Documentation ¶
Index ¶
- Variables
- func AccessTokenByNameExists(token *AccessToken) (bool, error)
- func CleanupSessions(maxLifetime int64) error
- func CountAccessTokens(opts ListAccessTokensOptions) (int64, error)
- func CountSessions() (int64, error)
- func CountSources() int64
- func CreateSource(source *Source) error
- func DeleteAccessTokenByID(id, userID int64) error
- func DeleteCredential(id, userID int64) (bool, error)
- func DeleteOAuth2Application(id, userid int64) error
- func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error
- func DeleteTwoFactorByID(id, userID int64) error
- func DestroySession(key string) error
- func ExistSession(key string) (bool, error)
- func ExistsWebAuthnCredentialsForUID(uid int64) (bool, error)
- func HasTwoFactorByUID(uid int64) (bool, error)
- func HasWebAuthnRegistrationsByUID(uid int64) (bool, error)
- func HashToken(token, salt string) string
- func IsErrAccessTokenEmpty(err error) bool
- func IsErrAccessTokenNotExist(err error) bool
- func IsErrOAuthApplicationNotFound(err error) bool
- func IsErrOauthClientIDInvalid(err error) bool
- func IsErrSourceAlreadyExist(err error) bool
- func IsErrSourceInUse(err error) bool
- func IsErrSourceNotExist(err error) bool
- func IsErrTwoFactorNotEnrolled(err error) bool
- func IsErrWebAuthnCredentialNotExist(err error) bool
- func IsSSPIEnabled() bool
- func NewAccessToken(t *AccessToken) error
- func NewTwoFactor(t *TwoFactor) error
- func RegisterTypeConfig(typ Type, exemplar Config)
- func RevokeOAuth2Grant(ctx context.Context, grantID, userID int64) error
- func UpdateAccessToken(t *AccessToken) error
- func UpdateSession(key string, data []byte) error
- func UpdateSource(source *Source) error
- func UpdateTwoFactor(t *TwoFactor) error
- func WebAuthnCredentials(userID int64) ([]webauthn.Credential, error)
- type AccessToken
- type AccessTokenScope
- type AccessTokenScopeBitmap
- type Config
- type CreateOAuth2ApplicationOptions
- type ErrAccessTokenEmpty
- type ErrAccessTokenNotExist
- type ErrOAuthApplicationNotFound
- type ErrOAuthClientIDInvalid
- type ErrSourceAlreadyExist
- type ErrSourceInUse
- type ErrSourceNotExist
- type ErrTwoFactorNotEnrolled
- type ErrWebAuthnCredentialNotExist
- type HasTLSer
- type ListAccessTokensOptions
- type OAuth2Application
- func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
- func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
- func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
- func GetOAuth2ApplicationsByUserID(ctx context.Context, userID int64) (apps []*OAuth2Application, err error)
- func ListOAuth2Applications(uid int64, listOptions db.ListOptions) ([]*OAuth2Application, int64, error)
- func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
- func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
- func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
- func (app *OAuth2Application) GenerateClientSecret() (string, error)
- func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
- func (app *OAuth2Application) PrimaryRedirectURI() string
- func (app *OAuth2Application) TableName() string
- func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
- type OAuth2AuthorizationCode
- func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (redirect *url.URL, err error)
- func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
- func (code *OAuth2AuthorizationCode) TableName() string
- func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
- type OAuth2Grant
- func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
- func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
- func (grant *OAuth2Grant) ScopeContains(scope string) bool
- func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
- func (grant *OAuth2Grant) TableName() string
- type RegisterableSource
- type SSHKeyProvider
- type Session
- type SkipVerifiable
- type Source
- func ActiveSources(tp Type) ([]*Source, error)
- func AllActiveSources() ([]*Source, error)
- func GetActiveOAuth2ProviderSources() ([]*Source, error)
- func GetActiveOAuth2SourceByName(name string) (*Source, error)
- func GetSourceByID(id int64) (*Source, error)
- func Sources() ([]*Source, error)
- func SourcesByType(loginType Type) ([]*Source, error)
- func (source *Source) BeforeSet(colName string, val xorm.Cell)
- func (source *Source) HasTLS() bool
- func (source *Source) IsDLDAP() bool
- func (source *Source) IsLDAP() bool
- func (source *Source) IsOAuth2() bool
- func (source *Source) IsPAM() bool
- func (source *Source) IsSMTP() bool
- func (source *Source) IsSSPI() bool
- func (source *Source) SkipVerify() bool
- func (Source) TableName() string
- func (source *Source) TypeName() string
- func (source *Source) UseTLS() bool
- type SourceSettable
- type TwoFactor
- type Type
- type UpdateOAuth2ApplicationOptions
- type UseTLSer
- type WebAuthnCredential
- func CreateCredential(userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByCredID(userID int64, credID []byte) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByID(id int64) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByName(uid int64, name string) (*WebAuthnCredential, error)
- type WebAuthnCredentialList
Constants ¶
This section is empty.
