auth

package
v1.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2022 License: MIT Imports: 26 Imported by: 13

Documentation

Index

Constants

View Source
const BasicMethodName = "basic"

BasicMethodName is the constant name of the basic authentication method

View Source
const ReverseProxyMethodName = "reverse_proxy"

ReverseProxyMethodName is the constant name of the ReverseProxy authentication method

Variables

This section is empty.

Functions

func CheckOAuthAccessToken

func CheckOAuthAccessToken(accessToken string) int64

CheckOAuthAccessToken returns uid of user from oauth token

func DeleteSource added in v1.16.0

func DeleteSource(source *auth.Source) error

DeleteSource deletes a AuthSource record in DB.

func Free

func Free()

Free should be called exactly once when the application is terminating to allow Auth plugins to release necessary resources

func Init

func Init()

Init should be called exactly once when the application starts to allow plugins to allocate necessary resources

func Register

func Register(method Method)

Register adds the specified instance to the list of available methods

func SessionUser

func SessionUser(sess SessionStore) *user_model.User

SessionUser returns the user object corresponding to the "uid" session variable.

func SyncExternalUsers added in v1.16.0

func SyncExternalUsers(ctx context.Context, updateExisting bool) error

SyncExternalUsers is used to synchronize users with external authorization source

func UserSignIn added in v1.16.0

func UserSignIn(username, password string) (*user_model.User, *auth.Source, error)

UserSignIn validates user name and password.

Types

type Basic

type Basic struct {
}

Basic implements the Auth interface and authenticates requests (API requests only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization" header.

func (*Basic) Name

func (b *Basic) Name() string

Name represents the name of auth method

func (*Basic) Verify

func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User

Verify extracts and validates Basic data (username and password/token) from the "Authorization" header of the request and returns the corresponding user object for that name/token on successful validation. Returns nil if header is empty or validation fails.

type DataStore

type DataStore middleware.DataStore

DataStore represents a data store

type Freeable added in v1.16.0

type Freeable interface {
	// Free should be called exactly once before application closes, in order to
	// give chance to the plugin to free any allocated resources
	Free() error
}

Freeable represents a structure that is required to be freed

type Group

type Group struct {
	// contains filtered or unexported fields
}

Group implements the Auth interface with serval Auth.

func NewGroup

func NewGroup(methods ...Method) *Group

NewGroup creates a new auth group

func (*Group) Free

func (b *Group) Free() error

Free does nothing as the Basic implementation does not have to release any resources

func (*Group) Init

func (b *Group) Init() error

Init does nothing as the Basic implementation does not need to allocate any resources

func (*Group) Verify

func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User

Verify extracts and validates

type Initializable added in v1.16.0

type Initializable interface {
	// Init should be called exactly once before using any of the other methods,
	// in order to allow the plugin to allocate necessary resources
	Init() error
}

Initializable represents a structure that requires initialization It usually should only be called once before anything else is called

type LocalTwoFASkipper added in v1.16.0

type LocalTwoFASkipper interface {
	IsSkipLocalTwoFA() bool
}

LocalTwoFASkipper represents a source of authentication that can skip local 2fa

type Method added in v1.16.0

type Method interface {
	// Verify tries to verify the authentication data contained in the request.
	// If verification is successful returns either an existing user object (with id > 0)
	// or a new user object (with id = 0) populated with the information that was found
	// in the authentication data (username or email).
	// Returns nil if verification fails.
	Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User
}

Method represents an authentication method (plugin) for HTTP requests.

func Methods

func Methods() []Method

Methods returns the instances of all registered methods

type Named added in v1.16.0

type Named interface {
	Name() string
}

Named represents a named thing

type OAuth2

type OAuth2 struct {
}

OAuth2 implements the Auth interface and authenticates requests (API requests only) by looking for an OAuth token in query parameters or the "Authorization" header.

func (*OAuth2) Name

func (o *OAuth2) Name() string

Name represents the name of auth method

func (*OAuth2) Verify

func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User

Verify extracts the user ID from the OAuth token in the query parameters or the "Authorization" header and returns the corresponding user object for that ID. If verification is successful returns an existing user object. Returns nil if verification fails.

type PasswordAuthenticator added in v1.16.0

type PasswordAuthenticator interface {
	Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
}

PasswordAuthenticator represents a source of authentication

type ReverseProxy

type ReverseProxy struct {
}

ReverseProxy implements the Auth interface, but actually relies on a reverse proxy for authentication of users. On successful authentication the proxy is expected to populate the username in the "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the user in the "setting.ReverseProxyAuthEmail" header.

func (*ReverseProxy) Name

func (r *ReverseProxy) Name() string

Name represents the name of auth method

func (*ReverseProxy) Verify

Verify extracts the username from the "setting.ReverseProxyAuthUser" header of the request and returns the corresponding user object for that name. Verification of header data is not performed as it should have already been done by the revese proxy. If a username is available in the "setting.ReverseProxyAuthUser" header an existing user object is returned (populated with username or email found in header). Returns nil if header is empty.

type Session

type Session struct {
}

Session checks if there is a user uid stored in the session and returns the user object for that uid.

func (*Session) Name

func (s *Session) Name() string

Name represents the name of auth method

func (*Session) Verify

func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User

Verify checks if there is a user uid stored in the session and returns the user object for that uid. Returns nil if there is no user uid stored in the session.

type SessionStore

type SessionStore session.Store

SessionStore represents a session store

type SynchronizableSource added in v1.16.0

type SynchronizableSource interface {
	Sync(ctx context.Context, updateExisting bool) error
}

SynchronizableSource represents a source that can synchronize users

Directories

Path Synopsis
source
db
pam

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL