auth

package
v0.0.0-...-435c516 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 8, 2023 License: AGPL-3.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNoAuthToken  = errors.New("session token missing")
	ErrTokenExpired = errors.New("session token has expired")
	ErrReadingToken = errors.New("session token internal data is malformed")
)

Session token errors

Functions

func DecryptToken

func DecryptToken(ciphertext string) (plaintext []byte, err error)

DecryptToken receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces []byte

func GetCredentialsFromLDAP

func GetCredentialsFromLDAP(client *http.Client, endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error)

GetCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow

func GetTokenFromRequest

func GetTokenFromRequest(r *http.Request) (string, error)

GetTokenFromRequest returns a token from a http Request either defined on a cookie `token` or on Authorization header.

Authorization Header needs to be like "Authorization Bearer <token>"

func IsSessionTokenValid

func IsSessionTokenValid(token string) bool

IsSessionTokenValid returns true or false depending upon the provided session if the token is valid or not

func NewEncryptedTokenForClient

func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, features *SessionFeatures) (string, error)

NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first encrypts the claims and the sign them

Types

type IdentityProvider

type IdentityProvider struct {
	KeyFunc oauth2.StateKeyFunc
	Client  *oauth2.Provider
	RoleARN string
}

IdentityProvider Identity implementation

Define the structure of a IdentityProvider with Client inside and define the functions that are used during the authentication flow.

func (IdentityProvider) GenerateLoginURL

func (c IdentityProvider) GenerateLoginURL() string

GenerateLoginURL returns a new URL used by the user to login against the idp

func (IdentityProvider) VerifyIdentity

func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)

VerifyIdentity will verify the user identity against the idp using the authorization code flow

func (IdentityProvider) VerifyIdentityForOperator

func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)

VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow

type IdentityProviderI

type IdentityProviderI interface {
	VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
	VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)
	GenerateLoginURL() string
}

IdentityProviderI interface with all functions to be implemented by mock when testing, it should include all IdentityProvider respective api calls that are used within this project.

type STSClaims

type STSClaims struct {
	AccessKey string `json:"accessKey,omitempty"`
}

STSClaims claims struct for STS Token

type SessionFeatures

type SessionFeatures struct {
	HideMenu      bool
	ObjectBrowser bool
	CustomStyleOB string
}

SessionFeatures represents features stored in the session

type TokenClaims

type TokenClaims struct {
	STSAccessKeyID     string `json:"stsAccessKeyID,omitempty"`
	STSSecretAccessKey string `json:"stsSecretAccessKey,omitempty"`
	STSSessionToken    string `json:"stsSessionToken,omitempty"`
	AccountAccessKey   string `json:"accountAccessKey,omitempty"`
	HideMenu           bool   `json:"hm,omitempty"`
	ObjectBrowser      bool   `json:"ob,omitempty"`
	CustomStyleOB      string `json:"customStyleOb,omitempty"`
}

TokenClaims claims struct for decrypted credentials

func ParseClaimsFromToken

func ParseClaimsFromToken(claims string) (*TokenClaims, error)

ParseClaimsFromToken receive token claims in string format, then unmarshal them to produce a *TokenClaims object

func SessionTokenAuthenticate

func SessionTokenAuthenticate(token string) (*TokenClaims, error)

SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature if the session token claims are valid we proceed to decrypt the information inside

returns claims after validation in the following format:

type TokenClaims struct {
	STSAccessKeyID
	STSSecretAccessKey
	STSSessionToken
	AccountAccessKey
}

Directories

Path Synopsis
idp
oauth2
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol
Package oauth2 contains all the necessary configurations to initialize the idp communication using oauth2 protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL