is either the current one, or one of its child platforms
	UtilGetChildPlatformCookie(r *http.Request, platform uuid.UUID) (string, error)
	// UtilSetSessionCookie sets a session cookie for this platform, equivalent to the user logging in through the dashboard
	UtilSetSessionCookie(w http.ResponseWriter, domain, path string, session Session)

Connection is an instance of a connection to the bronzecod SSO server each function corresponds to a synchronous API call to the server

func Dial

func Dial(baseurl, user, password string, tls *tls.Config) (Connection, error)

Dial a new connection to a bronzecod sso instance

type Membership

type Membership struct {
	CreateAt  time.Time  `json:"createAt"`
	UpdatedAt time.Time  `json:"updatedAt"`
	DeletedAt *time.Time `json:"deletedAt"`
	Team      uuid.UUID  `json:"team"`
	User      uuid.UUID  `json:"user"`
	Label     string     `json:"label"`
	Email     string     `json:"email"`
	Admin     bool       `json:"admin"`

Membership respresents a users access to a team

type Notification added in v1.1.9

type Notification struct {
	ID          uuid.UUID            `json:"id"`
	CreatedAt   time.Time            `json:"createdAt"`
	UpdatedAt   time.Time            `json:"updatedAt"`
	DeletedAt   *time.Time           `json:"deletedAt"`
	Platform    uuid.UUID            `json:"platform"`
	Source      *uuid.UUID           `json:"source"`
	Target      []uuid.UUID          `json:"target"`
	Type        string               `json:"type"`
	Title       string               `json:"title"`
	Description string               `json:"description"`
	Actions     []NotificationAction `json:"actions"`

Notification represents a notification visible to a user in their dashboard containing details for visualization in the dashboard and who it is visible too

type NotificationAction added in v1.1.9

type NotificationAction struct {
	Type  string `json:"type"`
	Label string `json:"label"`
	Event string `json:"event"`

NotificationAction define action buttons presented as part of a notification in the dashboard

type NotificationEndpoints added in v1.1.9

type NotificationEndpoints interface {

	// NotificationNew creates a new notification in the platform with the given details
	// the source is optional for read/display, an empty target list will create a platform wide notification
	// the remaining type, title, description and actions are used for rendering the notification in the user dashboard
	NotificationNew(source *uuid.UUID, targets []uuid.UUID, msgType, title, description string, actions []NotificationAction, platform *uuid.UUID) (Notification, error)

	// NotificationDelete deletes the identified notification from the platform, removing it from all users visibility
	NotificationDelete(id uuid.UUID) error

type Organisation added in v1.1.0

type Organisation struct {
	ID              uuid.UUID `json:"id"`
	CreatedAt       time.Time `json:"createdAt"`
	UpdatedAt       time.Time `json:"updatedAt"`
	Platform        uuid.UUID `json:"platform"`
	Name            string    `json:"name"`
	UserLimit       int       `json:"userLimit"`
	TeamLimit       int       `json:"teamLimit"`
	PermissionLimit int       `json:"permissionLimit"`

Organisation represents a user facing organisational unit, used for building enterprise entities in consumer facing dashboards. An organisation consists of public facing identifiers (name and logo) and a set of constraints on the number of users, teams and permissions that may exist as members of an organisation (a value of 0 denotes no limitation).

Teams are the base unit attached to an organisation and are limited directly Users are counted as unique users that are members of those teams, and Permissions are counted as permissions to unique targets from those teams

type OrganisationEndpoints added in v1.1.1

type OrganisationEndpoints interface {

	// OrganisationList will load all organisations in the platform
	OrganisationList() ([]Organisation, error)

	// OrganisationsUserManages will load all organisations the identified user is a manager of
	OrganisationsUserManages(userID uuid.UUID) ([]Organisation, error)

	// OrganisationsUserMember will load all organisations the identified user is a member of
	OrganisationsUserMember(userID uuid.UUID) ([]Organisation, error)

	// OrganisationGet will load the identified organisation from the platform
	OrganisationGet(id uuid.UUID) (Organisation, error)

	// OrganisationGetManagers will load all the memberships identifying the managers of the identified organisation
	OrganisationGetManagers(orgID uuid.UUID) ([]Membership, error)

	// OrganisationGetUsers will load all users who are members of the identified organisation
	OrganisationGetUsers(orgID uuid.UUID) ([]User, error)

	// OrganisationGetTeams will load all teams making a part of the organisation
	OrganisationGetTeams(orgID uuid.UUID) ([]Team, error)

