Documentation ¶
Index ¶
Constants ¶
View Source
const MFALoginFieldName = "mfa-token"
Variables ¶
View Source
var ( ErrProviderUnconfigured = errors.New("No valid configuration found for this provider") ErrNoValidUserFound = errors.New("No valid users found") )
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator interface { // AuthenticatorID needs to return an unique string to identify // this special authenticator AuthenticatorID() (id string) // Configure loads the configuration for the Authenticator from the // global config.yaml file which is passed as a byte-slice. // If no configuration for the Authenticator is supplied the function // needs to return the ErrProviderUnconfigured Configure(yamlSource []byte) (err error) // DetectUser is used to detect a user without a login form from // a cookie, header or other methods // If no user was detected the ErrNoValidUserFound needs to be // returned DetectUser(res http.ResponseWriter, r *http.Request) (user string, groups []string, err error) // Login is called when the user submits the login form and needs // to authenticate the user or throw an error. If the user has // successfully logged in the persistent cookie should be written // in order to use DetectUser for the next login. // With the login result an array of mfaConfig must be returned. In // case there is no MFA config or the provider does not support MFA // return nil. // If the user did not login correctly the ErrNoValidUserFound // needs to be returned Login(res http.ResponseWriter, r *http.Request) (user string, mfaConfigs []MFAConfig, err error) // LoginFields needs to return the fields required for this login // method. If no login using this method is possible the function // needs to return nil. LoginFields() (fields []LoginField) // Logout is called when the user visits the logout endpoint and // needs to destroy any persistent stored cookies Logout(res http.ResponseWriter, r *http.Request) (err error) // SupportsMFA returns the MFA detection capabilities of the login // provider. If the provider can provide mfaConfig objects from its // configuration return true. If this is true the login interface // will display an additional field for this provider for the user // to fill in their MFA token. SupportsMFA() bool }
type CookieConfig ¶ added in v0.19.0
type CookieConfig struct { Domain string `yaml:"domain"` AuthKey string `yaml:"authentication_key"` Expire int `yaml:"expire"` Prefix string `yaml:"prefix"` Secure bool `yaml:"secure"` }
func (CookieConfig) GetSessionOpts ¶ added in v0.19.0
func (c CookieConfig) GetSessionOpts() *sessions.Options
type LoginField ¶
type MFAConfig ¶
type MFAConfig struct { Provider string `yaml:"provider"` Attributes map[string]interface{} `yaml:"attributes"` }
func (MFAConfig) AttributeInt ¶
func (MFAConfig) AttributeString ¶
type MFAProvider ¶
type MFAProvider interface { // ProviderID needs to return an unique string to identify // this special MFA provider ProviderID() (id string) // Configure loads the configuration for the Authenticator from the // global config.yaml file which is passed as a byte-slice. // If no configuration for the Authenticator is supplied the function // needs to return the ErrProviderUnconfigured Configure(yamlSource []byte) (err error) // ValidateMFA takes the user from the login cookie and performs a // validation against the provided MFA configuration for this user ValidateMFA(res http.ResponseWriter, r *http.Request, user string, mfaCfgs []MFAConfig) error }
type RegisterAuthenticatorFunc ¶
type RegisterAuthenticatorFunc func(Authenticator)
type RegisterMFAProviderFunc ¶
type RegisterMFAProviderFunc func(MFAProvider)
Click to show internal directories.
Click to hide internal directories.