Documentation
¶
Index ¶
- Constants
- func Init()
- func SessionUser(sess SessionStore) *user_model.User
- func SyncExternalUsers(ctx context.Context, updateExisting bool) error
- func UserSignIn(ctx context.Context, username, password string) (*user_model.User, *auth.Source, error)
- func VerifyCert(r *http.Request) (*asymkey_model.PublicKey, error)
- type Basic
- type DataStore
- type Group
- type HTTPSign
- type LocalTwoFASkipper
- type Method
- type PasswordAuthenticator
- type SSPI
- type SSPIAuth
- type SSPIUserInfo
- type Session
- type SessionStore
- type SynchronizableSource
Constants ¶
const BasicMethodName = "basic"
BasicMethodName is the constant name of the basic authentication method
Variables ¶
This section is empty.
Functions ¶
func Init ¶
func Init()
Init should be called exactly once when the application starts to allow plugins to allocate necessary resources
func SessionUser ¶
func SessionUser(sess SessionStore) *user_model.User
SessionUser returns the user object corresponding to the "uid" session variable.
func SyncExternalUsers ¶
SyncExternalUsers is used to synchronize users with external authorization source
func UserSignIn ¶
func UserSignIn(ctx context.Context, username, password string) (*user_model.User, *auth.Source, error)
UserSignIn validates user name and password.
func VerifyCert ¶
func VerifyCert(r *http.Request) (*asymkey_model.PublicKey, error)
VerifyCert verifies the validity of the ssh certificate and returns the publickey of the signer We verify that the certificate is signed with the correct CA We verify that the http request is signed with the private key (of the public key mentioned in the certificate)
Types ¶
type Basic ¶
type Basic struct{}
Basic implements the Auth interface and authenticates requests (API requests only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization" header.
func (*Basic) Verify ¶
func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts and validates Basic data (username and password/token) from the "Authorization" header of the request and returns the corresponding user object for that name/token on successful validation. Returns nil if header is empty or validation fails.
type Group ¶
type Group struct {
// contains filtered or unexported fields
}
Group implements the Auth interface with serval Auth.
func (*Group) Verify ¶
func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
type HTTPSign ¶
type HTTPSign struct{}
HTTPSign implements the Auth interface and authenticates requests (API requests only) by looking for http signature data in the "Signature" header. more information can be found on https://github.com/go-fed/httpsig
func (*HTTPSign) Verify ¶
func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify extracts and validates HTTPsign from the Signature header of the request and returns the corresponding user object on successful validation. Returns nil if header is empty or validation fails.
type LocalTwoFASkipper ¶
type LocalTwoFASkipper interface {
IsSkipLocalTwoFA() bool
}
LocalTwoFASkipper represents a source of authentication that can skip local 2fa
type Method ¶
type Method interface {
// Verify tries to verify the authentication data contained in the request.
// If verification is successful returns either an existing user object (with id > 0)
// or a new user object (with id = 0) populated with the information that was found
// in the authentication data (username or email).
// Second argument returns err if verification fails, otherwise
// First return argument returns nil if no matched verification condition
Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Name() string
}
Method represents an authentication method (plugin) for HTTP requests.
type PasswordAuthenticator ¶
type PasswordAuthenticator interface {
Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)
}
PasswordAuthenticator represents a source of authentication
type SSPI ¶
type SSPI struct{}
SSPI implements the SingleSignOn interface and authenticates requests via the built-in SSPI module in Windows for SPNEGO authentication. The SSPI plugin is expected to be executed last, as it returns 401 status code if negotiation fails (or if negotiation should continue), which would prevent other authentication methods to execute at all.
func (*SSPI) Verify ¶
func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify uses SSPI (Windows implementation of SPNEGO) to authenticate the request. If authentication is successful, returns the corresponding user object. If negotiation should continue or authentication fails, immediately returns a 401 HTTP response code, as required by the SPNEGO protocol.
type SSPIAuth ¶
type SSPIAuth interface {
AppendAuthenticateHeader(w http.ResponseWriter, data string)
Authenticate(r *http.Request, w http.ResponseWriter) (userInfo *SSPIUserInfo, outToken string, err error)
}
type SSPIUserInfo ¶
type Session ¶
type Session struct{}
Session checks if there is a user uid stored in the session and returns the user object for that uid.
func (*Session) Verify ¶
func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
Verify checks if there is a user uid stored in the session and returns the user object for that uid. Returns nil if there is no user uid stored in the session.
Source Files
Directories