Variables ¶
var Names = map[Type]string{ LDAP: "LDAP (via BindDN)", DLDAP: "LDAP (simple auth)", SMTP: "SMTP", PAM: "PAM", OAuth2: "OAuth2", SSPI: "SPNEGO with SSPI", }
Names contains the name of LoginType values.
Functions ¶
func AccessTokenByNameExists ¶ added in v1.17.4
func AccessTokenByNameExists(token *AccessToken) (bool, error)
AccessTokenByNameExists checks if a token name has been used already by a user.
func CleanupSessions ¶
CleanupSessions cleans up expired sessions
func CountAccessTokens ¶ added in v1.17.4
func CountAccessTokens(opts ListAccessTokensOptions) (int64, error)
CountAccessTokens count access tokens belongs to given user by options
func CountSessions ¶
CountSessions returns the number of sessions
func CreateSource ¶
CreateSource inserts a AuthSource in the DB if not already existing with the given name.
func DeleteAccessTokenByID ¶ added in v1.17.4
DeleteAccessTokenByID deletes access token by given ID.
func DeleteCredential ¶
DeleteCredential will delete WebAuthnCredential
func DeleteOAuth2Application ¶
DeleteOAuth2Application deletes the application with the given id and the grants and auth codes related to it. It checks if the userid was the creator of the app.
func DeleteOAuth2RelictsByUserID ¶ added in v1.17.0
func DeleteTwoFactorByID ¶
DeleteTwoFactorByID deletes two-factor authentication token by given ID.
func ExistSession ¶
ExistSession checks if a session exists
func ExistsWebAuthnCredentialsForUID ¶
ExistsWebAuthnCredentialsForUID returns if the given user has credentials
func HasTwoFactorByUID ¶
HasTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func HasWebAuthnRegistrationsByUID ¶
HasWebAuthnRegistrationsByUID returns whether a given user has WebAuthn registrations
func IsErrAccessTokenEmpty ¶ added in v1.17.4
IsErrAccessTokenEmpty checks if an error is a ErrAccessTokenEmpty.
func IsErrAccessTokenNotExist ¶ added in v1.17.4
IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist.
func IsErrOAuthApplicationNotFound ¶
IsErrOAuthApplicationNotFound checks if an error is a ErrReviewNotExist.
func IsErrOauthClientIDInvalid ¶
IsErrOauthClientIDInvalid checks if an error is a ErrOAuthClientIDInvalid.
func IsErrSourceAlreadyExist ¶
IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.
func IsErrSourceInUse ¶
IsErrSourceInUse checks if an error is a ErrSourceInUse.
func IsErrSourceNotExist ¶
IsErrSourceNotExist checks if an error is a ErrSourceNotExist.
func IsErrTwoFactorNotEnrolled ¶
IsErrTwoFactorNotEnrolled checks if an error is a ErrTwoFactorNotEnrolled.
