providers

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2024 License: MPL-2.0 Imports: 50 Imported by: 1

Documentation

Overview 

package providers is a catch-all for all TAP auth provider types (e.g. social, active directory), if you are

extending TAP to use more providers, add them to this section 

package providers is a catch-all for all TAP auth provider types (e.g. social, active directory), if you are

extending TAP to use more providers, add them to this section 

package providers is a catch-all for all TAP auth provider types (e.g. social, active directory), if you are

extending TAP to use more providers, add them to this section

Index

Constants

View Source 
const (
	DefaultForeNameClaim = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
	DefaultSurNameClaim  = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
	DefaultEmailClaim    = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
	// According to Windows Identity Foundation: unique name of the user. It might be the email address
	WIFUniqueName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
)

Variables

View Source 
var ADLogTag = "AD AUTH"
View Source 
var ADLogger = log.WithField("prefix", ADLogTag)
View Source 
var CertManager certs.CertificateManager = certs.NewCertificateManager(FileLoader{}, "", nil, false)

certManager will fallback as files as default

View Source 
var FileLoaderLogTag = "CERT FILE LOADER"
View Source 
var FileLoaderLogger = log.WithField("prefix", FileLoaderLogTag)
View Source 
var SAMLLogTag = "SAML AUTH"
View Source 
var SAMLLogger = log.WithField("prefix", SAMLLogTag)
View Source 
var SocialLogTag = "SOCIAL AUTH"

SocialLogTag is the log tag for the social provider

Functions

func ExtractBAUsernameAndPasswordFromRequest 

func ExtractBAUsernameAndPasswordFromRequest(r *http.Request) (string, string)

func GetTAProvider added in v1.1.0 

func GetTAProvider(conf tap.Profile, handler tyk.TykAPI, identityKeyStore tap.AuthRegisterBackend) (tap.TAProvider, error)

return a provider based on the name of the provider type, add new providers here

func GetTapProfile added in v1.1.0 

func GetTapProfile(AuthConfigStore, identityKeyStore tap.AuthRegisterBackend, id string, tykHandler tyk.TykAPI) (tap.TAProvider, tap.Profile, *tap.HttpError)

func IsSlugAscii 

func IsSlugAscii(s string) bool

IsSlugAscii returns true only if SlugAscii(s) == s.

func PrintErrorStruct added in v1.2.2 

func PrintErrorStruct(err error)

func RandStringRunes 

func RandStringRunes(n int) string

func ReadEmailFromClaims added in v1.3.1 

func ReadEmailFromClaims(emailClaim string, claims map[string]interface{}) (email string)

func ReadNamesFromClaims added in v1.3.1 

func ReadNamesFromClaims(ForenameClaim, SurnameClaim string, claims map[string]interface{}) (forename, surname string)

func Slug 

func Slug(s string) string

Slug replaces each run of characters which are not unicode letters or numbers with a single hyphen, except for leading or trailing runs. Letters will be stripped of diacritical marks and lowercased. Letter or number codepoints that do not have combining marks or a lower-cased variant will be passed through unaltered.

func SlugAscii 

func SlugAscii(s string) string

SlugAscii is identical to Slug, except that runs of one or more unicode letters or numbers that still fall outside the ASCII range will have their UTF-8 representation hex encoded and delimited by hyphens. As with Slug, in no case will hyphens appear at either end of the returned string.

Types

type ADConfig 

type ADConfig struct {
	LDAPUseSSL             bool
	LDAPServer             string
	LDAPPort               string
	LDAPUserDN             string
	LDAPBaseDN             string
	LDAPFilter             string
	LDAPEmailAttribute     string
	LDAPFirstNameAttribute string
	LDAPLastNameAttribute  string
	LDAPAdminUser          string
	LDAPAdminPassword      string
	LDAPAttributes         []string
	LDAPSearchScope        int
	FailureRedirect        string
	DefaultDomain          string
	GetAuthFromBAHeader    bool
	SlugifyUserName        bool
}

