auth

package
v1.22.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2024 License: MIT Imports: 32 Imported by: 32

Documentation

Index

Constants

View Source
const (
	AccessTokenScopeCategoryActivityPub = iota
	AccessTokenScopeCategoryAdmin
	AccessTokenScopeCategoryMisc // WARN: this is now just a placeholder, don't remove it which will change the following values
	AccessTokenScopeCategoryNotification
	AccessTokenScopeCategoryOrganization
	AccessTokenScopeCategoryPackage
	AccessTokenScopeCategoryIssue
	AccessTokenScopeCategoryRepository
	AccessTokenScopeCategoryUser
)

Variables

AllAccessTokenScopeCategories contains all access token scope categories

View Source
var ErrAuthTokenNotExist = util.NewNotExistErrorf("auth token does not exist")
View Source
var Names = map[Type]string{
	LDAP:   "LDAP (via BindDN)",
	DLDAP:  "LDAP (simple auth)",
	SMTP:   "SMTP",
	PAM:    "PAM",
	OAuth2: "OAuth2",
	SSPI:   "SPNEGO with SSPI",
}

Names contains the name of LoginType values.

Functions

func AccessTokenByNameExists added in v1.17.4

func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)

AccessTokenByNameExists checks if a token name has been used already by a user.

func BuiltinApplications added in v1.21.0

func BuiltinApplications() map[string]*BuiltinOAuth2Application

func CleanupSessions

func CleanupSessions(ctx context.Context, maxLifetime int64) error

CleanupSessions cleans up expired sessions

func ContainsCategory added in v1.20.0

func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool

ContainsCategory checks if a list of categories contains a specific category

func CountSessions

func CountSessions(ctx context.Context) (int64, error)

CountSessions returns the number of sessions

func CreateSource

func CreateSource(ctx context.Context, source *Source) error

CreateSource inserts a AuthSource in the DB if not already existing with the given name.

func DeleteAccessTokenByID added in v1.17.4

func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error

DeleteAccessTokenByID deletes access token by given ID.

func DeleteAuthTokenByID added in v1.22.0

func DeleteAuthTokenByID(ctx context.Context, id string) error

func DeleteAuthTokensByUserID added in v1.22.0

func DeleteAuthTokensByUserID(ctx context.Context, uid int64) error

func DeleteCredential

func DeleteCredential(ctx context.Context, id, userID int64) (bool, error)

DeleteCredential will delete WebAuthnCredential

func DeleteExpiredAuthTokens added in v1.22.0

func DeleteExpiredAuthTokens(ctx context.Context) error

func DeleteOAuth2Application

func DeleteOAuth2Application(ctx context.Context, id, userid int64) error

DeleteOAuth2Application deletes the application with the given id and the grants and auth codes related to it. It checks if the userid was the creator of the app.

func DeleteOAuth2RelictsByUserID added in v1.17.0

func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error

func DeleteTwoFactorByID

func DeleteTwoFactorByID(ctx context.Context, id, userID int64) error

DeleteTwoFactorByID deletes two-factor authentication token by given ID.

func DestroySession

func DestroySession(ctx context.Context, key string) error

DestroySession destroys a session

func ExistSession

func ExistSession(ctx context.Context, key string) (bool, error)

ExistSession checks if a session exists

func ExistsWebAuthnCredentialsForUID

func ExistsWebAuthnCredentialsForUID(ctx context.Context, uid int64) (bool, error)

ExistsWebAuthnCredentialsForUID returns if the given user has credentials

func HasTwoFactorByUID

func HasTwoFactorByUID(ctx context.Context, uid int64) (bool, error)

HasTwoFactorByUID returns the two-factor authentication token associated with the user, if any.

func HasWebAuthnRegistrationsByUID

func HasWebAuthnRegistrationsByUID(ctx context.Context, uid int64) (bool, error)

HasWebAuthnRegistrationsByUID returns whether a given user has WebAuthn registrations

func HashToken

func HashToken(token, salt string) string

HashToken return the hashable salt

func Init added in v1.21.0

func Init(ctx context.Context) error

func InsertAuthToken added in v1.22.0

func InsertAuthToken(ctx context.Context, t *AuthToken) error

func IsErrAccessTokenEmpty added in v1.17.4

func IsErrAccessTokenEmpty(err error) bool

IsErrAccessTokenEmpty checks if an error is a ErrAccessTokenEmpty.

func IsErrAccessTokenNotExist added in v1.17.4

func IsErrAccessTokenNotExist(err error) bool

IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist.

func IsErrOAuthApplicationNotFound

func IsErrOAuthApplicationNotFound(err error) bool

IsErrOAuthApplicationNotFound checks if an error is a ErrReviewNotExist.

func IsErrOauthClientIDInvalid

func IsErrOauthClientIDInvalid(err error) bool

IsErrOauthClientIDInvalid checks if an error is a ErrOAuthClientIDInvalid.

func IsErrSourceAlreadyExist

func IsErrSourceAlreadyExist(err error) bool

IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.

func IsErrSourceInUse

func IsErrSourceInUse(err error) bool

IsErrSourceInUse checks if an error is a ErrSourceInUse.

func IsErrSourceNotExist

func IsErrSourceNotExist(err error) bool

IsErrSourceNotExist checks if an error is a ErrSourceNotExist.

func IsErrTwoFactorNotEnrolled

func IsErrTwoFactorNotEnrolled(err error) bool

IsErrTwoFactorNotEnrolled checks if an error is a ErrTwoFactorNotEnrolled.

func IsErrWebAuthnCredentialNotExist

func IsErrWebAuthnCredentialNotExist(err error) bool

IsErrWebAuthnCredentialNotExist checks if an error is a ErrWebAuthnCredentialNotExist.

func IsSSPIEnabled

func IsSSPIEnabled(ctx context.Context) bool

IsSSPIEnabled returns true if there is at least one activated login source of type LoginSSPI

func NewAccessToken added in v1.17.4

func NewAccessToken(ctx context.Context, t *AccessToken) error

NewAccessToken creates new access token.

func NewTwoFactor

func NewTwoFactor(ctx context.Context, t *TwoFactor) error

NewTwoFactor creates a new two-factor authentication token.

func RegisterTypeConfig

func RegisterTypeConfig(typ Type, exemplar Config)

RegisterTypeConfig register a config for a provided type

func RevokeOAuth2Grant

func RevokeOAuth2Grant(ctx context.Context, grantID, userID int64) error

RevokeOAuth2Grant deletes the grant with grantID and userID

func UpdateAccessToken added in v1.17.4

func UpdateAccessToken(ctx context.Context, t *AccessToken) error

UpdateAccessToken updates information of access token.

func UpdateAuthTokenByID added in v1.22.0

func UpdateAuthTokenByID(ctx context.Context, t *AuthToken) error

func UpdateSession

func UpdateSession(ctx context.Context, key string, data []byte) error

UpdateSession updates the session with provided id

func UpdateSource

func UpdateSource(ctx context.Context, source *Source) error

UpdateSource updates a Source record in DB.

func UpdateTwoFactor

func UpdateTwoFactor(ctx context.Context, t *TwoFactor) error

UpdateTwoFactor updates a two-factor authentication token.

func WebAuthnCredentials

func WebAuthnCredentials(ctx context.Context, userID int64) ([]webauthn.Credential, error)

WebAuthnCredentials implementns the webauthn.User interface

Types

type AccessToken added in v1.17.4

type AccessToken struct {
	ID             int64 `xorm:"pk autoincr"`
	UID            int64 `xorm:"INDEX"`
	Name           string
	Token          string `xorm:"-"`
	TokenHash      string `xorm:"UNIQUE"` // sha256 of token
	TokenSalt      string
	TokenLastEight string `xorm:"INDEX token_last_eight"`
	Scope          AccessTokenScope

	CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}

AccessToken represents a personal access token.

func GetAccessTokenBySHA added in v1.17.4

func GetAccessTokenBySHA(ctx context.Context, token string) (*AccessToken, error)

GetAccessTokenBySHA returns access token by given token value

func (*AccessToken) AfterLoad added in v1.17.4

func (t *AccessToken) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*AccessToken) DisplayPublicOnly added in v1.20.0

func (t *AccessToken) DisplayPublicOnly() bool

DisplayPublicOnly whether to display this as a public-only token.

type AccessTokenScope added in v1.19.0

type AccessTokenScope string

AccessTokenScope represents the scope for an access token.

const (
	AccessTokenScopeAll        AccessTokenScope = "all"
	AccessTokenScopePublicOnly AccessTokenScope = "public-only" // limited to public orgs/repos

	AccessTokenScopeReadActivityPub  AccessTokenScope = "read:activitypub"
	AccessTokenScopeWriteActivityPub AccessTokenScope = "write:activitypub"

	AccessTokenScopeReadAdmin  AccessTokenScope = "read:admin"
	AccessTokenScopeWriteAdmin AccessTokenScope = "write:admin"

	AccessTokenScopeReadMisc  AccessTokenScope = "read:misc"
	AccessTokenScopeWriteMisc AccessTokenScope = "write:misc"

	AccessTokenScopeReadNotification  AccessTokenScope = "read:notification"
	AccessTokenScopeWriteNotification AccessTokenScope = "write:notification"

	AccessTokenScopeReadOrganization  AccessTokenScope = "read:organization"
	AccessTokenScopeWriteOrganization AccessTokenScope = "write:organization"

	AccessTokenScopeReadPackage  AccessTokenScope = "read:package"
	AccessTokenScopeWritePackage AccessTokenScope = "write:package"

	AccessTokenScopeReadIssue  AccessTokenScope = "read:issue"
	AccessTokenScopeWriteIssue AccessTokenScope = "write:issue"

	AccessTokenScopeReadRepository  AccessTokenScope = "read:repository"
	AccessTokenScopeWriteRepository AccessTokenScope = "write:repository"

	AccessTokenScopeReadUser  AccessTokenScope = "read:user"
	AccessTokenScopeWriteUser AccessTokenScope = "write:user"
)

for all categories, write implies read

func GetRequiredScopes added in v1.20.0

func GetRequiredScopes(level AccessTokenScopeLevel, scopeCategories ...AccessTokenScopeCategory) []AccessTokenScope

GetRequiredScopes gets the specific scopes for a given level and categories

func (AccessTokenScope) HasAnyScope added in v1.22.2

func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error)

HasAnyScope returns true if any of the scopes is contained in the string

func (AccessTokenScope) HasScope added in v1.19.0

func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error)

HasScope returns true if the string has the given scope

func (AccessTokenScope) Normalize added in v1.19.0

func (s AccessTokenScope) Normalize() (AccessTokenScope, error)

Normalize returns a normalized scope string without any duplicates.

func (AccessTokenScope) PublicOnly added in v1.20.0

func (s AccessTokenScope) PublicOnly() (bool, error)

PublicOnly checks if this token scope is limited to public resources

func (AccessTokenScope) StringSlice added in v1.19.0

func (s AccessTokenScope) StringSlice() []string

StringSlice returns the AccessTokenScope as a []string

type AccessTokenScopeCategory added in v1.20.0

type AccessTokenScopeCategory int

AccessTokenScopeCategory represents the scope category for an access token

type AccessTokenScopeLevel added in v1.20.0

type AccessTokenScopeLevel int

AccessTokenScopeLevel represents the access levels without a given scope category

const (
	NoAccess AccessTokenScopeLevel = iota
	Read
	Write
)

