Documentation ¶
Index ¶
- Constants
- func APIAuth(authMethod Method) func(*context.APIContext)
- func Auth(authMethod Method) func(*context.Context)
- func CheckOAuthAccessToken(accessToken string) int64
- func DeleteSource(source *auth.Source) error
- func Init()
- func SessionUser(sess SessionStore) *user_model.User
- func SyncExternalUsers(ctx context.Context, updateExisting bool) error
- func UserSignIn(username, password string) (*user_model.User, *auth.Source, error)
- func VerifyAuthWithOptions(options *VerifyOptions) func(ctx *context.Context)
- func VerifyAuthWithOptionsAPI(options *VerifyOptions) func(ctx *context.APIContext)
- func VerifyCert(r *http.Request) (*asymkey_model.PublicKey, error)
- func VerifyPubKey(r *http.Request) (*asymkey_model.PublicKey, error)
- type Basic
- type DataStore
- type Freeable
- type Group
- type HTTPSign
- type Initializable
- type LocalTwoFASkipper
- type Method
- type Named
- type OAuth2
- type PasswordAuthenticator
- type ReverseProxy
- type Session
- type SessionStore
- type SynchronizableSource
- type VerifyOptions
Constants ¶
const BasicMethodName = "basic"
BasicMethodName is the constant name of the basic authentication method
const ReverseProxyMethodName = "reverse_proxy"
ReverseProxyMethodName is the constant name of the ReverseProxy authentication method
Variables ¶
This section is empty.
Functions ¶
func APIAuth ¶ added in v1.19.0
func APIAuth(authMethod Method) func(*context.APIContext)
APIAuth is a middleware to authenticate an api user
func CheckOAuthAccessToken ¶
CheckOAuthAccessToken returns uid of user from oauth token
func DeleteSource ¶ added in v1.16.0
DeleteSource deletes a AuthSource record in DB.
func Init ¶
func Init()
Init should be called exactly once when the application starts to allow plugins to allocate necessary resources
func SessionUser ¶
func SessionUser(sess SessionStore) *user_model.User
SessionUser returns the user object corresponding to the "uid" session variable.
func SyncExternalUsers ¶ added in v1.16.0
SyncExternalUsers is used to synchronize users with external authorization source
func UserSignIn ¶ added in v1.16.0
UserSignIn validates user name and password.
func VerifyAuthWithOptions ¶ added in v1.20.0
func VerifyAuthWithOptions(options *VerifyOptions) func(ctx *context.Context)
VerifyAuthWithOptions checks authentication according to options
func VerifyAuthWithOptionsAPI ¶ added in v1.20.0
func VerifyAuthWithOptionsAPI(options *VerifyOptions) func(ctx *context.APIContext)
VerifyAuthWithOptionsAPI checks authentication according to options
func VerifyCert ¶ added in v1.17.0
func VerifyCert(r *http.Request) (*asymkey_model.PublicKey, error)
VerifyCert verifies the validity of the ssh certificate and returns the publickey of the signer We verify that the certificate is signed with the correct CA We verify that the http request is signed with the private key (of the public key mentioned in the certificate)
func VerifyPubKey ¶ added in v1.17.0
func VerifyPubKey(r *http.Request) (*asymkey_model.PublicKey, error)
Types ¶
type Basic ¶
type Basic struct{}
Basic implements the Auth interface and authenticates requests (API requests only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization" header.
func (*Basic) Verify ¶
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts and validates Basic data (username and password/token) from the "Authorization" header of the request and returns the corresponding user object for that name/token on successful validation. Returns nil if header is empty or validation fails.
type Freeable ¶ added in v1.16.0
type Freeable interface { // Free should be called exactly once before application closes, in order to // give chance to the plugin to free any allocated resources Free() error }
Freeable represents a structure that is required to be freed
type Group ¶
type Group struct {
// contains filtered or unexported fields
}
Group implements the Auth interface with serval Auth.
func (*Group) Free ¶
Free does nothing as the Basic implementation does not have to release any resources
func (*Group) Init ¶
Init does nothing as the Basic implementation does not need to allocate any resources
func (*Group) Verify ¶
func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts and validates
type HTTPSign ¶ added in v1.17.0
type HTTPSign struct{}
HTTPSign implements the Auth interface and authenticates requests (API requests only) by looking for http signature data in the "Signature" header. more information can be found on https://github.com/go-fed/httpsig
func (*HTTPSign) Verify ¶ added in v1.17.0
func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts and validates HTTPsign from the Signature header of the request and returns the corresponding user object on successful validation. Returns nil if header is empty or validation fails.
type Initializable ¶ added in v1.16.0
type Initializable interface { // Init should be called exactly once before using any of the other methods, // in order to allow the plugin to allocate necessary resources Init(ctx context.Context) error }
Initializable represents a structure that requires initialization It usually should only be called once before anything else is called
type LocalTwoFASkipper ¶ added in v1.16.0
type LocalTwoFASkipper interface {
IsSkipLocalTwoFA() bool
}
LocalTwoFASkipper represents a source of authentication that can skip local 2fa
type Method ¶ added in v1.16.0
type Method interface { // Verify tries to verify the authentication data contained in the request. // If verification is successful returns either an existing user object (with id > 0) // or a new user object (with id = 0) populated with the information that was found // in the authentication data (username or email). // Second argument returns err if verification fails, otherwise // First return argument returns nil if no matched verification condition Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) }
Method represents an authentication method (plugin) for HTTP requests.
type OAuth2 ¶
type OAuth2 struct{}
OAuth2 implements the Auth interface and authenticates requests (API requests only) by looking for an OAuth token in query parameters or the "Authorization" header.
func (*OAuth2) Verify ¶
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts the user ID from the OAuth token in the query parameters or the "Authorization" header and returns the corresponding user object for that ID. If verification is successful returns an existing user object. Returns nil if verification fails.
type PasswordAuthenticator ¶ added in v1.16.0
type PasswordAuthenticator interface {
Authenticate(user *user_model.User, login, password string) (*user_model.User, error)
}
PasswordAuthenticator represents a source of authentication
type ReverseProxy ¶
type ReverseProxy struct{}
ReverseProxy implements the Auth interface, but actually relies on a reverse proxy for authentication of users. On successful authentication the proxy is expected to populate the username in the "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the user in the "setting.ReverseProxyAuthEmail" header.
func (*ReverseProxy) Name ¶
func (r *ReverseProxy) Name() string
Name represents the name of auth method
func (*ReverseProxy) Verify ¶
func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify attempts to load a user object based on headers sent by the reverse proxy. First it will attempt to load it based on the username (see docs for getUserFromAuthUser), and failing that it will attempt to load it based on the email (see docs for getUserFromAuthEmail). Returns nil if the headers are empty or the user is not found.
type Session ¶
type Session struct{}
Session checks if there is a user uid stored in the session and returns the user object for that uid.
func (*Session) Verify ¶
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify checks if there is a user uid stored in the session and returns the user object for that uid. Returns nil if there is no user uid stored in the session.
type SynchronizableSource ¶ added in v1.16.0
SynchronizableSource represents a source that can synchronize users