ADConfig is the configuration object for an LDAP connector

type ADProvider 

type ADProvider struct {
	// contains filtered or unexported fields
}

ADProvider is an auth delegation provider for LDAP protocol

func (*ADProvider) Handle 

func (s *ADProvider) Handle(w http.ResponseWriter, r *http.Request, pathParams map[string]string, profile tap.Profile)

Handle is a delegate for the Http Handler used by the generic inbound handler, it will extract the username and password from the request and atempt to bind tot he AD host.

func (*ADProvider) HandleCallback 

func (s *ADProvider) HandleCallback(w http.ResponseWriter, r *http.Request, onError func(tag string, errorMsg string, rawErr error, code int, w http.ResponseWriter, r *http.Request), profile tap.Profile)

HandleCallback is not used

func (*ADProvider) HandleMetadata added in v1.1.0 

func (s *ADProvider) HandleMetadata(http.ResponseWriter, *http.Request)

func (*ADProvider) Init 

func (s *ADProvider) Init(handler tap.IdentityHandler, profile tap.Profile, config []byte) error

Init initialises the handler with it's IdentityHandler (the interface handling actual account SSO on the target) profile - the Profile to use for this request and the specific configuration for the handler as a byte stream. The config is a byte stream as a hack so we do not need to type cast a map[string]interface{} manually from a JSON configuration

func (*ADProvider) Name 

func (s *ADProvider) Name() string

Name provides the name of the ID provider

func (*ADProvider) ProviderType 

func (s *ADProvider) ProviderType() tap.ProviderType

ProviderType returns the type of the provider, can be PASSTHROUGH_PROVIDER or REDIRECT dependin on the auth process LDAP is a pass -through provider, it will take authentication variables such as username and password and authenticate directly with the LDAP server with those values instead of delegating to a third-party such as OAuth.

func (*ADProvider) UseCallback 

func (s *ADProvider) UseCallback() bool

UseCallback signals whether this provider uses the callback endpoints

type FileLoader added in v1.2.1 

type FileLoader struct{}

func (FileLoader) AddToSet added in v1.2.2 

func (f FileLoader) AddToSet(string, string)

func (FileLoader) AddToSortedSet added in v1.2.2 

func (f FileLoader) AddToSortedSet(string, string, float64)

func (FileLoader) AppendToSet added in v1.2.1 

func (f FileLoader) AppendToSet(string, string)

func (FileLoader) Connect added in v1.2.2 

func (f FileLoader) Connect() bool

func (FileLoader) Decrement added in v1.2.2 

func (f FileLoader) Decrement(string)

func (FileLoader) DeleteAllKeys added in v1.2.2 

func (f FileLoader) DeleteAllKeys() bool

func (FileLoader) DeleteKey added in v1.2.1 

func (f FileLoader) DeleteKey(string) bool

func (FileLoader) DeleteKeys added in v1.2.2 

func (f FileLoader) DeleteKeys([]string) bool

func (FileLoader) DeleteRawKey added in v1.2.2 

func (f FileLoader) DeleteRawKey(string) bool

func (FileLoader) DeleteRawKeys added in v1.6.0 

func (f FileLoader) DeleteRawKeys([]string) bool

func (FileLoader) DeleteScanMatch added in v1.2.1 

func (f FileLoader) DeleteScanMatch(string) bool

func (FileLoader) Exists added in v1.2.1 

func (f FileLoader) Exists(string) (bool, error)

func (FileLoader) GetAndDeleteSet added in v1.2.2 

func (f FileLoader) GetAndDeleteSet(string) []interface{}

func (FileLoader) GetExp added in v1.2.2 

func (f FileLoader) GetExp(string) (int64, error)

func (FileLoader) GetKey added in v1.2.1 

func (f FileLoader) GetKey(key string) (string, error)

func (FileLoader) GetKeyPrefix added in v1.2.2 

func (f FileLoader) GetKeyPrefix() string

func (FileLoader) GetKeys added in v1.2.1 

func (f FileLoader) GetKeys(string) []string

func (FileLoader) GetKeysAndValues added in v1.2.2 

func (f FileLoader) GetKeysAndValues() map[string]string

func (FileLoader) GetKeysAndValuesWithFilter added in v1.2.2 

func (f FileLoader) GetKeysAndValuesWithFilter(string) map[string]string

func (FileLoader) GetListRange added in v1.2.1 

func (f FileLoader) GetListRange(string, int64, int64) ([]string, error)

func (FileLoader) GetMultiKey added in v1.2.2 

func (f FileLoader) GetMultiKey([]string) ([]string, error)

func (FileLoader) GetRawKey added in v1.2.2 

func (f FileLoader) GetRawKey(string) (string, error)

func (FileLoader) GetRollingWindow added in v1.2.2 

func (f FileLoader) GetRollingWindow(key string, per int64, pipeline bool) (int, []interface{})

func (FileLoader) GetSet added in v1.2.2 

func (f FileLoader) GetSet(string) (map[string]string, error)

func (FileLoader) GetSortedSetRange added in v1.2.2 

func (f FileLoader) GetSortedSetRange(string, string, string) ([]string, []float64, error)

func (FileLoader) IncrememntWithExpire added in v1.2.2 

func (f FileLoader) IncrememntWithExpire(string, int64) int64

func (FileLoader) RemoveFromList added in v1.2.1 

func (f FileLoader) RemoveFromList(string, string) error

func (FileLoader) RemoveFromSet added in v1.2.2 

func (f FileLoader) RemoveFromSet(string, string)

func (FileLoader) RemoveSortedSetRange added in v1.2.2 

func (f FileLoader) RemoveSortedSetRange(string, string, string) error

func (FileLoader) SetExp added in v1.2.2 

func (f FileLoader) SetExp(string, int64) error

func (FileLoader) SetKey added in v1.2.1 

func (f FileLoader) SetKey(string, string, int64) error

func (FileLoader) SetRawKey added in v1.2.2 

func (f FileLoader) SetRawKey(string, string, int64) error

func (FileLoader) SetRollingWindow added in v1.2.2 

func (f FileLoader) SetRollingWindow(key string, per int64, val string, pipeline bool) (int, []interface{})

type GothConfig 

type GothConfig struct {
	UseProviders    []GothProviderConfig
	CallbackBaseURL string
	FailureRedirect string
	JWE             jwe.Handler `json:"JWE,omitempty"`
}

GothConfig is the main configuration object for the Social provider

type GothProviderConfig 

type GothProviderConfig struct {
	Name                            string
	Key                             string
	Secret                          string
	DiscoverURL                     string
	DisableAuthHeaderProviderDomain string
	Scopes                          []string
	SkipUserInfoRequest             bool
}

GothProviderConfig the configurations required for the individual goth providers

type ProxyHandlerConfig 

type ProxyHandlerConfig struct {
	TargetHost                         string
	OKCode                             int
	OKResponse                         string
	OKRegex                            string
	ResponseIsJson                     bool
	AccessTokenField                   string
	UsernameField                      string
	ExrtactUserNameFromBasicAuthHeader bool
}

type ProxyProvider 

type ProxyProvider struct {
	// contains filtered or unexported fields
}

func (*ProxyProvider) Handle 

func (p *ProxyProvider) Handle(rw http.ResponseWriter, r *http.Request, pathParams map[string]string,
	profile tap.Profile)

func (*ProxyProvider) HandleCallback 

func (p *ProxyProvider) HandleCallback(http.ResponseWriter, *http.Request, func(tag string, errorMsg string,
	rawErr error, code int, w http.ResponseWriter, r *http.Request), tap.Profile)

func (*ProxyProvider) HandleMetadata added in v1.1.0 

func (s *ProxyProvider) HandleMetadata(http.ResponseWriter, *http.Request)

func (*ProxyProvider) Init 

func (p *ProxyProvider) Init(handler tap.IdentityHandler, profile tap.Profile, config []byte) error

func (*ProxyProvider) Name 

func (p *ProxyProvider) Name() string

func (*ProxyProvider) ProviderType 

func (p *ProxyProvider) ProviderType() tap.ProviderType

func (*ProxyProvider) UseCallback 

func (p *ProxyProvider) UseCallback() bool

type ReverseProxy 

type ReverseProxy struct {
	// Director must be a function which modifies
	// the request into a new request to be sent
	// using Transport. Its response is then copied
	// back to the original client unmodified.
	Director func(*http.Request)

	// The transport used to perform proxy requests.
	// If nil, http.DefaultTransport is used.
	Transport http.RoundTripper

	// FlushInterval specifies the flush interval
	// to flush to the client while copying the
	// response body.
	// If zero, no periodic flushing is done.
	FlushInterval time.Duration
}

ReverseProxy is an HTTP Handler that takes an incoming request and sends it to another server, proxying the response back to the client.

func NewSingleHostReverseProxy 

func NewSingleHostReverseProxy(target *url.URL) *ReverseProxy

NewSingleHostReverseProxy returns a new ReverseProxy that rewrites URLs to the scheme, host, and base path provided in target. If the target's path is "/base" and the incoming request was for "/dir", the target request will be for /base/dir.

func (*ReverseProxy) ServeHTTP 

func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request)

type SAMLConfig added in v1.1.0 

type SAMLConfig struct {
	IDPMetadataURL      string
	CertLocation        string
	SAMLBaseURL         string
	ForceAuthentication bool
	SAMLBinding         string
	SAMLEmailClaim      string
	SAMLForenameClaim   string
	SAMLSurnameClaim    string
	FailureRedirect     string
	EntityId            string
}

type SAMLProvider added in v1.1.0 

type SAMLProvider struct {
	// contains filtered or unexported fields
}

func (*SAMLProvider) Handle added in v1.1.0 

func (s *SAMLProvider) Handle(w http.ResponseWriter, r *http.Request, pathParams map[string]string, profile tap.Profile)

func (*SAMLProvider) HandleCallback added in v1.1.0 

func (s *SAMLProvider) HandleCallback(w http.ResponseWriter, r *http.Request, onError func(tag string, errorMsg string, rawErr error, code int, w http.ResponseWriter, r *http.Request), profile tap.Profile)

func (*SAMLProvider) HandleMetadata added in v1.1.0 

func (s *SAMLProvider) HandleMetadata(w http.ResponseWriter, r *http.Request)

func (*SAMLProvider) Init added in v1.1.0 

func (s *SAMLProvider) Init(handler tap.IdentityHandler, profile tap.Profile, config []byte) error

func (*SAMLProvider) Name added in v1.1.0 

func (s *SAMLProvider) Name() string

func (*SAMLProvider) ProviderType added in v1.1.0 

func (s *SAMLProvider) ProviderType() tap.ProviderType

func (*SAMLProvider) UseCallback added in v1.1.0 

func (s *SAMLProvider) UseCallback() bool

type Social 

type Social struct {
	// contains filtered or unexported fields
}

Social is the identity handler for all social auth, it is a wrapper around Goth, and makes use of it's pluggable providers to provide a raft of social OAuth providers as SSO or Login delegates.

func (*Social) Handle 

func (s *Social) Handle(w http.ResponseWriter, r *http.Request, pathParams map[string]string, profile tap.Profile)

Handle is the main callback delegate for the generic auth flow

func (*Social) HandleCallback 

func (s *Social) HandleCallback(w http.ResponseWriter, r *http.Request, onError func(tag string, errorMsg string, rawErr error, code int, w http.ResponseWriter, r *http.Request), profile tap.Profile)

HandleCallback handles the callback from the OAuth provider

func (*Social) HandleMetadata added in v1.1.0 

func (s *Social) HandleMetadata(http.ResponseWriter, *http.Request)

func (*Social) Init 

func (s *Social) Init(handler tap.IdentityHandler, profile tap.Profile, config []byte) error

Init will configure the social provider for this request.

func (*Social) Name 

func (s *Social) Name() string

Name returns the name of the provider

func (*Social) ProviderType 

func (s *Social) ProviderType() tap.ProviderType

ProviderType returns the type of the provider, Social makes use of the reirect type, as it redirects the user to multiple locations in the flow

func (*Social) UseCallback 

func (s *Social) UseCallback() bool

UseCallback returns whether or not the callback URL is used for this profile. Social uses it.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.