models

Documentation

Index

• Constants
• Variables
• func BytesToID(buf []byte) uint
• func CreateCredential(c *Credential) error
• func DeleteCredentialByID(credentialID string) error
• func PutUser(u *User) error
• func Setup(config *config.Config) error
• func UpdateAuthenticatorSignCount(id uint, count uint32) error
• func UpdateCredential(c *Credential) error
• type Authenticator
  • func CreateAuthenticator(a webauthn.Authenticator) (Authenticator, error)
  • func GetAuthenticator(id uint) (Authenticator, error)
• type Credential
  • func GetCredentialForUser(user *User, credentialID string) (Credential, error)
  • func GetCredentialsForUser(user *User) ([]Credential, error)
  • func (c *Credential) DisplayPublicKey() string
  • func (c *Credential) WebauthnAuthenticator() webauthn.Authenticator
• type User
  • func GetUser(id uint) (User, error)
  • func GetUserByUsername(username string) (User, error)
  • func (u User) WebAuthnCredentials() []webauthn.Credential
  • func (u User) WebAuthnDisplayName() string
  • func (u User) WebAuthnID() []byte
  • func (u User) WebAuthnIcon() string
  • func (u User) WebAuthnName() string

Constants

const PlaceholderUserIcon = "example.icon.duo.com/123/avatar.png"

PlaceholderUserIcon is the default user icon used when creating a new user

const PlaceholderUsername = "testuser"

PlaceholderUsername is the default username to use if one isn't provided by the user (in the case of a placeholder)

Variables

var ErrUsernameTaken = errors.New("username already taken")

ErrUsernameTaken is thrown when a user attempts to register a username that is taken.

Functions

func BytesToID

func BytesToID(buf []byte) uint

BytesToID converts a byte slice to a uint. This is needed because the WebAuthn specification deals with byte buffers, while the primary keys in our database are uints.

func CreateCredential

func CreateCredential(c *Credential) error

CreateCredential creates a new credential object

func DeleteCredentialByID

func DeleteCredentialByID(credentialID string) error

DeleteCredentialByID gets a credential by its ID. In practice, this would be a bad function without some other checks (like what user is logged in) because someone could hypothetically delete ANY credential.

func PutUser

func PutUser(u *User) error

PutUser updates the given user

func Setup

func Setup(config *config.Config) error

Setup initializes the Conn object It also populates the Config object

func UpdateAuthenticatorSignCount

func UpdateAuthenticatorSignCount(id uint, count uint32) error

UpdateAuthenticatorSignCount updates a specific authenticator's sign count for tracking potential clone attempts.

func UpdateCredential

func UpdateCredential(c *Credential) error

UpdateCredential updates the credential with new attributes.

Types

type Authenticator

type Authenticator struct {
	gorm.Model
	webauthn.Authenticator
}

Authenticator is a struct representing a WebAuthn authenticator, which is responsible for generating Credentials. For this demo, we map a single credential to a single authenticator.

func CreateAuthenticator

func CreateAuthenticator(a webauthn.Authenticator) (Authenticator, error)

CreateAuthenticator creates a new authenticator that's tied to a Credential.

func GetAuthenticator

func GetAuthenticator(id uint) (Authenticator, error)

GetAuthenticator returns the authenticator the given id corresponds to. If no authenticator is found, an error is thrown.

type Credential

type Credential struct {
	gorm.Model

	CredentialID string `json:"credential_id"`

	User   User `json:"-"`
	UserID uint `json:"-"`

	Authenticator   Authenticator `json:"authenticator"`
	AuthenticatorID uint          `json:"authenticator_id"`

	PublicKey []byte `json:"public_key,omitempty"`
}

Credential is the stored credential for Auth

func GetCredentialForUser

func GetCredentialForUser(user *User, credentialID string) (Credential, error)

GetCredentialForUser retrieves a specific credential for a user.

func GetCredentialsForUser

func GetCredentialsForUser(user *User) ([]Credential, error)

GetCredentialsForUser retrieves all credentials for a provided user regardless of relying party.

func (*Credential) DisplayPublicKey

func (c *Credential) DisplayPublicKey() string

func (*Credential) WebauthnAuthenticator

func (c *Credential) WebauthnAuthenticator() webauthn.Authenticator

WebauthnAuthenticator returns the underlying authenticator used to generate the credential.

type User

type User struct {
	gorm.Model
	Username    string       `json:"name" sql:"not null;"`
	DisplayName string       `json:"display_name"`
	Icon        string       `json:"icon,omitempty"`
	Credentials []Credential `json:"credentials,omitempty"`
}

User represents the user model.

func GetUser

func GetUser(id uint) (User, error)

GetUser returns the user that the given id corresponds to. If no user is found, an error is thrown.

func GetUserByUsername

func GetUserByUsername(username string) (User, error)

GetUserByUsername returns the user that the given username corresponds to. If no user is found, an error is thrown.

func (User) WebAuthnCredentials

func (u User) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials helps implement the webauthn.User interface by loading the user's credentials from the underlying database.

func (User) WebAuthnDisplayName

func (u User) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name

func (User) WebAuthnID

func (u User) WebAuthnID() []byte

WebAuthnID returns the user ID as a byte slice

func (User) WebAuthnIcon

func (u User) WebAuthnIcon() string

WebAuthnIcon returns the user's icon

func (User) WebAuthnName

func (u User) WebAuthnName() string

WebAuthnName returns the user's username