func IsErrWebAuthnCredentialNotExist ¶
IsErrWebAuthnCredentialNotExist checks if an error is a ErrWebAuthnCredentialNotExist.
func IsSSPIEnabled ¶
func IsSSPIEnabled() bool
IsSSPIEnabled returns true if there is at least one activated login source of type LoginSSPI
func NewAccessToken ¶ added in v1.17.4
func NewAccessToken(t *AccessToken) error
NewAccessToken creates new access token.
func NewTwoFactor ¶
NewTwoFactor creates a new two-factor authentication token.
func RegisterTypeConfig ¶
RegisterTypeConfig register a config for a provided type
func RevokeOAuth2Grant ¶
RevokeOAuth2Grant deletes the grant with grantID and userID
func UpdateAccessToken ¶ added in v1.17.4
func UpdateAccessToken(t *AccessToken) error
UpdateAccessToken updates information of access token.
func UpdateSession ¶
UpdateSession updates the session with provided id
func UpdateSource ¶
UpdateSource updates a Source record in DB.
func UpdateTwoFactor ¶
UpdateTwoFactor updates a two-factor authentication token.
func WebAuthnCredentials ¶
func WebAuthnCredentials(userID int64) ([]webauthn.Credential, error)
WebAuthnCredentials implementns the webauthn.User interface
Types ¶
type AccessToken ¶ added in v1.17.4
type AccessToken struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"INDEX"` Name string Token string `xorm:"-"` TokenHash string `xorm:"UNIQUE"` // sha256 of token TokenSalt string TokenLastEight string `xorm:"INDEX token_last_eight"` Scope AccessTokenScope CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` HasRecentActivity bool `xorm:"-"` HasUsed bool `xorm:"-"` }
AccessToken represents a personal access token.
func GetAccessTokenBySHA ¶ added in v1.17.4
func GetAccessTokenBySHA(token string) (*AccessToken, error)
GetAccessTokenBySHA returns access token by given token value
func ListAccessTokens ¶ added in v1.17.4
func ListAccessTokens(opts ListAccessTokensOptions) ([]*AccessToken, error)
ListAccessTokens returns a list of access tokens belongs to given user.
func (*AccessToken) AfterLoad ¶ added in v1.17.4
func (t *AccessToken) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
type AccessTokenScope ¶ added in v1.19.0
type AccessTokenScope string
AccessTokenScope represents the scope for an access token.
const ( AccessTokenScopeAll AccessTokenScope = "all" AccessTokenScopeRepo AccessTokenScope = "repo" AccessTokenScopeRepoStatus AccessTokenScope = "repo:status" AccessTokenScopePublicRepo AccessTokenScope = "public_repo" AccessTokenScopeAdminOrg AccessTokenScope = "admin:org" AccessTokenScopeWriteOrg AccessTokenScope = "write:org" AccessTokenScopeReadOrg AccessTokenScope = "read:org" AccessTokenScopeAdminPublicKey AccessTokenScope = "admin:public_key" AccessTokenScopeWritePublicKey AccessTokenScope = "write:public_key" AccessTokenScopeReadPublicKey AccessTokenScope = "read:public_key" AccessTokenScopeAdminRepoHook AccessTokenScope = "admin:repo_hook" AccessTokenScopeWriteRepoHook AccessTokenScope = "write:repo_hook" AccessTokenScopeReadRepoHook AccessTokenScope = "read:repo_hook" AccessTokenScopeAdminOrgHook AccessTokenScope = "admin:org_hook" AccessTokenScopeNotification AccessTokenScope = "notification" AccessTokenScopeUser AccessTokenScope = "user" AccessTokenScopeReadUser AccessTokenScope = "read:user" AccessTokenScopeUserEmail AccessTokenScope = "user:email" AccessTokenScopeUserFollow AccessTokenScope = "user:follow" AccessTokenScopeDeleteRepo AccessTokenScope = "delete_repo" AccessTokenScopePackage AccessTokenScope = "package" AccessTokenScopeWritePackage AccessTokenScope = "write:package" AccessTokenScopeReadPackage AccessTokenScope = "read:package" AccessTokenScopeDeletePackage AccessTokenScope = "delete:package" AccessTokenScopeAdminGPGKey AccessTokenScope = "admin:gpg_key" AccessTokenScopeWriteGPGKey AccessTokenScope = "write:gpg_key" AccessTokenScopeReadGPGKey AccessTokenScope = "read:gpg_key" AccessTokenScopeAdminApplication AccessTokenScope = "admin:application" AccessTokenScopeWriteApplication AccessTokenScope = "write:application" AccessTokenScopeReadApplication AccessTokenScope = "read:application" AccessTokenScopeSudo AccessTokenScope = "sudo" )
func (AccessTokenScope) HasScope ¶ added in v1.19.0
func (s AccessTokenScope) HasScope(scope AccessTokenScope) (bool, error)
HasScope returns true if the string has the given scope
func (AccessTokenScope) Normalize ¶ added in v1.19.0
func (s AccessTokenScope) Normalize() (AccessTokenScope, error)
Normalize returns a normalized scope string without any duplicates.
func (AccessTokenScope) Parse ¶ added in v1.19.0
func (s AccessTokenScope) Parse() (AccessTokenScopeBitmap, error)
Parse parses the scope string into a bitmap, thus removing possible duplicates.
func (AccessTokenScope) StringSlice ¶ added in v1.19.0
func (s AccessTokenScope) StringSlice() []string
StringSlice returns the AccessTokenScope as a []string
type AccessTokenScopeBitmap ¶ added in v1.19.0
type AccessTokenScopeBitmap uint64
AccessTokenScopeBitmap represents a bitmap of access token scopes.
const ( // AccessTokenScopeAllBits is the bitmap of all access token scopes, except `sudo`. AccessTokenScopeAllBits AccessTokenScopeBitmap = AccessTokenScopeRepoBits | AccessTokenScopeAdminOrgBits | AccessTokenScopeAdminPublicKeyBits | AccessTokenScopeAdminOrgHookBits | AccessTokenScopeNotificationBits | AccessTokenScopeUserBits | AccessTokenScopeDeleteRepoBits | AccessTokenScopePackageBits | AccessTokenScopeAdminGPGKeyBits | AccessTokenScopeAdminApplicationBits AccessTokenScopeRepoBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeRepoStatusBits | AccessTokenScopePublicRepoBits | AccessTokenScopeAdminRepoHookBits AccessTokenScopeRepoStatusBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopePublicRepoBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminOrgBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWriteOrgBits AccessTokenScopeWriteOrgBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadOrgBits AccessTokenScopeReadOrgBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminPublicKeyBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWritePublicKeyBits AccessTokenScopeWritePublicKeyBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadPublicKeyBits AccessTokenScopeReadPublicKeyBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminRepoHookBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWriteRepoHookBits AccessTokenScopeWriteRepoHookBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadRepoHookBits AccessTokenScopeReadRepoHookBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminOrgHookBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeNotificationBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeUserBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadUserBits | AccessTokenScopeUserEmailBits | AccessTokenScopeUserFollowBits AccessTokenScopeReadUserBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeUserEmailBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeUserFollowBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeDeleteRepoBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopePackageBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWritePackageBits | AccessTokenScopeDeletePackageBits AccessTokenScopeWritePackageBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadPackageBits AccessTokenScopeReadPackageBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeDeletePackageBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminGPGKeyBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWriteGPGKeyBits AccessTokenScopeWriteGPGKeyBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadGPGKeyBits AccessTokenScopeReadGPGKeyBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeAdminApplicationBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeWriteApplicationBits AccessTokenScopeWriteApplicationBits AccessTokenScopeBitmap = 1<<iota | AccessTokenScopeReadApplicationBits AccessTokenScopeReadApplicationBits AccessTokenScopeBitmap = 1 << iota AccessTokenScopeSudoBits AccessTokenScopeBitmap = 1 << iota )
Bitmap of each scope, including the child scopes.
func (AccessTokenScopeBitmap) HasScope ¶ added in v1.19.0
func (bitmap AccessTokenScopeBitmap) HasScope(scope AccessTokenScope) (bool, error)
HasScope returns true if the string has the given scope
func (AccessTokenScopeBitmap) ToScope ¶ added in v1.19.0
func (bitmap AccessTokenScopeBitmap) ToScope() AccessTokenScope
ToScope returns a normalized scope string without any duplicates.
type Config ¶
type Config interface { convert.Conversion }
Config represents login config as far as the db is concerned
type CreateOAuth2ApplicationOptions ¶
type CreateOAuth2ApplicationOptions struct { Name string UserID int64 ConfidentialClient bool RedirectURIs []string }
CreateOAuth2ApplicationOptions holds options to create an oauth2 application
type ErrAccessTokenEmpty ¶ added in v1.17.4
type ErrAccessTokenEmpty struct{}
ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.
func (ErrAccessTokenEmpty) Error ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Error() string
func (ErrAccessTokenEmpty) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Unwrap() error
type ErrAccessTokenNotExist ¶ added in v1.17.4
type ErrAccessTokenNotExist struct {
Token string
}
ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error.
func (ErrAccessTokenNotExist) Error ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Error() string
func (ErrAccessTokenNotExist) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Unwrap() error
type ErrOAuthApplicationNotFound ¶
type ErrOAuthApplicationNotFound struct {
ID int64
}
ErrOAuthApplicationNotFound will be thrown if id cannot be found
func (ErrOAuthApplicationNotFound) Error ¶
func (err ErrOAuthApplicationNotFound) Error() string
Error returns the error message
func (ErrOAuthApplicationNotFound) Unwrap ¶ added in v1.17.4
func (err ErrOAuthApplicationNotFound) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrOAuthClientIDInvalid ¶
type ErrOAuthClientIDInvalid struct {
ClientID string
}
ErrOAuthClientIDInvalid will be thrown if client id cannot be found
func (ErrOAuthClientIDInvalid) Error ¶
func (err ErrOAuthClientIDInvalid) Error() string
Error returns the error message
func (ErrOAuthClientIDInvalid) Unwrap ¶ added in v1.17.4
func (err ErrOAuthClientIDInvalid) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrSourceAlreadyExist ¶
type ErrSourceAlreadyExist struct {
Name string
}
ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.
func (ErrSourceAlreadyExist) Error ¶
func (err ErrSourceAlreadyExist) Error() string
func (ErrSourceAlreadyExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceAlreadyExist) Unwrap() error
Unwrap unwraps this as a ErrExist err
type ErrSourceInUse ¶
type ErrSourceInUse struct {
ID int64
}
ErrSourceInUse represents a "SourceInUse" kind of error.
func (ErrSourceInUse) Error ¶
func (err ErrSourceInUse) Error() string
type ErrSourceNotExist ¶
type ErrSourceNotExist struct {
ID int64
}
ErrSourceNotExist represents a "SourceNotExist" kind of error.
func (ErrSourceNotExist) Error ¶
func (err ErrSourceNotExist) Error() string
func (ErrSourceNotExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrTwoFactorNotEnrolled ¶
type ErrTwoFactorNotEnrolled struct {
UID int64
}
ErrTwoFactorNotEnrolled indicates that a user is not enrolled in two-factor authentication.
func (ErrTwoFactorNotEnrolled) Error ¶
func (err ErrTwoFactorNotEnrolled) Error() string
func (ErrTwoFactorNotEnrolled) Unwrap ¶ added in v1.17.4
func (err ErrTwoFactorNotEnrolled) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrWebAuthnCredentialNotExist ¶
ErrWebAuthnCredentialNotExist represents a "ErrWebAuthnCRedentialNotExist" kind of error.
func (ErrWebAuthnCredentialNotExist) Error ¶
func (err ErrWebAuthnCredentialNotExist) Error() string
func (ErrWebAuthnCredentialNotExist) Unwrap ¶ added in v1.17.4
func (err ErrWebAuthnCredentialNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type HasTLSer ¶
type HasTLSer interface {
HasTLS() bool
}
HasTLSer configurations provide a HasTLS to check if TLS can be enabled
type ListAccessTokensOptions ¶ added in v1.17.4
type ListAccessTokensOptions struct { db.ListOptions Name string UserID int64 }
ListAccessTokensOptions contain filter options
type OAuth2Application ¶
type OAuth2Application struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"INDEX"` Name string ClientID string `xorm:"unique"` ClientSecret string // OAuth defines both Confidential and Public client types // https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 // "Authorization servers MUST record the client type in the client registration details" // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 ConfidentialClient bool `xorm:"NOT NULL DEFAULT TRUE"` RedirectURIs []string `xorm:"redirect_uris JSON TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
OAuth2Application represents an OAuth2 client (RFC 6749)
func CreateOAuth2Application ¶
func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
CreateOAuth2Application inserts a new oauth2 application
func GetOAuth2ApplicationByClientID ¶
func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
GetOAuth2ApplicationByClientID returns the oauth2 application with the given client_id. Returns an error if not found.
func GetOAuth2ApplicationByID ¶
func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
GetOAuth2ApplicationByID returns the oauth2 application with the given id. Returns an error if not found.
func GetOAuth2ApplicationsByUserID ¶
func GetOAuth2ApplicationsByUserID(ctx context.Context, userID int64) (apps []*OAuth2Application, err error)
GetOAuth2ApplicationsByUserID returns all oauth2 applications owned by the user
func ListOAuth2Applications ¶
func ListOAuth2Applications(uid int64, listOptions db.ListOptions) ([]*OAuth2Application, int64, error)
ListOAuth2Applications returns a list of oauth2 applications belongs to given user.
func UpdateOAuth2Application ¶
func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
UpdateOAuth2Application updates an oauth2 application
func (*OAuth2Application) ContainsRedirectURI ¶
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
ContainsRedirectURI checks if redirectURI is allowed for app
func (*OAuth2Application) CreateGrant ¶
func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
CreateGrant generates a grant for an user
func (*OAuth2Application) GenerateClientSecret ¶
func (app *OAuth2Application) GenerateClientSecret() (string, error)
GenerateClientSecret will generate the client secret and returns the plaintext and saves the hash at the database
func (*OAuth2Application) GetGrantByUserID ¶
func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
GetGrantByUserID returns a OAuth2Grant by its user and application ID
func (*OAuth2Application) PrimaryRedirectURI ¶
func (app *OAuth2Application) PrimaryRedirectURI() string
PrimaryRedirectURI returns the first redirect uri or an empty string if empty
func (*OAuth2Application) TableName ¶
func (app *OAuth2Application) TableName() string
TableName sets the table name to `oauth2_application`
func (*OAuth2Application) ValidateClientSecret ¶
func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
ValidateClientSecret validates the given secret by the hash saved in database
type OAuth2AuthorizationCode ¶
type OAuth2AuthorizationCode struct { ID int64 `xorm:"pk autoincr"` Grant *OAuth2Grant `xorm:"-"` GrantID int64 Code string `xorm:"INDEX unique"` CodeChallenge string CodeChallengeMethod string RedirectURI string ValidUntil timeutil.TimeStamp `xorm:"index"` }
OAuth2AuthorizationCode is a code to obtain an access token in combination with the client secret once. It has a limited lifetime.
func GetOAuth2AuthorizationByCode ¶
func GetOAuth2AuthorizationByCode(ctx context.Context, code string) (auth *OAuth2AuthorizationCode, err error)
GetOAuth2AuthorizationByCode returns an authorization by its code
func (*OAuth2AuthorizationCode) GenerateRedirectURI ¶
func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (redirect *url.URL, err error)
GenerateRedirectURI generates a redirect URI for a successful authorization request. State will be used if not empty.
func (*OAuth2AuthorizationCode) Invalidate ¶
func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
Invalidate deletes the auth code from the database to invalidate this code
func (*OAuth2AuthorizationCode) TableName ¶
func (code *OAuth2AuthorizationCode) TableName() string
TableName sets the table name to `oauth2_authorization_code`
func (*OAuth2AuthorizationCode) ValidateCodeChallenge ¶
func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE implementation.
type OAuth2Grant ¶
type OAuth2Grant struct { ID int64 `xorm:"pk autoincr"` UserID int64 `xorm:"INDEX unique(user_application)"` Application *OAuth2Application `xorm:"-"` ApplicationID int64 `xorm:"INDEX unique(user_application)"` Counter int64 `xorm:"NOT NULL DEFAULT 1"` Scope string `xorm:"TEXT"` Nonce string `xorm:"TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"created"` UpdatedUnix timeutil.TimeStamp `xorm:"updated"` }
OAuth2Grant represents the permission of an user for a specific application to access resources
func GetOAuth2GrantByID ¶
func GetOAuth2GrantByID(ctx context.Context, id int64) (grant *OAuth2Grant, err error)
GetOAuth2GrantByID returns the grant with the given ID
func GetOAuth2GrantsByUserID ¶
func GetOAuth2GrantsByUserID(ctx context.Context, uid int64) ([]*OAuth2Grant, error)
GetOAuth2GrantsByUserID lists all grants of a certain user
func (*OAuth2Grant) GenerateNewAuthorizationCode ¶
func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
GenerateNewAuthorizationCode generates a new authorization code for a grant and saves it to the database
func (*OAuth2Grant) IncreaseCounter ¶
func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
IncreaseCounter increases the counter and updates the grant
func (*OAuth2Grant) ScopeContains ¶
func (grant *OAuth2Grant) ScopeContains(scope string) bool
ScopeContains returns true if the grant scope contains the specified scope
func (*OAuth2Grant) SetNonce ¶
func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
SetNonce updates the current nonce value of a grant
func (*OAuth2Grant) TableName ¶
func (grant *OAuth2Grant) TableName() string
TableName sets the table name to `oauth2_grant`
type RegisterableSource ¶
RegisterableSource configurations provide RegisterSource which needs to be run on creation
type SSHKeyProvider ¶
type SSHKeyProvider interface {
ProvidesSSHKeys() bool
}
SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys
type Session ¶
type Session struct { Key string `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session Data []byte `xorm:"BLOB"` // on MySQL this has a maximum size of 64Kb - this may need to be increased Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session }
Session represents a session compatible for go-chi session
func ReadSession ¶
ReadSession reads the data for the provided session
func RegenerateSession ¶
RegenerateSession regenerates a session from the old id
type SkipVerifiable ¶
type SkipVerifiable interface {
IsSkipVerify() bool
}
SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set
type Source ¶
type Source struct { ID int64 `xorm:"pk autoincr"` Type Type Name string `xorm:"UNIQUE"` IsActive bool `xorm:"INDEX NOT NULL DEFAULT false"` IsSyncEnabled bool `xorm:"INDEX NOT NULL DEFAULT false"` Cfg convert.Conversion `xorm:"TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
Source represents an external way for authorizing users.
func ActiveSources ¶
ActiveSources returns all active sources of the specified type
func AllActiveSources ¶
AllActiveSources returns all active sources
func GetActiveOAuth2ProviderSources ¶
GetActiveOAuth2ProviderSources returns all actived LoginOAuth2 sources
func GetActiveOAuth2SourceByName ¶
GetActiveOAuth2SourceByName returns a OAuth2 AuthSource based on the given name
func GetSourceByID ¶
GetSourceByID returns login source by given ID.
func SourcesByType ¶
SourcesByType returns all sources of the specified type
func (*Source) BeforeSet ¶
BeforeSet is invoked from XORM before setting the value of a field of this object.
func (*Source) SkipVerify ¶
SkipVerify returns true if this source is configured to skip SSL verification.
type SourceSettable ¶
type SourceSettable interface {
SetAuthSource(*Source)
}
SourceSettable configurations can have their authSource set on them
type TwoFactor ¶
type TwoFactor struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"UNIQUE"` Secret string ScratchSalt string ScratchHash string LastUsedPasscode string `xorm:"VARCHAR(10)"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
TwoFactor represents a two-factor authentication token.
func GetTwoFactorByUID ¶
GetTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func (*TwoFactor) GenerateScratchToken ¶
GenerateScratchToken recreates the scratch token the user is using.
func (*TwoFactor) ValidateTOTP ¶
ValidateTOTP validates the provided passcode.
func (*TwoFactor) VerifyScratchToken ¶
VerifyScratchToken verifies if the specified scratch token is valid.
type Type ¶
type Type int
Type represents an login type.
type UpdateOAuth2ApplicationOptions ¶
type UpdateOAuth2ApplicationOptions struct { ID int64 Name string UserID int64 ConfidentialClient bool RedirectURIs []string }
UpdateOAuth2ApplicationOptions holds options to update an oauth2 application
type UseTLSer ¶
type UseTLSer interface {
UseTLS() bool
}
UseTLSer configurations provide a HasTLS to check if TLS is enabled
type WebAuthnCredential ¶
type WebAuthnCredential struct { ID int64 `xorm:"pk autoincr"` Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` CredentialID []byte `xorm:"INDEX VARBINARY(1024)"` PublicKey []byte AttestationType string AAGUID []byte SignCount uint32 `xorm:"BIGINT"` CloneWarning bool CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
WebAuthnCredential represents the WebAuthn credential data for a public-key credential conformant to WebAuthn Level 1
func CreateCredential ¶
func CreateCredential(userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
CreateCredential will create a new WebAuthnCredential from the given Credential
func GetWebAuthnCredentialByCredID ¶
func GetWebAuthnCredentialByCredID(userID int64, credID []byte) (*WebAuthnCredential, error)
GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID
func GetWebAuthnCredentialByID ¶
func GetWebAuthnCredentialByID(id int64) (*WebAuthnCredential, error)
GetWebAuthnCredentialByID returns WebAuthn credential by id
func GetWebAuthnCredentialByName ¶
func GetWebAuthnCredentialByName(uid int64, name string) (*WebAuthnCredential, error)
GetWebAuthnCredentialByName returns WebAuthn credential by id
func (*WebAuthnCredential) AfterLoad ¶
func (cred *WebAuthnCredential) AfterLoad(session *xorm.Session)
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*WebAuthnCredential) BeforeInsert ¶
func (cred *WebAuthnCredential) BeforeInsert()
BeforeInsert will be invoked by XORM before updating a record
func (*WebAuthnCredential) BeforeUpdate ¶
func (cred *WebAuthnCredential) BeforeUpdate()
BeforeUpdate will be invoked by XORM before updating a record
func (WebAuthnCredential) TableName ¶
func (cred WebAuthnCredential) TableName() string
TableName returns a better table name for WebAuthnCredential
func (*WebAuthnCredential) UpdateSignCount ¶
func (cred *WebAuthnCredential) UpdateSignCount() error
UpdateSignCount will update the database value of SignCount
type WebAuthnCredentialList ¶
type WebAuthnCredentialList []*WebAuthnCredential
WebAuthnCredentialList is a list of *WebAuthnCredential
func GetWebAuthnCredentialsByUID ¶
func GetWebAuthnCredentialsByUID(uid int64) (WebAuthnCredentialList, error)
GetWebAuthnCredentialsByUID returns all WebAuthn credentials of the given user
func (WebAuthnCredentialList) ToCredentials ¶
func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential
ToCredentials will convert all WebAuthnCredentials to webauthn.Credentials