auth

package
v0.0.0-...-b197db6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2024 License: AGPL-3.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const MinPasswordLength = 8

Variables

View Source 
var (
	ErrUnknownScope  = errors.New("unknown scope")
	ErrParamRequired = errors.New("scope requires parameter")
	ErrNoParam       = errors.New("scope does not take parameter")
)
View Source 
var (
	ErrTOTPEnabled  = errors.New("TOTP is enabled")
	ErrTOTPDisabled = errors.New("TOTP is disabled")
	ErrTOTPFailed   = errors.New("TOTP failed")
)
View Source 
var (
	ErrPolicyBlank    = errors.New("password is blank")
	ErrPolicyTooShort = errors.New(fmt.Sprintf("password is too short: minimum length %d", MinPasswordLength))
	ErrPolicyKnown    = errors.New("password is on the list of known passwords")
	ErrPolicyUsername = errors.New("password may not be identical to username")
)
View Source 
var (
	ErrNoUser       = errors.New("user is nil")
	ErrUserDisabled = errors.New("user is disabled")
	ErrUserBlank    = errors.New("user has no password set")
)
View Source 
var ErrUserNotFound = errors.New("user not found")

ErrUserNotFound is returned when a user is not found

Functions 

func TOTPLink(secret *otp.Key, width, height int) (string, error)

Types

type Auth 

type Auth struct {
	component.Base
	// contains filtered or unexported fields
}

func (*Auth) CheckPasswordPolicy 

func (auth *Auth) CheckPasswordPolicy(candidate string, username string) error

CheckPasswordPolicy checks if the given password would pass the password policy.

The password policy checks that the password has a minimum length of MinPasswordLength and that it is not a common password. It also checks that password and username are not identical.

func (*Auth) CheckScope 

func (auth *Auth) CheckScope(param string, scope component.Scope, r *http.Request) error

CheckScope checks if the given request is associated with the given request. A request can be one of two types: - A signed in user with an implicitly associated set of scopes - A session authorized with a token only If the request is denied a scope, the error will be of type AccessDeniedError.

func (*Auth) CreateUser 

func (auth *Auth) CreateUser(ctx context.Context, name string) (user *AuthUser, err error)

CreateUser creates a new user and returns it. The user is not associated to any WissKIs, and has no password set.

func (*Auth) HandleRoute 

func (auth *Auth) HandleRoute(ctx context.Context, route string) (http.Handler, error)

func (*Auth) Login 

func (auth *Auth) Login(w http.ResponseWriter, r *http.Request, user *AuthUser) error

Login logs a user into the given request.

If a user was previously logged into this session, UserOf may not return the correct user until the user makes a new request.

It is recommended to send a HTTP redirect to make sure a new request is made.

func (*Auth) Logout 

func (auth *Auth) Logout(w http.ResponseWriter, r *http.Request) error

Logout logs out the user from the given session.

UserOf may return incorrect results until the user makes a new request. It is recommended to send a HTTP redirect to make sure a new request is made.

func (*Auth) Menu 

func (auth *Auth) Menu(r *http.Request) []component.MenuItem

func (*Auth) Protect 

func (auth *Auth) Protect(handler http.Handler, AllowToken bool, scope component.Scope, param func(*http.Request) string) http.Handler

Protect returns a new handler which requires a user to be logged in and have the provided scope.

AllowToken determines if a token is allowed instead of a user session.

If an unauthenticated user attempts to access the returned handler, they are redirected to the login endpoint. If an authenticated user is missing the given scope, a Forbidden response is called. If an authenticated calls the endpoint, and they have the given permissions, the original handler is called.

func (*Auth) Require 

func (auth *Auth) Require(allowToken bool, scope component.Scope, param func(*http.Request) string) func(http.Handler) http.Handler

Require returns a slice containing one decorator that acts like auth.Protect(allowToken,scope,param) on every request.

func (*Auth) Routes 

func (auth *Auth) Routes() component.Routes

func (*Auth) Scopes 

func (auth *Auth) Scopes() map[component.Scope]component.ScopeInfo

Scopes returns a map of all available scopes

func (*Auth) SessionOf 

func (auth *Auth) SessionOf(r *http.Request) (session component.SessionInfo, user *AuthUser, err error)

SessionOf returns the session and user logged into the provided request. token indicates if the user used a token to authenticate, or a browser session was used. A token takes priority over a user in a session.

If there is no user associated with the given request, user and error are nil, and token is false. An invalid session, expired token, or disabled user all result in user = nil.

When no SessionOf exists in the given session returns nil.

func (*Auth) TableInfo 

func (auth *Auth) TableInfo() component.TableInfo

func (*Auth) User 

func (auth *Auth) User(ctx context.Context, name string) (user *AuthUser, err error)

User returns a single user. If the user does not exist, returns ErrUserNotFound.

func (*Auth) UserOfSession 

func (auth *Auth) UserOfSession(r *http.Request) (user *AuthUser, err error)

UserOfSession returns the user of the session associated with r.

func (*Auth) UserOfToken 

func (auth *Auth) UserOfToken(r *http.Request) (user *AuthUser, err error)

UserOfToken returns the user associated with the token in request. To check the user of a token or session, use SessionOf.

func (*Auth) Users 

func (auth *Auth) Users(ctx context.Context) (users []*AuthUser, err error)

Users returns all users in the database

type AuthUser 

type AuthUser struct {
	models.User
	// contains filtered or unexported fields
}

AuthUser represents an authorized user

func (*AuthUser) CheckCredentials 

func (au *AuthUser) CheckCredentials(ctx context.Context, password []byte, passcode string) error

func (*AuthUser) CheckPassword 

func (au *AuthUser) CheckPassword(ctx context.Context, password []byte) error

CheckPassword checks if this user can login with the provided password. Returns nil on success, an error otherwise.

func (*AuthUser) CheckPasswordPolicy 

func (au *AuthUser) CheckPasswordPolicy(candidate string) error

func (*AuthUser) CheckTOTP 

func (au *AuthUser) CheckTOTP(passcode string) error

CheckTOTP validates the given totp passcode against the saved secret. If totp is not enabled, any passcode will pass the check.

func (*AuthUser) Delete 

func (au *AuthUser) Delete(ctx context.Context) error

Delete deletes the user from the database

func (*AuthUser) DisableTOTP 

func (au *AuthUser) DisableTOTP(ctx context.Context) (err error)

DisableTOTP disables totp for the given user

func (*AuthUser) EnableTOTP 

func (au *AuthUser) EnableTOTP(ctx context.Context, passcode string) error

EnableTOTP enables totp for the given user

func (*AuthUser) MakeAdmin 

func (au *AuthUser) MakeAdmin(ctx context.Context) error

MakeAdmin makes this user an admin, and saves the update in the database. If the user is already an admin, does not return an error.

func (*AuthUser) MakeRegular 

func (au *AuthUser) MakeRegular(ctx context.Context) error

MakeRegular removes admin rights from this user. If this user is not an dmin, does not return an error.

func (*AuthUser) NewTOTP 

func (au *AuthUser) NewTOTP(ctx context.Context) (*otp.Key, error)

NewTOTP generates a new TOTP secret, returning a totp key.

func (*AuthUser) Save 

func (au *AuthUser) Save(ctx context.Context) error

Save saves the given user in the database

func (*AuthUser) SetPassword 

func (au *AuthUser) SetPassword(ctx context.Context, password []byte) (err error)

SetPassword sets the password for this user and turns the user on

func (*AuthUser) String 

func (au *AuthUser) String() string

func (*AuthUser) TOTP 

func (au *AuthUser) TOTP() (*otp.Key, error)

func (*AuthUser) UnsetPassword 

func (au *AuthUser) UnsetPassword(ctx context.Context) error

UnsetPassword removes the password from this user, and disables them

Source Files

View all Source files

Directories

Path Synopsis
Package api implements a common handler used by the api routes
 Package api implements a common handler used by the api routes
Package scopes implements and provides scopes used by the API
 Package scopes implements and provides scopes used by the API

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.