	// OrganisationHasManager checks if the identified user is a manager of the identified organisation
	OrganisationHasManager(orgID, userID uuid.UUID) (bool, error)

	// OrganisationManagerToEntity checks if the identified manager, manages the organisation containing the user,api or team targeted
	OrganisationManagerToEntity(managerID, targetID uuid.UUID) (bool, error)

	// OrganisationNew creates a new organisation in the platform with the given name logo and constraints
	// any teams whose ID are in the provided list will be added to the organisation
	// (unless they are part of another organisation, which will generate an error)
	OrganisationNew(name, logo string, userLimit, teamLimit, permissionLimit int, teamIDs []uuid.UUID) (Organisation, error)

	// OrganisationUpdateDetails will update the identified organisation's name and logo
	OrganisationUpdateDetails(id uuid.UUID, name, logo string) error

	// OrganisationUpdateConstraints will update the identified organisations constraint limits on the number of users,
	// teams and permissions it may have
	OrganisationUpdateConstraints(id uuid.UUID, userLimit, teamLimit, permissionLimit int) error

	// OrganisationDelete will delete the identified organisation, removing its teams from it, but without deleting them
	OrganisationDelete(id uuid.UUID) error

	// OrganisationTeamAddExisting will add an existing team to the identified organisation
	OrganisationTeamAddExisting(orgID, teamID uuid.UUID) error

	// OrganisationTeamAddNew will create a new team in the organisation with the provided name and first admin member
	OrganisationTeamAddNew(orgID uuid.UUID, teamName string, firstMember uuid.UUID) error

	// OrganisationTeamRemove will remove the identified team from the identified organisation
	OrganisationTeamRemove(orgID, teamID uuid.UUID) error

	// OrganisationManagerAdd will add the specified user as a manager of the organisation
	OrganisationManagerAdd(orgID, userID uuid.UUID) error

	OrganisationManagerUpdateLabels(orgID, manager uuid.UUID, name, email string) error

	// OrganisationManagerSetAdmin will change the identified manager of an organisations status as an administrator
	// of that organisation to the provided value
	OrganisationManagerSetAdmin(orgID, manager uuid.UUID, admin bool) error

	// OrganisationManagerRemove will remove the provided user as a manager of the organisation
	OrganisationManagerRemove(orgID, user uuid.UUID) error

type PageDetails

type PageDetails struct {
	Page int
	Size int

PageDetails wraps pagination requests that either limit the number of results returned to "Size" and/or offset the results to "Page" increments of size (starting at 0)

type Permission

type Permission struct {
	ID        uint              `json:"id"`
	CreateAt  time.Time         `json:"createAt"`
	UpdatedAt time.Time         `json:"updatedAt"`
	DeletedAt *time.Time        `json:"deletedAt"`
	Product   uuid.UUID         `json:"product"`
	Title     string            `json:"title"`
	Source    uuid.UUID         `json:"source"`
	Target    uuid.UUID         `json:"target"`
	Access    map[string]string `json:"access"`
	Name      string            `json:"name,omitempty"` // name of the source team/user/api if known
	Type      PermissionType    `json:"type,omitempty"` // type of source, see below

Permission is the access of a user/team to a given target

type PermissionEndpoints added in v1.1.1

type PermissionEndpoints interface {

	// PermissionSubjectsAvailable returns a list of subjects (teams, users, apis) that are available as permission
	// subjects in your platform (intended for use in administrative tools only, no scoping is provided)
	PermissionSubjectsAvailable(types []PermissionType, childPlatform *uuid.UUID) ([]PermissionSubject, error)

	// PermissionSubjectsGet returns a single subject (team, user or api) that has the corresponding ID in your platform
	PermissionSubjectsGet(id uuid.UUID) (PermissionSubject, error)

	// PermissionOwner gets the current owner permission for the provided target
	PermissionOwner(target uuid.UUID) (Permission, error)

	// PermissionLinks gets a list of all permissions that give source access to target
	PermissionLinks(source, target uuid.UUID, page *PageDetails) ([]Permission, error)

	// PermissionListForTarget gets a list of all permissions that target the identified target.
	// if a list of products is specified, only permissions of those products will be returned.
	// an empty array or nil will return all permissions for the target
	PermissionListForTarget(target uuid.UUID, products []uuid.UUID, page *PageDetails) ([]Permission, error)

	// PermissionListForSource gets a list of all permissions the provided source has.
	// if a product is provided it will limit the results to only permissions of that product type.
	// a nil product will return all permissions for the source
	PermissionListForSource(source uuid.UUID, product *uuid.UUID, page *PageDetails) ([]Permission, error)

	// PermissionQuery conducts a generic query of permissions within the callers platform
	PermissionQuery(query PermissionQuery) ([]Permission, error)

	// PermissionNew creates a new permission giving source access to target.
	// identifies the product this permission belongs to and sets the current label and access permissions
	PermissionNew(source, target, product uuid.UUID, label string, permissions map[string]string) (Permission, error)

	// PermissionNewBatch creates a list of new permissions for a group of sources to a given target
	PermissionNewBatch(sources []uuid.UUID, target, product uuid.UUID, label string, permissions map[string]string) (Permission, error)

	// PermissionRename renames all permissions for a given target to reflect a change in targets identifiable name
	PermissionRename(target uuid.UUID, label string) error

	// PermissionUpdate updates the identified permissions access rules
	// if merge is true, the provided list will keep existing rules, only overriding those defined here
	// if false, the permissions are set to the provided map
	// NOTE: this will never change the ownership flag
	PermissionUpdate(id uint, permission map[string]string, merge bool) error

	// PermissionUpdateForTarget will merge the provided permission map for all permissions to the target of the given product
	// NOTE: this will never change the ownership flag
	PermissionUpdateForTarget(target uuid.UUID, permission map[string]string, product uuid.UUID) error

	// PermissionTransferOwnership will transfer the current owner of target to recipient
	// NOTE: only one permission for a target may be owner at a time
	PermissionTransferOwnership(target, recipient uuid.UUID) error

	// PermissionDelete will remove a given permission and its associated access
	PermissionDelete(id uint) error

	// PermissionDeleteLinks will remove all direct permissions from source to target
	// NOTE: this will not alter indirect permissions such as a users access to target through a team they are a member of
	PermissionDeleteLinks(source, target uuid.UUID) error

	// PermissionDeleteTarget will delete all permissions referencing target, optionally restricted to the listed product families
	PermissionDeleteTarget(target uuid.UUID, products []uuid.UUID) error

	// PermissionDeleteBatch will delete all permissions in the provided list of IDs
	PermissionDeleteBatch(ids []uint) error

type PermissionQuery

type PermissionQuery struct {
	// contains filtered or unexported fields

PermissionQuery wraps the details to query platform permissions by source, target or product, with further optional query by access keys subject to different conditions

NOTE: permission conditions behave as a logical OR with each other i.e. "Owner" equals "true" OR "Admin" equals "true" OR "team" has token "edit-members"

func PermissionQueryByProduct

func PermissionQueryByProduct(id uuid.UUID) *PermissionQuery

PermissionQueryByProduct creates a new query that will return permissions with the given product

func PermissionQueryBySource

func PermissionQueryBySource(id uuid.UUID) *PermissionQuery

PermissionQueryBySource creates a new query that will return permissions with the given source

func PermissionQueryByTarget

func PermissionQueryByTarget(id uuid.UUID) *PermissionQuery

PermissionQueryByTarget creates a new query that will return permissions with the given target

func (*PermissionQuery) AccessEqual

func (q *PermissionQuery) AccessEqual(key string, value string) *PermissionQuery

AccessEqual queries for permissions who's permissions under the given key exactly matches the provided value

func (*PermissionQuery) AccessHas

func (q *PermissionQuery) AccessHas(key string, value string) *PermissionQuery

AccessHas queries for permissions that have a given token in the given access key

func (*PermissionQuery) AccessLike

func (q *PermissionQuery) AccessLike(key string, value string) *PermissionQuery

AccessLike queries for permissions that have a matching token (or partial token) in the given access key

func (*PermissionQuery) AccessPresent

func (q *PermissionQuery) AccessPresent(key string) *PermissionQuery

AccessPresent queries for permissions that have the provided permission key present in any form