func GetScopeLevelFromAccessMode added in v1.20.0

func GetScopeLevelFromAccessMode(mode perm.AccessMode) AccessTokenScopeLevel

GetScopeLevelFromAccessMode converts permission access mode to scope level

type AuthToken added in v1.22.0

type AuthToken struct {
	ID          string `xorm:"pk"`
	TokenHash   string
	UserID      int64              `xorm:"INDEX"`
	ExpiresUnix timeutil.TimeStamp `xorm:"INDEX"`
}

func GetAuthTokenByID added in v1.22.0

func GetAuthTokenByID(ctx context.Context, id string) (*AuthToken, error)

type BuiltinOAuth2Application added in v1.21.0

type BuiltinOAuth2Application struct {
	ConfigName   string
	DisplayName  string
	RedirectURIs []string
}

type Config

type Config interface {
	convert.Conversion
}

Config represents login config as far as the db is concerned

type CreateOAuth2ApplicationOptions

type CreateOAuth2ApplicationOptions struct {
	Name               string
	UserID             int64
	ConfidentialClient bool
	RedirectURIs       []string
}

CreateOAuth2ApplicationOptions holds options to create an oauth2 application

type ErrAccessTokenEmpty added in v1.17.4

type ErrAccessTokenEmpty struct{}

ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.

func (ErrAccessTokenEmpty) Error added in v1.17.4

func (err ErrAccessTokenEmpty) Error() string

func (ErrAccessTokenEmpty) Unwrap added in v1.17.4

func (err ErrAccessTokenEmpty) Unwrap() error

type ErrAccessTokenNotExist added in v1.17.4

type ErrAccessTokenNotExist struct {
	Token string
}

ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error.

func (ErrAccessTokenNotExist) Error added in v1.17.4

func (err ErrAccessTokenNotExist) Error() string

func (ErrAccessTokenNotExist) Unwrap added in v1.17.4

func (err ErrAccessTokenNotExist) Unwrap() error

type ErrOAuthApplicationNotFound

type ErrOAuthApplicationNotFound struct {
	ID int64
}

ErrOAuthApplicationNotFound will be thrown if id cannot be found

func (ErrOAuthApplicationNotFound) Error

func (err ErrOAuthApplicationNotFound) Error() string

Error returns the error message

func (ErrOAuthApplicationNotFound) Unwrap added in v1.17.4

func (err ErrOAuthApplicationNotFound) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type ErrOAuthClientIDInvalid

type ErrOAuthClientIDInvalid struct {
	ClientID string
}

ErrOAuthClientIDInvalid will be thrown if client id cannot be found

func (ErrOAuthClientIDInvalid) Error

func (err ErrOAuthClientIDInvalid) Error() string

Error returns the error message

func (ErrOAuthClientIDInvalid) Unwrap added in v1.17.4

func (err ErrOAuthClientIDInvalid) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type ErrSourceAlreadyExist

type ErrSourceAlreadyExist struct {
	Name string
}

ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.

func (ErrSourceAlreadyExist) Error

func (err ErrSourceAlreadyExist) Error() string

func (ErrSourceAlreadyExist) Unwrap added in v1.17.4

func (err ErrSourceAlreadyExist) Unwrap() error

Unwrap unwraps this as a ErrExist err

type ErrSourceInUse

type ErrSourceInUse struct {
	ID int64
}

ErrSourceInUse represents a "SourceInUse" kind of error.

func (ErrSourceInUse) Error

func (err ErrSourceInUse) Error() string

type ErrSourceNotExist

type ErrSourceNotExist struct {
	ID int64
}

ErrSourceNotExist represents a "SourceNotExist" kind of error.

func (ErrSourceNotExist) Error

func (err ErrSourceNotExist) Error() string

func (ErrSourceNotExist) Unwrap added in v1.17.4

func (err ErrSourceNotExist) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type ErrTwoFactorNotEnrolled

type ErrTwoFactorNotEnrolled struct {
	UID int64
}

ErrTwoFactorNotEnrolled indicates that a user is not enrolled in two-factor authentication.

func (ErrTwoFactorNotEnrolled) Error

func (err ErrTwoFactorNotEnrolled) Error() string

func (ErrTwoFactorNotEnrolled) Unwrap added in v1.17.4

func (err ErrTwoFactorNotEnrolled) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type ErrWebAuthnCredentialNotExist

type ErrWebAuthnCredentialNotExist struct {
	ID           int64
	CredentialID []byte
}

ErrWebAuthnCredentialNotExist represents a "ErrWebAuthnCRedentialNotExist" kind of error.

func (ErrWebAuthnCredentialNotExist) Error

func (ErrWebAuthnCredentialNotExist) Unwrap added in v1.17.4

func (err ErrWebAuthnCredentialNotExist) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type FindOAuth2ApplicationsOptions added in v1.22.0

type FindOAuth2ApplicationsOptions struct {
	db.ListOptions
	// OwnerID is the user id or org id of the owner of the application
	OwnerID int64
	// find global applications, if true, then OwnerID will be igonred
	IsGlobal bool
}

func (FindOAuth2ApplicationsOptions) ToConds added in v1.22.0

func (FindOAuth2ApplicationsOptions) ToOrders added in v1.22.0

func (opts FindOAuth2ApplicationsOptions) ToOrders() string

type FindSourcesOptions added in v1.22.0

type FindSourcesOptions struct {
	db.ListOptions
	IsActive  optional.Option[bool]
	LoginType Type
}

func (FindSourcesOptions) ToConds added in v1.22.0

func (opts FindSourcesOptions) ToConds() builder.Cond

type HasTLSer

type HasTLSer interface {
	HasTLS() bool
}

HasTLSer configurations provide a HasTLS to check if TLS can be enabled

type ListAccessTokensOptions added in v1.17.4

type ListAccessTokensOptions struct {
	db.ListOptions
	Name   string
	UserID int64
}

ListAccessTokensOptions contain filter options

func (ListAccessTokensOptions) ToConds added in v1.22.0

func (opts ListAccessTokensOptions) ToConds() builder.Cond

func (ListAccessTokensOptions) ToOrders added in v1.22.0

func (opts ListAccessTokensOptions) ToOrders() string

type OAuth2Application

type OAuth2Application struct {
	ID           int64 `xorm:"pk autoincr"`
	UID          int64 `xorm:"INDEX"`
	Name         string
	ClientID     string `xorm:"unique"`
	ClientSecret string
	// OAuth defines both Confidential and Public client types
	// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
	// "Authorization servers MUST record the client type in the client registration details"
	// https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
	ConfidentialClient bool               `xorm:"NOT NULL DEFAULT TRUE"`
	RedirectURIs       []string           `xorm:"redirect_uris JSON TEXT"`
	CreatedUnix        timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix        timeutil.TimeStamp `xorm:"INDEX updated"`
}

OAuth2Application represents an OAuth2 client (RFC 6749)

func CreateOAuth2Application

func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)

CreateOAuth2Application inserts a new oauth2 application

func GetOAuth2ApplicationByClientID

func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)

GetOAuth2ApplicationByClientID returns the oauth2 application with the given client_id. Returns an error if not found.

func GetOAuth2ApplicationByID

func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)

GetOAuth2ApplicationByID returns the oauth2 application with the given id. Returns an error if not found.

func UpdateOAuth2Application

func UpdateOAuth2Application(ctx context.Context, opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)

UpdateOAuth2Application updates an oauth2 application

func (*OAuth2Application) ContainsRedirectURI

func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool

ContainsRedirectURI checks if redirectURI is allowed for app

func (*OAuth2Application) CreateGrant

func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)

CreateGrant generates a grant for an user

func (*OAuth2Application) GenerateClientSecret

func (app *OAuth2Application) GenerateClientSecret(ctx context.Context) (string, error)

GenerateClientSecret will generate the client secret and returns the plaintext and saves the hash at the database

func (*OAuth2Application) GetGrantByUserID

func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)

GetGrantByUserID returns a OAuth2Grant by its user and application ID

func (*OAuth2Application) TableName

func (app *OAuth2Application) TableName() string

TableName sets the table name to `oauth2_application`

func (*OAuth2Application) ValidateClientSecret

func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool

ValidateClientSecret validates the given secret by the hash saved in database

type OAuth2AuthorizationCode

type OAuth2AuthorizationCode struct {
	ID                  int64        `xorm:"pk autoincr"`
	Grant               *OAuth2Grant `xorm:"-"`
	GrantID             int64
	Code                string `xorm:"INDEX unique"`
	CodeChallenge       string
	CodeChallengeMethod string
	RedirectURI         string
	ValidUntil          timeutil.TimeStamp `xorm:"index"`
}

OAuth2AuthorizationCode is a code to obtain an access token in combination with the client secret once. It has a limited lifetime.

func GetOAuth2AuthorizationByCode

func GetOAuth2AuthorizationByCode(ctx context.Context, code string) (auth *OAuth2AuthorizationCode, err error)

GetOAuth2AuthorizationByCode returns an authorization by its code

func (*OAuth2AuthorizationCode) GenerateRedirectURI

func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL, error)

GenerateRedirectURI generates a redirect URI for a successful authorization request. State will be used if not empty.

func (*OAuth2AuthorizationCode) Invalidate

func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error

Invalidate deletes the auth code from the database to invalidate this code

func (*OAuth2AuthorizationCode) TableName

func (code *OAuth2AuthorizationCode) TableName() string

TableName sets the table name to `oauth2_authorization_code`

func (*OAuth2AuthorizationCode) ValidateCodeChallenge

func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool

ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE implementation.

type OAuth2Grant

type OAuth2Grant struct {
	ID            int64              `xorm:"pk autoincr"`
	UserID        int64              `xorm:"INDEX unique(user_application)"`
	Application   *OAuth2Application `xorm:"-"`
	ApplicationID int64              `xorm:"INDEX unique(user_application)"`
	Counter       int64              `xorm:"NOT NULL DEFAULT 1"`
	Scope         string             `xorm:"TEXT"`
	Nonce         string             `xorm:"TEXT"`
	CreatedUnix   timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix   timeutil.TimeStamp `xorm:"updated"`
}

OAuth2Grant represents the permission of an user for a specific application to access resources

func GetOAuth2GrantByID

func GetOAuth2GrantByID(ctx context.Context, id int64) (grant *OAuth2Grant, err error)

GetOAuth2GrantByID returns the grant with the given ID

func GetOAuth2GrantsByUserID

func GetOAuth2GrantsByUserID(ctx context.Context, uid int64) ([]*OAuth2Grant, error)

GetOAuth2GrantsByUserID lists all grants of a certain user

func (*OAuth2Grant) GenerateNewAuthorizationCode

func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)

GenerateNewAuthorizationCode generates a new authorization code for a grant and saves it to the database

func (*OAuth2Grant) IncreaseCounter

func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error

IncreaseCounter increases the counter and updates the grant

func (*OAuth2Grant) ScopeContains

func (grant *OAuth2Grant) ScopeContains(scope string) bool

ScopeContains returns true if the grant scope contains the specified scope

func (*OAuth2Grant) SetNonce

func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error

SetNonce updates the current nonce value of a grant

func (*OAuth2Grant) TableName

func (grant *OAuth2Grant) TableName() string

TableName sets the table name to `oauth2_grant`

type RegisterableSource

type RegisterableSource interface {
	RegisterSource() error
	UnregisterSource() error
}

RegisterableSource configurations provide RegisterSource which needs to be run on creation

type SSHKeyProvider

type SSHKeyProvider interface {
	ProvidesSSHKeys() bool
}

SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys

type Session

type Session struct {
	Key    string             `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session
	Data   []byte             `xorm:"BLOB"`        // on MySQL this has a maximum size of 64Kb - this may need to be increased
	Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session
}

Session represents a session compatible for go-chi session

func ReadSession

func ReadSession(ctx context.Context, key string) (*Session, error)

ReadSession reads the data for the provided session

func RegenerateSession

func RegenerateSession(ctx context.Context, oldKey, newKey string) (*Session, error)

RegenerateSession regenerates a session from the old id

type SkipVerifiable

type SkipVerifiable interface {
	IsSkipVerify() bool
}

SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set

type Source

type Source struct {
	ID            int64 `xorm:"pk autoincr"`
	Type          Type
	Name          string             `xorm:"UNIQUE"`
	IsActive      bool               `xorm:"INDEX NOT NULL DEFAULT false"`
	IsSyncEnabled bool               `xorm:"INDEX NOT NULL DEFAULT false"`
	Cfg           convert.Conversion `xorm:"TEXT"`

	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}

Source represents an external way for authorizing users.

func GetActiveOAuth2SourceByName

func GetActiveOAuth2SourceByName(ctx context.Context, name string) (*Source, error)

GetActiveOAuth2SourceByName returns a OAuth2 AuthSource based on the given name

func GetSourceByID

func GetSourceByID(ctx context.Context, id int64) (*Source, error)

GetSourceByID returns login source by given ID.

func (*Source) BeforeSet

func (source *Source) BeforeSet(colName string, val xorm.Cell)

BeforeSet is invoked from XORM before setting the value of a field of this object.

func (*Source) HasTLS

func (source *Source) HasTLS() bool

HasTLS returns true of this source supports TLS.

func (*Source) IsDLDAP

func (source *Source) IsDLDAP() bool

IsDLDAP returns true of this source is of the DLDAP type.

func (*Source) IsLDAP

func (source *Source) IsLDAP() bool

IsLDAP returns true of this source is of the LDAP type.

func (*Source) IsOAuth2

func (source *Source) IsOAuth2() bool

IsOAuth2 returns true of this source is of the OAuth2 type.

func (*Source) IsPAM

func (source *Source) IsPAM() bool

IsPAM returns true of this source is of the PAM type.

func (*Source) IsSMTP

func (source *Source) IsSMTP() bool

IsSMTP returns true of this source is of the SMTP type.

func (*Source) IsSSPI

func (source *Source) IsSSPI() bool

IsSSPI returns true of this source is of the SSPI type.

func (*Source) SkipVerify

func (source *Source) SkipVerify() bool

SkipVerify returns true if this source is configured to skip SSL verification.

func (Source) TableName

func (Source) TableName() string

TableName xorm will read the table name from this method

func (*Source) TypeName

func (source *Source) TypeName() string

TypeName return name of this login source type.

func (*Source) UseTLS

func (source *Source) UseTLS() bool

UseTLS returns true of this source is configured to use TLS.

type SourceSettable

type SourceSettable interface {
	SetAuthSource(*Source)
}

SourceSettable configurations can have their authSource set on them

type TwoFactor

type TwoFactor struct {
	ID               int64 `xorm:"pk autoincr"`
	UID              int64 `xorm:"UNIQUE"`
	Secret           string
	ScratchSalt      string
	ScratchHash      string
	LastUsedPasscode string             `xorm:"VARCHAR(10)"`
	CreatedUnix      timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix      timeutil.TimeStamp `xorm:"INDEX updated"`
}

TwoFactor represents a two-factor authentication token.

func GetTwoFactorByUID

func GetTwoFactorByUID(ctx context.Context, uid int64) (*TwoFactor, error)

GetTwoFactorByUID returns the two-factor authentication token associated with the user, if any.

func (*TwoFactor) GenerateScratchToken

func (t *TwoFactor) GenerateScratchToken() (string, error)

GenerateScratchToken recreates the scratch token the user is using.

func (*TwoFactor) SetSecret

func (t *TwoFactor) SetSecret(secretString string) error

SetSecret sets the 2FA secret.

func (*TwoFactor) ValidateTOTP

func (t *TwoFactor) ValidateTOTP(passcode string) (bool, error)

ValidateTOTP validates the provided passcode.

func (*TwoFactor) VerifyScratchToken

func (t *TwoFactor) VerifyScratchToken(token string) bool

VerifyScratchToken verifies if the specified scratch token is valid.

type Type

type Type int

Type represents an login type.

const (
	NoType Type = iota
	Plain       // 1
	LDAP        // 2
	SMTP        // 3
	PAM         // 4
	DLDAP       // 5
	OAuth2      // 6
	SSPI        // 7
)

Note: new type must append to the end of list to maintain compatibility.

func (Type) Int

func (typ Type) Int() int

Int returns the int value of the LoginType

func (Type) String

func (typ Type) String() string

String returns the string name of the LoginType

type UpdateOAuth2ApplicationOptions

type UpdateOAuth2ApplicationOptions struct {
	ID                 int64
	Name               string
	UserID             int64
	ConfidentialClient bool
	RedirectURIs       []string
}

UpdateOAuth2ApplicationOptions holds options to update an oauth2 application

type UseTLSer

type UseTLSer interface {
	UseTLS() bool
}

UseTLSer configurations provide a HasTLS to check if TLS is enabled

type WebAuthnCredential

type WebAuthnCredential struct {
	ID              int64 `xorm:"pk autoincr"`
	Name            string
	LowerName       string `xorm:"unique(s)"`
	UserID          int64  `xorm:"INDEX unique(s)"`
	CredentialID    []byte `xorm:"INDEX VARBINARY(1024)"`
	PublicKey       []byte
	AttestationType string
	AAGUID          []byte
	SignCount       uint32 `xorm:"BIGINT"`
	CloneWarning    bool
	CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix     timeutil.TimeStamp `xorm:"INDEX updated"`
}

WebAuthnCredential represents the WebAuthn credential data for a public-key credential conformant to WebAuthn Level 1

func CreateCredential

func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)

CreateCredential will create a new WebAuthnCredential from the given Credential

func GetWebAuthnCredentialByCredID

func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)

GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID

func GetWebAuthnCredentialByID

func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)

GetWebAuthnCredentialByID returns WebAuthn credential by id

func GetWebAuthnCredentialByName

func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)

GetWebAuthnCredentialByName returns WebAuthn credential by id

func (*WebAuthnCredential) AfterLoad

func (cred *WebAuthnCredential) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*WebAuthnCredential) BeforeInsert

func (cred *WebAuthnCredential) BeforeInsert()

BeforeInsert will be invoked by XORM before updating a record

func (*WebAuthnCredential) BeforeUpdate

func (cred *WebAuthnCredential) BeforeUpdate()

BeforeUpdate will be invoked by XORM before updating a record

func (WebAuthnCredential) TableName

func (cred WebAuthnCredential) TableName() string

TableName returns a better table name for WebAuthnCredential

func (*WebAuthnCredential) UpdateSignCount

func (cred *WebAuthnCredential) UpdateSignCount(ctx context.Context) error

UpdateSignCount will update the database value of SignCount

type WebAuthnCredentialList

type WebAuthnCredentialList []*WebAuthnCredential

WebAuthnCredentialList is a list of *WebAuthnCredential

func GetWebAuthnCredentialsByUID

func GetWebAuthnCredentialsByUID(ctx context.Context, uid int64) (WebAuthnCredentialList, error)

GetWebAuthnCredentialsByUID returns all WebAuthn credentials of the given user

func (WebAuthnCredentialList) ToCredentials

func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential

ToCredentials will convert all WebAuthnCredentials to webauthn.Credentials

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL