Documentation ¶
Index ¶
- func CheckScope(scope util.StringSet) bool
- func DescribeScope(scope util.StringSet) (map[string]string, bool)
- func EmailDispatch()
- func InitClients(path string)
- func InitDb(config *conf.DbConfig)
- func InitTestDb(t *testing.T)
- func RemoveExpired()
- func RemoveStaleAccounts()
- func RunCleaner()
- func RunEmailDispatch()
- type AccessToken
- type Account
- func GetAccount(uuid string) (*Account, bool)
- func GetAccountByActivationCode(code string) (*Account, bool)
- func GetAccountByCredential(id string) (*Account, bool)
- func GetAccountByLogin(login string) (*Account, bool)
- func GetAccountByResetPWCode(code string) (*Account, bool)
- func GetAccountDisabled(uuid string) (*Account, bool)
- func ListAccounts() []Account
- func SearchAccounts(search string) []Account
- func SetPasswordReset(credential string) (*Account, bool)
- func (acc *Account) Create() error
- func (acc *Account) RemoveActivationCode() error
- func (acc *Account) SSHKeys() []SSHKey
- func (acc *Account) SetPassword(plain string) error
- func (acc *Account) Update() error
- func (acc *Account) UpdateEmail(email string) error
- func (acc *Account) UpdatePassword(plain string) error
- func (acc *Account) Validate() *util.ValidationError
- func (acc *Account) VerifyPassword(plain string) bool
- type AccountMarshaler
- type Client
- func (client *Client) ApprovalForAccount(accountUUID string) (*ClientApproval, bool)
- func (client *Client) Approve(accountUUID string, scope util.StringSet) (err error)
- func (client *Client) CreateGrantRequest(responseType, redirectURI, state string, scope util.StringSet) (*GrantRequest, error)
- func (client *Client) ScopeProvided() util.StringSet
- type ClientApproval
- type Email
- type GrantRequest
- type RefreshToken
- type SSHKey
- type SSHKeyMarshaler
- type Session
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckScope ¶
CheckScope checks whether a certain scope exists by searching through all provided scopes from all registered clients.
func DescribeScope ¶
DescribeScope turns a scope into a map of names to descriptions. If the map is complete the second return value is true.
func EmailDispatch ¶
func EmailDispatch()
EmailDispatch checks e-mail queue database entries, handles the entries according to the smtp mode setting and removes the entries after they successful handling.
func InitClients ¶
func InitClients(path string)
InitClients loads client information from a yaml configuration file and updates the corresponding entries in the database.
func InitDb ¶
InitDb initializes a global database connection. An existing connection will be closed.
func InitTestDb ¶
InitTestDb initializes a database for testing purpose.
func RemoveExpired ¶
func RemoveExpired()
RemoveExpired removes rows of expired entries from AccessTokens, Sessions and GrantRequests database tables.
func RemoveStaleAccounts ¶
func RemoveStaleAccounts()
RemoveStaleAccounts removes all accounts that where registered, but never accessed within a defined period of time
func RunCleaner ¶
func RunCleaner()
RunCleaner starts an infinite loop which periodically executes database cleanup functions.
func RunEmailDispatch ¶
func RunEmailDispatch()
RunEmailDispatch starts an infinite loop which periodically runs e-mail queue functions.
Types ¶
type AccessToken ¶
type AccessToken struct { Token string // This is just a random string not the JWT token Scope util.StringSet Expires time.Time ClientUUID string AccountUUID sql.NullString CreatedAt time.Time UpdatedAt time.Time }
AccessToken represents an OAuth access token
func GetAccessToken ¶
func GetAccessToken(token string) (*AccessToken, bool)
GetAccessToken returns a access token with a given token. Returns false if no such access token exists.
func ListAccessTokens ¶
func ListAccessTokens() []AccessToken
ListAccessTokens returns all access tokens sorted by creation time.
func (*AccessToken) Create ¶
func (tok *AccessToken) Create() error
Create stores a new access token in the database. If the token is empty a random token will be generated.
func (*AccessToken) Delete ¶
func (tok *AccessToken) Delete() error
Delete removes an access token from the database.
func (*AccessToken) UpdateExpirationTime ¶
func (tok *AccessToken) UpdateExpirationTime() error
UpdateExpirationTime updates the expiration time and stores the new time in the database.
type Account ¶
type Account struct { UUID string Login string PWHash string `json:"-"` // safety net Email string IsEmailPublic bool Title sql.NullString FirstName string MiddleName sql.NullString LastName string Institute string Department string City string Country string IsAffiliationPublic bool ActivationCode sql.NullString ResetPWCode sql.NullString IsDisabled bool CreatedAt time.Time UpdatedAt time.Time }
Account data as stored in the database
func GetAccount ¶
GetAccount returns an account with matching UUID Returns false if no account with such UUID exists
func GetAccountByActivationCode ¶
GetAccountByActivationCode returns an account with matching activation code. Returns false if no account with the activation code can be found.
func GetAccountByCredential ¶
GetAccountByCredential returns an active account (non disabled, no activation code, no reset password code) with matching login or email address. Returns false if no account with such login or email address exists.
func GetAccountByLogin ¶
GetAccountByLogin returns an active account (non disabled, no activation code, no reset password code) with matching login. Returns false if no account with such login exists.
func GetAccountByResetPWCode ¶
GetAccountByResetPWCode returns an account with matching reset password code. Returns false if no account with the reset password code can be found.
func GetAccountDisabled ¶
GetAccountDisabled returns a disabled account with a matching uuid. Returns false if no account with the uuid can be found or if it is not disabled.
func ListAccounts ¶
func ListAccounts() []Account
ListAccounts returns all accounts stored in the database
func SearchAccounts ¶
SearchAccounts returns all accounts stored in the database where the account name (firstName, middleName, lastName or login) contains the search string.
func SetPasswordReset ¶
SetPasswordReset updates the password reset code with a new token, if an account can be found, that is non disabled and has either email or login of a provided credential. Returns false, if no non-disabled account with the credential as email or login can be found.
func (*Account) Create ¶
Create stores the account as new Account in the database. If the UUID string is empty a new UUID will be generated.
func (*Account) RemoveActivationCode ¶
RemoveActivationCode is the only way to remove an ActivationCode from an Account, since this field should never be set via the Update function by accident.
func (*Account) SSHKeys ¶
SSHKeys returns a slice with all non temporary SSH keys belonging to this account.
func (*Account) SetPassword ¶
SetPassword hashes the plain text password and sets PWHash to the new value.
func (*Account) Update ¶
Update stores the new values of an Account in the database. New values for Login and CreatedAt are ignored. UpdatedAt will be set automatically to the current date and time. Field ActivationCode is not set via this update function, since this field fulfills a special role. It can only be set to a value once by account create and can only be set to null via its own function. Fields password and email are not set via this update function, since they require sufficient scope to change.
func (*Account) UpdateEmail ¶
UpdateEmail checks validity of a new e-mail address and updates the current account with a valid new e-mail address. The normal account update does not include the e-mail address for safety reasons.
func (*Account) UpdatePassword ¶
UpdatePassword hashes a plain text password and updates the database entry of the corresponding account.
func (*Account) Validate ¶
func (acc *Account) Validate() *util.ValidationError
Validate the content of an Account. First name, last name, login, email, institute, department, city and country must not be empty; Title, first name, middle name last name, login, email, institute, department, city and country must not be longer than 521 characters; A given login and e-mail address must not exist in the database; An e-mail address must contain an "@".
func (*Account) VerifyPassword ¶
VerifyPassword checks whether the stored hash matches the plain text password
type AccountMarshaler ¶
AccountMarshaler handles JSON marshalling for Account
Fields: - WithMail If true, mail information will be serialized - WithAffiliation If true, affiliation will be serialized
func (*AccountMarshaler) MarshalJSON ¶
func (am *AccountMarshaler) MarshalJSON() ([]byte, error)
MarshalJSON implements Marshaler for AccountMarshaler
func (*AccountMarshaler) UnmarshalJSON ¶
func (am *AccountMarshaler) UnmarshalJSON(bytes []byte) error
UnmarshalJSON implements Unmarshaler for AccountMarshaler. Only parses updatable fields: Title, FirstName, MiddleName and LastName
type Client ¶
type Client struct { UUID string Name string Secret string ScopeProvidedMap map[string]string ScopeWhitelist util.StringSet ScopeBlacklist util.StringSet RedirectURIs util.StringSet CreatedAt time.Time UpdatedAt time.Time }
Client object stored in the database
func GetClient ¶
GetClient returns an OAuth client with a given uuid. Returns false if no client with a matching uuid can be found.
func GetClientByName ¶
GetClientByName returns an OAuth client with a given client name. Returns false if no client with a matching name can be found.
func ListClients ¶
func ListClients() []Client
ListClients returns all registered OAuth clients ordered by name
func (*Client) ApprovalForAccount ¶
func (client *Client) ApprovalForAccount(accountUUID string) (*ClientApproval, bool)
ApprovalForAccount gets a client approval for this client which was approved for a specific account.
func (*Client) Approve ¶
Approve creates a new client approval or extends an existing approval, such that the given scope is is approved for the given account.
func (*Client) CreateGrantRequest ¶
func (client *Client) CreateGrantRequest(responseType, redirectURI, state string, scope util.StringSet) (*GrantRequest, error)
CreateGrantRequest check whether response type, redirect URI and scope are valid and creates a new grant request for this client. Grant types are defined by RFC6749 "OAuth 2.0 Authorization Framework" Supported grant types are: "code" (authorization code), "token" (implicit request), "owner" (resource owner password credentials), "client" (client credentials)
func (*Client) ScopeProvided ¶
ScopeProvided the scope provided by this client as a StringSet. The scope is extracted from the clients ScopeProvidedMap.
type ClientApproval ¶
type ClientApproval struct { UUID string Scope util.StringSet ClientUUID string AccountUUID string CreatedAt time.Time UpdatedAt time.Time }
ClientApproval contains information about scopes a user has already approved for a certain client. This is needed to implement Trust On First Use (TOFU).
func GetClientApproval ¶
func GetClientApproval(uuid string) (*ClientApproval, bool)
GetClientApproval retrieves an approval with a given UUID. Returns false if no matching approval exists.
func ListClientApprovals ¶
func ListClientApprovals() []ClientApproval
ListClientApprovals returns all client approvals stored in the database ordered by creation time.
func (*ClientApproval) Create ¶
func (app *ClientApproval) Create() error
Create stores a new approval in the database. If the UUID is empty a new random UUID will be created.
func (*ClientApproval) Delete ¶
func (app *ClientApproval) Delete() error
Delete removes an approval from the database.
func (*ClientApproval) Update ¶
func (app *ClientApproval) Update() error
Update stores the new values of the approval in the database. New values for CreatedAt will be ignored. UpdatedAt will be set automatically to the current time.
type Email ¶
type Email struct { Id int Mode sql.NullString Sender string Recipient util.StringSet Content []byte CreatedAt time.Time }
Email data as stored in the database
func GetQueuedEmails ¶
GetQueuedEmails selects all unsent e-mails from the email queue database table and returns the result as a slice of Emails.
type GrantRequest ¶
type GrantRequest struct { Token string GrantType string State string Code sql.NullString ScopeRequested util.StringSet RedirectURI string ClientUUID string AccountUUID sql.NullString CreatedAt time.Time UpdatedAt time.Time }
GrantRequest contains data about an ongoing authorization grant request.
func GetGrantRequest ¶
func GetGrantRequest(token string) (*GrantRequest, bool)
GetGrantRequest returns a grant request with a given token. Returns false if no request with a matching token exists.
func GetGrantRequestByCode ¶
func GetGrantRequestByCode(code string) (*GrantRequest, bool)
GetGrantRequestByCode returns a grant request with a given code. Returns false if no request with a matching code exists.
func ListGrantRequests ¶
func ListGrantRequests() []GrantRequest
ListGrantRequests returns all current grant requests ordered by creation time.
func (*GrantRequest) Client ¶
func (req *GrantRequest) Client() *Client
Client returns the client associated with the grant request.
func (*GrantRequest) Create ¶
func (req *GrantRequest) Create() error
Create stores a new grant request.
func (*GrantRequest) Delete ¶
func (req *GrantRequest) Delete() error
Delete removes an existing request from the database.
func (*GrantRequest) ExchangeCodeForTokens ¶
func (req *GrantRequest) ExchangeCodeForTokens() (string, string, error)
ExchangeCodeForTokens creates an access token and a refresh token. Finally the grant request will be deleted from the database, even if the token creation fails!
func (*GrantRequest) IsApproved ¶
func (req *GrantRequest) IsApproved() bool
IsApproved just looks up whether the requested scope is covered by the scope of an existing approval
func (*GrantRequest) Update ¶
func (req *GrantRequest) Update() error
Update an existing grant request.
type RefreshToken ¶
type RefreshToken struct { Token string Scope util.StringSet ClientUUID string AccountUUID string CreatedAt time.Time UpdatedAt time.Time }
RefreshToken represents an OAuth refresh token issued in a `code` grant request.
func GetRefreshToken ¶
func GetRefreshToken(token string) (*RefreshToken, bool)
GetRefreshToken returns a refresh token with a given token value. Returns false if no such refresh token exists.
func ListRefreshTokens ¶
func ListRefreshTokens() []RefreshToken
ListRefreshTokens returns all refresh tokens sorted by creation time.
func (*RefreshToken) Create ¶
func (tok *RefreshToken) Create() error
Create stores a new refresh token in the database. If the token is empty a random token will be generated.
func (*RefreshToken) Delete ¶
func (tok *RefreshToken) Delete() error
Delete removes an refresh token from the database.
type SSHKey ¶
type SSHKey struct { Fingerprint string Key string Description string AccountUUID string Temporary bool CreatedAt time.Time UpdatedAt time.Time }
SSHKey object stored in the database.
func GetSSHKey ¶
GetSSHKey returns an SSH key (permanent or temporary) for a given fingerprint. Returns false if no permanent key with the fingerprint can be found. Returns false if no temporary key with the fingerprint created within the LifeTime of temporary ssh keys can be found.
func (*SSHKey) UnmarshalJSON ¶
UnmarshalJSON implements Unmarshaler for SSHKey Only parses updatable fields: Key, Description, and Temporary. The fingerprint is parsed from the key.
type SSHKeyMarshaler ¶
SSHKeyMarshaler wraps a SSHKey together with an Account to provide all information needed to marshal a SSHKey
func (*SSHKeyMarshaler) MarshalJSON ¶
func (keyMarshaler *SSHKeyMarshaler) MarshalJSON() ([]byte, error)
MarshalJSON implements Marshaler for SSHKeyMarshaler
type Session ¶
type Session struct { Token string Expires time.Time AccountUUID string CreatedAt time.Time UpdatedAt time.Time }
Session contains data about session tokens used to identify logged in accounts.
func GetSession ¶
GetSession returns a session with a given token. Returns false if no such session exists.
func ListSessions ¶
func ListSessions() []Session
ListSessions returns all sessions sorted by creation time.
func (*Session) Create ¶
Create stores a new session. If the token is empty a random token will be generated.
func (*Session) UpdateExpirationTime ¶
UpdateExpirationTime updates the expiration time and stores the new time in the database.