func (*PermissionQuery) IsValid

func (q *PermissionQuery) IsValid() bool

IsValid returns whether the provided query is a valid query that can be executed

func (*PermissionQuery) Limit

func (q *PermissionQuery) Limit(limit int) *PermissionQuery

func (*PermissionQuery) Page

func (q *PermissionQuery) Page(page int) *PermissionQuery

func (*PermissionQuery) Product

func (q *PermissionQuery) Product(id uuid.UUID) *PermissionQuery

Product sets the query to only find permissions of the given product

func (*PermissionQuery) Source

func (q *PermissionQuery) Source(id uuid.UUID) *PermissionQuery

Source sets the query to find permissions with the given source

func (*PermissionQuery) Target

func (q *PermissionQuery) Target(id uuid.UUID) *PermissionQuery

Target sets the query to find permissions with the given target

type PermissionSubject

type PermissionSubject struct {
	ID           uuid.UUID      `json:"id"`
	CreatedAt    time.Time      `json:"createdAt"`
	UpdatedAt    time.Time      `json:"updatedAt"`
	Name         string         `json:"name"`
	Email        string         `json:"email"`
	Type         PermissionType `json:"type"`
	Platform     uuid.UUID      `json:"platform"`
	Organisation *uuid.UUID     `json:"organisation"`

type PermissionType

type PermissionType string

PermissionType is the type of entity that has access to the target

const (
	// PermissionTypeUnknown the source of the permission is not recorded in the platforms sso
	PermissionTypeUnknown PermissionType = "unknown"
	// PermissionTypeTeam the source of the permission is a group/team
	PermissionTypeTeam PermissionType = "team"
	// PermissionTypeUser the source of the permission is a user account
	PermissionTypeUser PermissionType = "user"
	// PermissionTypeAPI the source of the permission is an API account
	PermissionTypeAPI PermissionType = "api"

type Session

type Session struct {
	Key       string    `json:"key"`
	CreatedAt time.Time `json:"createdAt"`
	Expires   time.Time `json:"expires"`
	Revoked   bool      `json:"revoked"`
	UserID    uuid.UUID `json:"userID"`
	Component string    `json:"component"`

Session represents a current user session, where key is the value stored in the cookie

type SessionEndpoints added in v1.1.1

type SessionEndpoints interface {

	// SessionList will list all sessions that correspond to the provided user ID
	// component will optionally restrict the returned sessions to that component, use an empty string ("") for all
	SessionList(user uuid.UUID, component string) ([]Session, error)

	// SessionCheck checks if the given session token is valid
	SessionCheck(token string) (bool, error)

	// SessionKey will get the current platforms session key (cookie key), or, if a parent platform,
	// the session key of one of it child platforms
	SessionKey(platform *uuid.UUID) (string, error)

	// SessionLogin creates a new session for a user given the provided credentials
	// component namespaces the session and represents the tool/platform the session exists for.
	// the default is "Web", common alternatives are "Mobile-App", "Desktop" and "Admin-Portal"
	// The return values are
	// the user the credentials correspond to
	// the session key to assign to a cookie or other mechanism to identify the new session
	// any errors encountered processing the request
	SessionLogin(username, password, component string) (User, Session, error)

	// SessionLogout till terminate the session corresponding to the provided key, making it invalid for further authentication
	SessionLogout(key string) error

	// SessionRevokeOther will revoke all of a users sessions other than the one with the provided session key
	// component may be used to restrict that to a certain component, if an empty string, it will revoke sessions in all components
	SessionRevokeOther(key, component string) error

	// SessionExtend will extend the session with the provided key to the current time + the platforms configured extension time (see platform config)
	SessionExtend(key string) error

	// SessionMigrateRequest creates a session migration token and url.
	// to migrate a users session to the new domain, redirect them to the provided URL
	// after authenticating their account, they will be redirected to returnURL with the additional
	// query parameter `return` which should match token.
	// Pass the value of return to SessionMigrateResolve to retrieve the user and session details, so they
	// may be applied to the new domain
	SessionMigrateRequest(returnURL, component string) (token string, url string, err error)

	// SessionMigrateResolve will collect the session migration data corresponding to the provided token
	// to initiate a migrate request see SessionMigrateRequest
	SessionMigrateResolve(token string) (User, Session, error)

type Team

type Team struct {
	ID           uuid.UUID    `json:"id"`
	Name         string       `json:"name"`
	Admin        *bool        `json:"admin,omitempty"`
	Members      []Membership `json:"members"`
	Organisation *uuid.UUID   `json:"organisation"`

Team represents a group of users/apis that have access to entities as a group

type TeamsEndpoints added in v1.1.1

type TeamsEndpoints interface {

	// TeamGet will load a team from the platform with the given ID
	TeamGet(id uuid.UUID) (Team, error)

	// TeamPlatform will load all teams in the current platform
	TeamPlatform() ([]Team, error)

	// TeamListForUser will list all teams the identified user has access too
	TeamListForUser(userID uuid.UUID) ([]Team, error)

	// TeamMemberExists identifies if a given User is a member of the given Team
	TeamMemberExists(team, user uuid.UUID) (bool, error)

	// TeamMemberGet retrieves a users membership to a team
	TeamMemberGet(team, user uuid.UUID) (Membership, error)

	// TeamMemberListForTeam lists all memberships for the identified team
	TeamMemberListForTeam(team uuid.UUID) ([]Membership, error)

	// TeamMemberListForUser lists all memberships a given user has
	TeamMemberListForUser(userID uuid.UUID) ([]Membership, error)

	// TeamNew creates a new team in the platform with the given name
	// creating it first user (and admin) as initialUser
	TeamNew(name string, initialUser uuid.UUID) (Team, error)

	// TeamRename renames the identified team to the provided new name
	TeamRename(id uuid.UUID, newName string) error

	TeamSetOrganisation(id uuid.UUID, orgID *uuid.UUID) error

	// TeamDelete removes a team from the platform, removing all its memberships and permissions
	TeamDelete(id uuid.UUID) error

	// TeamMemberAdd adds a new member to the team (not as an admin),
	// member should be a User or APIUser
	TeamMemberAdd(team, member uuid.UUID) (Membership, error)

	// TeamMemberUpdateLabels will update the display name and contact email for a membership
	// NOTE: this is a fallback for legacy platforms, Users and APIUsers will automatically update
	// their corresponding memberships when their details are updated.
	TeamMemberUpdateLabels(team, member uuid.UUID, name, email string) error

	// TeamMemberSetAdmin will set the team members admin status within the team
	TeamMemberSetAdmin(team, member uuid.UUID, admin bool) error

	// TeamMemberRemove will remove the given member from the team
	TeamMemberRemove(team, member uuid.UUID) error

type User

type User struct {
	ID           uuid.UUID         `json:"id"`
	CreatedAt    time.Time         `json:"createdAt"`
	UpdatedAt    time.Time         `json:"updatedAt"`
	API          uuid.UUID         `json:"api"`
	Email        string            `json:"email"`
	Name         string            `json:"name"`
	SignupIP     string            `json:"signupIP"`
	Admin        bool              `json:"admin"`
	Banned       bool              `json:"banned"`
	Confirmed    bool              `json:"confirmed"`
	Metadata     map[string]string `json:"metadata"`
	Organisation *uuid.UUID        `json:"organisation"`

User represents a set of account credentials for a human user of a platform and authentication for the platforms auth portal.

type UserEndpoints added in v1.1.1

type UserEndpoints interface {

	// UserExists checks if a user exists in the callers platform with the provided username
	UserExists(username string) (bool, error)

	// UserGet loads a user from the callers platform that has the provided ID (if one exists)
	UserGet(id uuid.UUID) (User, error)

	// UserGetUsername loads a user from the callers platform by their username (if one exists)
	UserGetUsername(username string) (User, error)

	// UserGetSession loads the user in the callers platform for which the provided cookie token applies (if valid)
	UserGetSession(cookie string) (bool, User, error)

	// UsersPlatform loads the list of all users on the callers platform
	UsersPlatform() ([]User, error)

	// UserSignup creates a new user with the provided details in the callers platform
	UserSignup(name, email, password, signupIP string) (User, error)

	// UserUpdate updates a platform user corresponding to the provided ID, updating their name and contact email
	// as well as those of all memberships that user has
	UserUpdate(id uuid.UUID, name, email string) error

	// UserBan updates a platform users banned status to the provided state
	UserBan(id uuid.UUID, state bool) error

	UserSetOrganisation(id uuid.UUID, orgID *uuid.UUID) error

	// UserDelete removes a user and all their memberships and permissions from the platform
	UserDelete(id uuid.UUID) error

	// UserTermsAccept adds a Terms and Conditions acceptance flag to the identified user for the latest configured terms
	UserTermsAccept(id uuid.UUID) error

	// UserPasswordReset sends a password reset request email to the identified platform user
	UserPasswordReset(id uuid.UUID) error

	// UserReconfirm sends an email confirmation email to the identified platform user, setting their confirmation status to false if it is not already
	UserReconfirm(id uuid.UUID) error

	// UserUnlock resets the "locked till" time on a user caused by too many failed login attempts
	UserUnlock(id uuid.UUID) error

	// UserUpdateMetadata sets the users metadata properties to the provided map
	UserUpdateMetadata(id uuid.UUID, metadata map[string]string) error

	// UserMergeMetadata merges the provided metadata map with the users metadata
	UserMergeMetadata(id uuid.UUID, metadata map[string]string) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL