auth

package

v1.13.0 Latest Latest Go to latest Published: Dec 24, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

blitiri.com.ar/git/r/chasquid

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth implements authentication services for chasquid.

Index ¶

func DecodeResponse(response string) (user, domain, passwd string, err error)
type Authenticator
- func NewAuthenticator() *Authenticator
type Backend
- func WrapNoErrorBackend(be NoErrorBackend) Backend
type NoErrorBackend

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeResponse ¶

func DecodeResponse(response string) (user, domain, passwd string, err error)

DecodeResponse decodes a plain auth response.

It must be a a base64-encoded string of the form:

<authorization id> NUL <authentication id> NUL <password>

https://tools.ietf.org/html/rfc4954#section-4.1.

Either both IDs match, or one of them is empty.

We split the id into user@domain, since in most cases we expect that to be the used form, and normalize them. If there is no domain, we just return "" for it. The rest of the stack will know how to handle it.

Types ¶

type Authenticator ¶

type Authenticator struct {

	// Fallback backend, to use when backends[domain] (which may not exist)
	// did not yield a positive result.
	// Note that this backend gets the user with the domain included, of the
	// form "user@domain" (if available).
	Fallback Backend

	// How long Authenticate calls should last, approximately.
	// This will be applied both for successful and unsuccessful attempts.
	// We will increase this number by 0-20%.
	AuthDuration time.Duration
	// contains filtered or unexported fields
}

Authenticator tracks the backends for each domain, and allows callers to query them with a more practical API.

func NewAuthenticator ¶

func NewAuthenticator() *Authenticator

NewAuthenticator returns a new Authenticator with no backends.

func (*Authenticator) Authenticate ¶

func (a *Authenticator) Authenticate(tr *trace.Trace, user, domain, password string) (bool, error)

Authenticate the user@domain with the given password.

func (*Authenticator) Exists ¶

func (a *Authenticator) Exists(tr *trace.Trace, user, domain string) (bool, error)

Exists checks that user@domain exists.

func (*Authenticator) Register ¶

func (a *Authenticator) Register(domain string, be Backend)

Register a backend to use for the given domain.

func (*Authenticator) Reload ¶

func (a *Authenticator) Reload() error

Reload the registered backends.

type Backend ¶

type Backend interface {
	Authenticate(user, password string) (bool, error)
	Exists(user string) (bool, error)
	Reload() error
}

Backend is the common interface for all authentication backends.

func WrapNoErrorBackend ¶

func WrapNoErrorBackend(be NoErrorBackend) Backend

WrapNoErrorBackend wraps a NoErrorBackend, converting it into a valid Backend. This is normally used in Auth.Register calls, to register no-error backends.

type NoErrorBackend ¶

type NoErrorBackend interface {
	Authenticate(user, password string) bool
	Exists(user string) bool
	Reload() error
}

NoErrorBackend is the interface for authentication backends that don't need to emit errors. This allows backends to avoid unnecessary complexity, in exchange for a bit more here. They can be converted to normal Backend using WrapNoErrorBackend (defined below).

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL