Documentation ¶
Index ¶
- Constants
- Variables
- func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)
- func BuiltinApplications() map[string]*BuiltinOAuth2Application
- func CleanupSessions(ctx context.Context, maxLifetime int64) error
- func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool
- func CountAccessTokens(ctx context.Context, opts ListAccessTokensOptions) (int64, error)
- func CountSessions(ctx context.Context) (int64, error)
- func CountSources() int64
- func CreateSource(source *Source) error
- func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error
- func DeleteCredential(ctx context.Context, id, userID int64) (bool, error)
- func DeleteOAuth2Application(id, userid int64) error
- func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error
- func DeleteTwoFactorByID(ctx context.Context, id, userID int64) error
- func DestroySession(ctx context.Context, key string) error
- func ExistSession(ctx context.Context, key string) (bool, error)
- func ExistsWebAuthnCredentialsForUID(ctx context.Context, uid int64) (bool, error)
- func HasTwoFactorByUID(ctx context.Context, uid int64) (bool, error)
- func HasWebAuthnRegistrationsByUID(ctx context.Context, uid int64) (bool, error)
- func HashToken(token, salt string) string
- func Init(ctx context.Context) error
- func IsErrAccessTokenEmpty(err error) bool
- func IsErrAccessTokenNotExist(err error) bool
- func IsErrOAuthApplicationNotFound(err error) bool
- func IsErrOauthClientIDInvalid(err error) bool
- func IsErrSourceAlreadyExist(err error) bool
- func IsErrSourceInUse(err error) bool
- func IsErrSourceNotExist(err error) bool
- func IsErrTwoFactorNotEnrolled(err error) bool
- func IsErrWebAuthnCredentialNotExist(err error) bool
- func IsSSPIEnabled() bool
- func NewAccessToken(ctx context.Context, t *AccessToken) error
- func NewTwoFactor(ctx context.Context, t *TwoFactor) error
- func RegisterTypeConfig(typ Type, exemplar Config)
- func RevokeOAuth2Grant(ctx context.Context, grantID, userID int64) error
- func UpdateAccessToken(ctx context.Context, t *AccessToken) error
- func UpdateSession(ctx context.Context, key string, data []byte) error
- func UpdateSource(source *Source) error
- func UpdateTwoFactor(ctx context.Context, t *TwoFactor) error
- func WebAuthnCredentials(ctx context.Context, userID int64) ([]webauthn.Credential, error)
- type AccessToken
- type AccessTokenScope
- type AccessTokenScopeCategory
- type AccessTokenScopeLevel
- type BuiltinOAuth2Application
- type Config
- type CreateOAuth2ApplicationOptions
- type ErrAccessTokenEmpty
- type ErrAccessTokenNotExist
- type ErrOAuthApplicationNotFound
- type ErrOAuthClientIDInvalid
- type ErrSourceAlreadyExist
- type ErrSourceInUse
- type ErrSourceNotExist
- type ErrTwoFactorNotEnrolled
- type ErrWebAuthnCredentialNotExist
- type HasTLSer
- type ListAccessTokensOptions
- type OAuth2Application
- func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
- func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
- func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
- func GetOAuth2ApplicationsByUserID(ctx context.Context, userID int64) (apps []*OAuth2Application, err error)
- func ListOAuth2Applications(uid int64, listOptions db.ListOptions) ([]*OAuth2Application, int64, error)
- func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
- func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
- func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
- func (app *OAuth2Application) GenerateClientSecret() (string, error)
- func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
- func (app *OAuth2Application) TableName() string
- func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
- type OAuth2AuthorizationCode
- func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL, error)
- func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
- func (code *OAuth2AuthorizationCode) TableName() string
- func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
- type OAuth2Grant
- func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
- func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
- func (grant *OAuth2Grant) ScopeContains(scope string) bool
- func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
- func (grant *OAuth2Grant) TableName() string
- type RegisterableSource
- type SSHKeyProvider
- type Session
- type SkipVerifiable
- type Source
- func ActiveSources(tp Type) ([]*Source, error)
- func AllActiveSources() ([]*Source, error)
- func GetActiveOAuth2SourceByName(name string) (*Source, error)
- func GetOAuth2ProviderSources(onlyActive bool) ([]*Source, error)
- func GetSourceByID(id int64) (*Source, error)
- func Sources() ([]*Source, error)
- func SourcesByType(loginType Type) ([]*Source, error)
- func (source *Source) BeforeSet(colName string, val xorm.Cell)
- func (source *Source) HasTLS() bool
- func (source *Source) IsDLDAP() bool
- func (source *Source) IsLDAP() bool
- func (source *Source) IsOAuth2() bool
- func (source *Source) IsPAM() bool
- func (source *Source) IsSMTP() bool
- func (source *Source) IsSSPI() bool
- func (source *Source) SkipVerify() bool
- func (Source) TableName() string
- func (source *Source) TypeName() string
- func (source *Source) UseTLS() bool
- type SourceSettable
- type TwoFactor
- type Type
- type UpdateOAuth2ApplicationOptions
- type UseTLSer
- type WebAuthnCredential
- func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)
- type WebAuthnCredentialList
Constants ¶
const ( AccessTokenScopeCategoryActivityPub = iota AccessTokenScopeCategoryAdmin AccessTokenScopeCategoryMisc // WARN: this is now just a placeholder, don't remove it which will change the following values AccessTokenScopeCategoryNotification AccessTokenScopeCategoryOrganization AccessTokenScopeCategoryPackage AccessTokenScopeCategoryIssue AccessTokenScopeCategoryRepository AccessTokenScopeCategoryUser )
Variables ¶
var AllAccessTokenScopeCategories = []AccessTokenScopeCategory{ AccessTokenScopeCategoryActivityPub, AccessTokenScopeCategoryAdmin, AccessTokenScopeCategoryMisc, AccessTokenScopeCategoryNotification, AccessTokenScopeCategoryOrganization, AccessTokenScopeCategoryPackage, AccessTokenScopeCategoryIssue, AccessTokenScopeCategoryRepository, AccessTokenScopeCategoryUser, }
AllAccessTokenScopeCategories contains all access token scope categories
var Names = map[Type]string{ LDAP: "LDAP (via BindDN)", DLDAP: "LDAP (simple auth)", SMTP: "SMTP", PAM: "PAM", OAuth2: "OAuth2", SSPI: "SPNEGO with SSPI", }
Names contains the name of LoginType values.
Functions ¶
func AccessTokenByNameExists ¶ added in v1.17.4
func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)
AccessTokenByNameExists checks if a token name has been used already by a user.
func BuiltinApplications ¶ added in v1.21.0
func BuiltinApplications() map[string]*BuiltinOAuth2Application
func CleanupSessions ¶
CleanupSessions cleans up expired sessions
func ContainsCategory ¶ added in v1.20.0
func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool
ContainsCategory checks if a list of categories contains a specific category
func CountAccessTokens ¶ added in v1.17.4
func CountAccessTokens(ctx context.Context, opts ListAccessTokensOptions) (int64, error)
CountAccessTokens count access tokens belongs to given user by options
func CountSessions ¶
CountSessions returns the number of sessions
func CreateSource ¶
CreateSource inserts a AuthSource in the DB if not already existing with the given name.
func DeleteAccessTokenByID ¶ added in v1.17.4
DeleteAccessTokenByID deletes access token by given ID.
func DeleteCredential ¶
DeleteCredential will delete WebAuthnCredential
func DeleteOAuth2Application ¶
DeleteOAuth2Application deletes the application with the given id and the grants and auth codes related to it. It checks if the userid was the creator of the app.
func DeleteOAuth2RelictsByUserID ¶ added in v1.17.0
func DeleteTwoFactorByID ¶
DeleteTwoFactorByID deletes two-factor authentication token by given ID.
func DestroySession ¶
DestroySession destroys a session
func ExistSession ¶
ExistSession checks if a session exists
func ExistsWebAuthnCredentialsForUID ¶
ExistsWebAuthnCredentialsForUID returns if the given user has credentials
func HasTwoFactorByUID ¶
HasTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func HasWebAuthnRegistrationsByUID ¶
HasWebAuthnRegistrationsByUID returns whether a given user has WebAuthn registrations
func IsErrAccessTokenEmpty ¶ added in v1.17.4
IsErrAccessTokenEmpty checks if an error is a ErrAccessTokenEmpty.
func IsErrAccessTokenNotExist ¶ added in v1.17.4
IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist.
func IsErrOAuthApplicationNotFound ¶
IsErrOAuthApplicationNotFound checks if an error is a ErrReviewNotExist.
func IsErrOauthClientIDInvalid ¶
IsErrOauthClientIDInvalid checks if an error is a ErrOAuthClientIDInvalid.
func IsErrSourceAlreadyExist ¶
IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.
func IsErrSourceInUse ¶
IsErrSourceInUse checks if an error is a ErrSourceInUse.
func IsErrSourceNotExist ¶
IsErrSourceNotExist checks if an error is a ErrSourceNotExist.
func IsErrTwoFactorNotEnrolled ¶
IsErrTwoFactorNotEnrolled checks if an error is a ErrTwoFactorNotEnrolled.
func IsErrWebAuthnCredentialNotExist ¶
IsErrWebAuthnCredentialNotExist checks if an error is a ErrWebAuthnCredentialNotExist.
func IsSSPIEnabled ¶
func IsSSPIEnabled() bool
IsSSPIEnabled returns true if there is at least one activated login source of type LoginSSPI
func NewAccessToken ¶ added in v1.17.4
func NewAccessToken(ctx context.Context, t *AccessToken) error
NewAccessToken creates new access token.
func NewTwoFactor ¶
NewTwoFactor creates a new two-factor authentication token.
func RegisterTypeConfig ¶
RegisterTypeConfig register a config for a provided type
func RevokeOAuth2Grant ¶
RevokeOAuth2Grant deletes the grant with grantID and userID
func UpdateAccessToken ¶ added in v1.17.4
func UpdateAccessToken(ctx context.Context, t *AccessToken) error
UpdateAccessToken updates information of access token.
func UpdateSession ¶
UpdateSession updates the session with provided id
func UpdateSource ¶
UpdateSource updates a Source record in DB.
func UpdateTwoFactor ¶
UpdateTwoFactor updates a two-factor authentication token.
func WebAuthnCredentials ¶
WebAuthnCredentials implementns the webauthn.User interface
Types ¶
type AccessToken ¶ added in v1.17.4
type AccessToken struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"INDEX"` Name string Token string `xorm:"-"` TokenHash string `xorm:"UNIQUE"` // sha256 of token TokenSalt string TokenLastEight string `xorm:"INDEX token_last_eight"` Scope AccessTokenScope CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` HasRecentActivity bool `xorm:"-"` HasUsed bool `xorm:"-"` }
AccessToken represents a personal access token.
func GetAccessTokenBySHA ¶ added in v1.17.4
func GetAccessTokenBySHA(ctx context.Context, token string) (*AccessToken, error)
GetAccessTokenBySHA returns access token by given token value
func ListAccessTokens ¶ added in v1.17.4
func ListAccessTokens(ctx context.Context, opts ListAccessTokensOptions) ([]*AccessToken, error)
ListAccessTokens returns a list of access tokens belongs to given user.
func (*AccessToken) AfterLoad ¶ added in v1.17.4
func (t *AccessToken) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*AccessToken) DisplayPublicOnly ¶ added in v1.20.0
func (t *AccessToken) DisplayPublicOnly() bool
DisplayPublicOnly whether to display this as a public-only token.
type AccessTokenScope ¶ added in v1.19.0
type AccessTokenScope string
AccessTokenScope represents the scope for an access token.
const ( AccessTokenScopeAll AccessTokenScope = "all" AccessTokenScopePublicOnly AccessTokenScope = "public-only" // limited to public orgs/repos AccessTokenScopeReadActivityPub AccessTokenScope = "read:activitypub" AccessTokenScopeWriteActivityPub AccessTokenScope = "write:activitypub" AccessTokenScopeReadAdmin AccessTokenScope = "read:admin" AccessTokenScopeWriteAdmin AccessTokenScope = "write:admin" AccessTokenScopeReadMisc AccessTokenScope = "read:misc" AccessTokenScopeWriteMisc AccessTokenScope = "write:misc" AccessTokenScopeReadNotification AccessTokenScope = "read:notification" AccessTokenScopeWriteNotification AccessTokenScope = "write:notification" AccessTokenScopeReadOrganization AccessTokenScope = "read:organization" AccessTokenScopeWriteOrganization AccessTokenScope = "write:organization" AccessTokenScopeReadPackage AccessTokenScope = "read:package" AccessTokenScopeWritePackage AccessTokenScope = "write:package" AccessTokenScopeReadIssue AccessTokenScope = "read:issue" AccessTokenScopeWriteIssue AccessTokenScope = "write:issue" AccessTokenScopeReadRepository AccessTokenScope = "read:repository" AccessTokenScopeWriteRepository AccessTokenScope = "write:repository" AccessTokenScopeReadUser AccessTokenScope = "read:user" AccessTokenScopeWriteUser AccessTokenScope = "write:user" )
for all categories, write implies read
func GetRequiredScopes ¶ added in v1.20.0
func GetRequiredScopes(level AccessTokenScopeLevel, scopeCategories ...AccessTokenScopeCategory) []AccessTokenScope
GetRequiredScopes gets the specific scopes for a given level and categories
func (AccessTokenScope) HasScope ¶ added in v1.19.0
func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error)
HasScope returns true if the string has the given scope
func (AccessTokenScope) Normalize ¶ added in v1.19.0
func (s AccessTokenScope) Normalize() (AccessTokenScope, error)
Normalize returns a normalized scope string without any duplicates.
func (AccessTokenScope) PublicOnly ¶ added in v1.20.0
func (s AccessTokenScope) PublicOnly() (bool, error)
PublicOnly checks if this token scope is limited to public resources
func (AccessTokenScope) StringSlice ¶ added in v1.19.0
func (s AccessTokenScope) StringSlice() []string
StringSlice returns the AccessTokenScope as a []string
type AccessTokenScopeCategory ¶ added in v1.20.0
type AccessTokenScopeCategory int
AccessTokenScopeCategory represents the scope category for an access token
type AccessTokenScopeLevel ¶ added in v1.20.0
type AccessTokenScopeLevel int
AccessTokenScopeLevel represents the access levels without a given scope category
const ( NoAccess AccessTokenScopeLevel = iota Read Write )
func GetScopeLevelFromAccessMode ¶ added in v1.20.0
func GetScopeLevelFromAccessMode(mode perm.AccessMode) AccessTokenScopeLevel
GetScopeLevelFromAccessMode converts permission access mode to scope level
type BuiltinOAuth2Application ¶ added in v1.21.0
type Config ¶
type Config interface { convert.Conversion }
Config represents login config as far as the db is concerned
type CreateOAuth2ApplicationOptions ¶
type CreateOAuth2ApplicationOptions struct { Name string UserID int64 ConfidentialClient bool RedirectURIs []string }
CreateOAuth2ApplicationOptions holds options to create an oauth2 application
type ErrAccessTokenEmpty ¶ added in v1.17.4
type ErrAccessTokenEmpty struct{}
ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.
func (ErrAccessTokenEmpty) Error ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Error() string
func (ErrAccessTokenEmpty) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Unwrap() error
type ErrAccessTokenNotExist ¶ added in v1.17.4
type ErrAccessTokenNotExist struct {
Token string
}
ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error.
func (ErrAccessTokenNotExist) Error ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Error() string
func (ErrAccessTokenNotExist) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Unwrap() error
type ErrOAuthApplicationNotFound ¶
type ErrOAuthApplicationNotFound struct {
ID int64
}
ErrOAuthApplicationNotFound will be thrown if id cannot be found
func (ErrOAuthApplicationNotFound) Error ¶
func (err ErrOAuthApplicationNotFound) Error() string
Error returns the error message
func (ErrOAuthApplicationNotFound) Unwrap ¶ added in v1.17.4
func (err ErrOAuthApplicationNotFound) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrOAuthClientIDInvalid ¶
type ErrOAuthClientIDInvalid struct {
ClientID string
}
ErrOAuthClientIDInvalid will be thrown if client id cannot be found
func (ErrOAuthClientIDInvalid) Error ¶
func (err ErrOAuthClientIDInvalid) Error() string
Error returns the error message
func (ErrOAuthClientIDInvalid) Unwrap ¶ added in v1.17.4
func (err ErrOAuthClientIDInvalid) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrSourceAlreadyExist ¶
type ErrSourceAlreadyExist struct {
Name string
}
ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.
func (ErrSourceAlreadyExist) Error ¶
func (err ErrSourceAlreadyExist) Error() string
func (ErrSourceAlreadyExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceAlreadyExist) Unwrap() error
Unwrap unwraps this as a ErrExist err
type ErrSourceInUse ¶
type ErrSourceInUse struct {
ID int64
}
ErrSourceInUse represents a "SourceInUse" kind of error.
func (ErrSourceInUse) Error ¶
func (err ErrSourceInUse) Error() string
type ErrSourceNotExist ¶
type ErrSourceNotExist struct {
ID int64
}
ErrSourceNotExist represents a "SourceNotExist" kind of error.
func (ErrSourceNotExist) Error ¶
func (err ErrSourceNotExist) Error() string
func (ErrSourceNotExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrTwoFactorNotEnrolled ¶
type ErrTwoFactorNotEnrolled struct {
UID int64
}
ErrTwoFactorNotEnrolled indicates that a user is not enrolled in two-factor authentication.
func (ErrTwoFactorNotEnrolled) Error ¶
func (err ErrTwoFactorNotEnrolled) Error() string
func (ErrTwoFactorNotEnrolled) Unwrap ¶ added in v1.17.4
func (err ErrTwoFactorNotEnrolled) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrWebAuthnCredentialNotExist ¶
ErrWebAuthnCredentialNotExist represents a "ErrWebAuthnCRedentialNotExist" kind of error.
func (ErrWebAuthnCredentialNotExist) Error ¶
func (err ErrWebAuthnCredentialNotExist) Error() string
func (ErrWebAuthnCredentialNotExist) Unwrap ¶ added in v1.17.4
func (err ErrWebAuthnCredentialNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type HasTLSer ¶
type HasTLSer interface {
HasTLS() bool
}
HasTLSer configurations provide a HasTLS to check if TLS can be enabled
type ListAccessTokensOptions ¶ added in v1.17.4
type ListAccessTokensOptions struct { db.ListOptions Name string UserID int64 }
ListAccessTokensOptions contain filter options
type OAuth2Application ¶
type OAuth2Application struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"INDEX"` Name string ClientID string `xorm:"unique"` ClientSecret string // OAuth defines both Confidential and Public client types // https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 // "Authorization servers MUST record the client type in the client registration details" // https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 ConfidentialClient bool `xorm:"NOT NULL DEFAULT TRUE"` RedirectURIs []string `xorm:"redirect_uris JSON TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
OAuth2Application represents an OAuth2 client (RFC 6749)
func CreateOAuth2Application ¶
func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
CreateOAuth2Application inserts a new oauth2 application
func GetOAuth2ApplicationByClientID ¶
func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
GetOAuth2ApplicationByClientID returns the oauth2 application with the given client_id. Returns an error if not found.
func GetOAuth2ApplicationByID ¶
func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
GetOAuth2ApplicationByID returns the oauth2 application with the given id. Returns an error if not found.
func GetOAuth2ApplicationsByUserID ¶
func GetOAuth2ApplicationsByUserID(ctx context.Context, userID int64) (apps []*OAuth2Application, err error)
GetOAuth2ApplicationsByUserID returns all oauth2 applications owned by the user
func ListOAuth2Applications ¶
func ListOAuth2Applications(uid int64, listOptions db.ListOptions) ([]*OAuth2Application, int64, error)
ListOAuth2Applications returns a list of oauth2 applications belongs to given user.
func UpdateOAuth2Application ¶
func UpdateOAuth2Application(opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
UpdateOAuth2Application updates an oauth2 application
func (*OAuth2Application) ContainsRedirectURI ¶
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
ContainsRedirectURI checks if redirectURI is allowed for app
func (*OAuth2Application) CreateGrant ¶
func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
CreateGrant generates a grant for an user
func (*OAuth2Application) GenerateClientSecret ¶
func (app *OAuth2Application) GenerateClientSecret() (string, error)
GenerateClientSecret will generate the client secret and returns the plaintext and saves the hash at the database
func (*OAuth2Application) GetGrantByUserID ¶
func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
GetGrantByUserID returns a OAuth2Grant by its user and application ID
func (*OAuth2Application) TableName ¶
func (app *OAuth2Application) TableName() string
TableName sets the table name to `oauth2_application`
func (*OAuth2Application) ValidateClientSecret ¶
func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
ValidateClientSecret validates the given secret by the hash saved in database
type OAuth2AuthorizationCode ¶
type OAuth2AuthorizationCode struct { ID int64 `xorm:"pk autoincr"` Grant *OAuth2Grant `xorm:"-"` GrantID int64 Code string `xorm:"INDEX unique"` CodeChallenge string CodeChallengeMethod string RedirectURI string ValidUntil timeutil.TimeStamp `xorm:"index"` }
OAuth2AuthorizationCode is a code to obtain an access token in combination with the client secret once. It has a limited lifetime.
func GetOAuth2AuthorizationByCode ¶
func GetOAuth2AuthorizationByCode(ctx context.Context, code string) (auth *OAuth2AuthorizationCode, err error)
GetOAuth2AuthorizationByCode returns an authorization by its code
func (*OAuth2AuthorizationCode) GenerateRedirectURI ¶
func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL, error)
GenerateRedirectURI generates a redirect URI for a successful authorization request. State will be used if not empty.
func (*OAuth2AuthorizationCode) Invalidate ¶
func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
Invalidate deletes the auth code from the database to invalidate this code
func (*OAuth2AuthorizationCode) TableName ¶
func (code *OAuth2AuthorizationCode) TableName() string
TableName sets the table name to `oauth2_authorization_code`
func (*OAuth2AuthorizationCode) ValidateCodeChallenge ¶
func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE implementation.
type OAuth2Grant ¶
type OAuth2Grant struct { ID int64 `xorm:"pk autoincr"` UserID int64 `xorm:"INDEX unique(user_application)"` Application *OAuth2Application `xorm:"-"` ApplicationID int64 `xorm:"INDEX unique(user_application)"` Counter int64 `xorm:"NOT NULL DEFAULT 1"` Scope string `xorm:"TEXT"` Nonce string `xorm:"TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"created"` UpdatedUnix timeutil.TimeStamp `xorm:"updated"` }
OAuth2Grant represents the permission of an user for a specific application to access resources
func GetOAuth2GrantByID ¶
func GetOAuth2GrantByID(ctx context.Context, id int64) (grant *OAuth2Grant, err error)
GetOAuth2GrantByID returns the grant with the given ID
func GetOAuth2GrantsByUserID ¶
func GetOAuth2GrantsByUserID(ctx context.Context, uid int64) ([]*OAuth2Grant, error)
GetOAuth2GrantsByUserID lists all grants of a certain user
func (*OAuth2Grant) GenerateNewAuthorizationCode ¶
func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
GenerateNewAuthorizationCode generates a new authorization code for a grant and saves it to the database
func (*OAuth2Grant) IncreaseCounter ¶
func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
IncreaseCounter increases the counter and updates the grant
func (*OAuth2Grant) ScopeContains ¶
func (grant *OAuth2Grant) ScopeContains(scope string) bool
ScopeContains returns true if the grant scope contains the specified scope
func (*OAuth2Grant) SetNonce ¶
func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
SetNonce updates the current nonce value of a grant
func (*OAuth2Grant) TableName ¶
func (grant *OAuth2Grant) TableName() string
TableName sets the table name to `oauth2_grant`
type RegisterableSource ¶
RegisterableSource configurations provide RegisterSource which needs to be run on creation
type SSHKeyProvider ¶
type SSHKeyProvider interface {
ProvidesSSHKeys() bool
}
SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys
type Session ¶
type Session struct { Key string `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session Data []byte `xorm:"BLOB"` // on MySQL this has a maximum size of 64Kb - this may need to be increased Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session }
Session represents a session compatible for go-chi session
func ReadSession ¶
ReadSession reads the data for the provided session
type SkipVerifiable ¶
type SkipVerifiable interface {
IsSkipVerify() bool
}
SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set
type Source ¶
type Source struct { ID int64 `xorm:"pk autoincr"` Type Type Name string `xorm:"UNIQUE"` IsActive bool `xorm:"INDEX NOT NULL DEFAULT false"` IsSyncEnabled bool `xorm:"INDEX NOT NULL DEFAULT false"` Cfg convert.Conversion `xorm:"TEXT"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
Source represents an external way for authorizing users.
func ActiveSources ¶
ActiveSources returns all active sources of the specified type
func AllActiveSources ¶
AllActiveSources returns all active sources
func GetActiveOAuth2SourceByName ¶
GetActiveOAuth2SourceByName returns a OAuth2 AuthSource based on the given name
func GetOAuth2ProviderSources ¶ added in v1.21.6
GetOAuth2ProviderSources returns all actived LoginOAuth2 sources
func GetSourceByID ¶
GetSourceByID returns login source by given ID.
func SourcesByType ¶
SourcesByType returns all sources of the specified type
func (*Source) BeforeSet ¶
BeforeSet is invoked from XORM before setting the value of a field of this object.
func (*Source) SkipVerify ¶
SkipVerify returns true if this source is configured to skip SSL verification.
type SourceSettable ¶
type SourceSettable interface {
SetAuthSource(*Source)
}
SourceSettable configurations can have their authSource set on them
type TwoFactor ¶
type TwoFactor struct { ID int64 `xorm:"pk autoincr"` UID int64 `xorm:"UNIQUE"` Secret string ScratchSalt string ScratchHash string LastUsedPasscode string `xorm:"VARCHAR(10)"` CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
TwoFactor represents a two-factor authentication token.
func GetTwoFactorByUID ¶
GetTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func (*TwoFactor) GenerateScratchToken ¶
GenerateScratchToken recreates the scratch token the user is using.
func (*TwoFactor) ValidateTOTP ¶
ValidateTOTP validates the provided passcode.
func (*TwoFactor) VerifyScratchToken ¶
VerifyScratchToken verifies if the specified scratch token is valid.
type Type ¶
type Type int
Type represents an login type.
type UpdateOAuth2ApplicationOptions ¶
type UpdateOAuth2ApplicationOptions struct { ID int64 Name string UserID int64 ConfidentialClient bool RedirectURIs []string }
UpdateOAuth2ApplicationOptions holds options to update an oauth2 application
type UseTLSer ¶
type UseTLSer interface {
UseTLS() bool
}
UseTLSer configurations provide a HasTLS to check if TLS is enabled
type WebAuthnCredential ¶
type WebAuthnCredential struct { ID int64 `xorm:"pk autoincr"` Name string LowerName string `xorm:"unique(s)"` UserID int64 `xorm:"INDEX unique(s)"` CredentialID []byte `xorm:"INDEX VARBINARY(1024)"` PublicKey []byte AttestationType string AAGUID []byte SignCount uint32 `xorm:"BIGINT"` CloneWarning bool CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"` }
WebAuthnCredential represents the WebAuthn credential data for a public-key credential conformant to WebAuthn Level 1
func CreateCredential ¶
func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
CreateCredential will create a new WebAuthnCredential from the given Credential
func GetWebAuthnCredentialByCredID ¶
func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)
GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID
func GetWebAuthnCredentialByID ¶
func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)
GetWebAuthnCredentialByID returns WebAuthn credential by id
func GetWebAuthnCredentialByName ¶
func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)
GetWebAuthnCredentialByName returns WebAuthn credential by id
func (*WebAuthnCredential) AfterLoad ¶
func (cred *WebAuthnCredential) AfterLoad(session *xorm.Session)
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*WebAuthnCredential) BeforeInsert ¶
func (cred *WebAuthnCredential) BeforeInsert()
BeforeInsert will be invoked by XORM before updating a record
func (*WebAuthnCredential) BeforeUpdate ¶
func (cred *WebAuthnCredential) BeforeUpdate()
BeforeUpdate will be invoked by XORM before updating a record
func (WebAuthnCredential) TableName ¶
func (cred WebAuthnCredential) TableName() string
TableName returns a better table name for WebAuthnCredential
func (*WebAuthnCredential) UpdateSignCount ¶
func (cred *WebAuthnCredential) UpdateSignCount(ctx context.Context) error
UpdateSignCount will update the database value of SignCount
type WebAuthnCredentialList ¶
type WebAuthnCredentialList []*WebAuthnCredential
WebAuthnCredentialList is a list of *WebAuthnCredential
func GetWebAuthnCredentialsByUID ¶
func GetWebAuthnCredentialsByUID(ctx context.Context, uid int64) (WebAuthnCredentialList, error)
GetWebAuthnCredentialsByUID returns all WebAuthn credentials of the given user
func (WebAuthnCredentialList) ToCredentials ¶
func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential
ToCredentials will convert all WebAuthnCredentials to webauthn.Credentials