auth

package
v0.0.0-...-7f11b89 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2017 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	OAuthBegin    = "OAuthBegin"
	OAuthCallback = "OAuthCallback"
	LogOut        = "LogOut"
)
View Source
const AuthCookieName = "ATC-Authorization"
View Source
const BuildKey = "build"
View Source
const CSRFHeaderName = "X-Csrf-Token"
View Source
const CSRFRequiredKey = "CSRFRequired"
View Source
const OAuthStateCookie = "_concourse_oauth_state"
View Source
const PipelineDBKey = "pipelineDB"
View Source
const TokenTypeBearer = "Bearer"

Variables

View Source
var ErrUnparsableHeader = errors.New("cannot parse 'Authorization' header")
View Source
var OAuthRoutes = rata.Routes{
	{Path: "/auth/logout", Method: "GET", Name: LogOut},
	{Path: "/auth/:provider/callback", Method: "GET", Name: OAuthCallback},
	{Path: "/auth/:provider", Method: "GET", Name: OAuthBegin},
}
View Source
var SigningMethod = jwt.SigningMethodRS256

Functions

func CSRFValidationHandler

func CSRFValidationHandler(
	handler http.Handler,
	rejector Rejector,
	userContextReader UserContextReader,
) http.Handler

func CheckAdminHandler

func CheckAdminHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthenticationHandler

func CheckAuthenticationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func CheckAuthorizationHandler

func CheckAuthorizationHandler(
	handler http.Handler,
	rejector Rejector,
) http.Handler

func IsAdmin

func IsAdmin(r *http.Request) bool

func IsAuthenticated

func IsAuthenticated(r *http.Request) bool

func IsAuthorized

func IsAuthorized(r *http.Request) bool

func IsSystem

func IsSystem(r *http.Request) bool

func NewCheckBuildReadAccessHandlerFactory

func NewCheckBuildReadAccessHandlerFactory(
	buildsDB BuildsDB,
) *checkBuildReadAccessHandlerFactory

func NewCheckBuildWriteAccessHandlerFactory

func NewCheckBuildWriteAccessHandlerFactory(
	buildsDB BuildsDB,
) *checkBuildWriteAccessHandlerFactory

func NewCheckPipelineAccessHandlerFactory

func NewCheckPipelineAccessHandlerFactory(
	pipelineDBFactory db.PipelineDBFactory,
	teamDBFactory db.TeamDBFactory,
) *checkPipelineAccessHandlerFactory

func NewLogOutHandler

func NewLogOutHandler(logger lager.Logger) http.Handler

func NewOAuthBeginHandler

func NewOAuthBeginHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamDBFactory db.TeamDBFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthCallbackHandler

func NewOAuthCallbackHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	privateKey *rsa.PrivateKey,
	teamDBFactory db.TeamDBFactory,
	expire time.Duration,
	isTLSEnabled bool,
) http.Handler

func NewOAuthHandler

func NewOAuthHandler(
	logger lager.Logger,
	providerFactory ProviderFactory,
	teamDBFactory db.TeamDBFactory,
	signingKey *rsa.PrivateKey,
	expire time.Duration,
	isTLSEnabled bool,
) (http.Handler, error)

func WrapHandler

func WrapHandler(
	handler http.Handler,
	validator Validator,
	userContextReader UserContextReader,
) http.Handler

Types

type AuthDB

type AuthDB interface {
	GetTeam() (db.SavedTeam, bool, error)
}

type AuthTokenGenerator

type AuthTokenGenerator interface {
	GenerateToken(expiration time.Time, teamName string, isAdmin bool, csrfToken string) (TokenType, TokenValue, error)
}

func NewAuthTokenGenerator

func NewAuthTokenGenerator(privateKey *rsa.PrivateKey) AuthTokenGenerator

type BuildsDB

type BuildsDB interface {
	GetBuildByID(buildID int) (db.Build, bool, error)
}

type CSRFTokenGenerator

type CSRFTokenGenerator interface {
	GenerateToken() (string, error)
}

func NewCSRFTokenGenerator

func NewCSRFTokenGenerator() CSRFTokenGenerator

type CheckBuildReadAccessHandlerFactory

type CheckBuildReadAccessHandlerFactory interface {
	AnyJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
	CheckIfPrivateJobHandler(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckBuildWriteAccessHandlerFactory

type CheckBuildWriteAccessHandlerFactory interface {
	HandlerFor(delegateHandler http.Handler, rejector Rejector) http.Handler
}

type CheckPipelineAccessHandlerFactory

type CheckPipelineAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

type CheckWorkerTeamAccessHandlerFactory

type CheckWorkerTeamAccessHandlerFactory interface {
	HandlerFor(pipelineScopedHandler http.Handler, rejector Rejector) http.Handler
}

func NewCheckWorkerTeamAccessHandlerFactory

func NewCheckWorkerTeamAccessHandlerFactory(
	workerFactory dbng.WorkerFactory,
) CheckWorkerTeamAccessHandlerFactory

type CookieSetHandler

type CookieSetHandler struct {
	Handler http.Handler
}

func (CookieSetHandler) ServeHTTP

func (handler CookieSetHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type JWTReader

type JWTReader struct {
	PublicKey *rsa.PublicKey
}

func (JWTReader) GetCSRFToken

func (jr JWTReader) GetCSRFToken(r *http.Request) (string, bool)

func (JWTReader) GetSystem

func (jr JWTReader) GetSystem(r *http.Request) (bool, bool)

func (JWTReader) GetTeam

func (jr JWTReader) GetTeam(r *http.Request) (string, bool, bool)

type JWTValidator

type JWTValidator struct {
	PublicKey *rsa.PublicKey
}

func (JWTValidator) IsAuthenticated

func (validator JWTValidator) IsAuthenticated(r *http.Request) bool

type LogOutHandler

type LogOutHandler struct {
	// contains filtered or unexported fields
}

func (*LogOutHandler) ServeHTTP

func (handler *LogOutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthBeginHandler

type OAuthBeginHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthBeginHandler) ServeHTTP

func (handler *OAuthBeginHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthCallbackHandler

type OAuthCallbackHandler struct {
	// contains filtered or unexported fields
}

func (*OAuthCallbackHandler) ServeHTTP

func (handler *OAuthCallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthFactory

type OAuthFactory struct {
	// contains filtered or unexported fields
}

func NewOAuthFactory

func NewOAuthFactory(logger lager.Logger, atcExternalURL string, routes rata.Routes, callback string) OAuthFactory

func (OAuthFactory) GetProvider

func (of OAuthFactory) GetProvider(team db.SavedTeam, providerName string) (provider.Provider, bool, error)

type OAuthState

type OAuthState struct {
	Redirect     string `json:"redirect"`
	TeamName     string `json:"team_name"`
	FlyLocalPort string `json:"fly_local_port"`
}

type ProviderFactory

type ProviderFactory interface {
	GetProvider(db.SavedTeam, string) (provider.Provider, bool, error)
}

type Rejector

type Rejector interface {
	Unauthorized(http.ResponseWriter, *http.Request)
	Forbidden(http.ResponseWriter, *http.Request)
}

type Team

type Team interface {
	Name() string
	IsAdmin() bool
	IsAuthorized(teamName string) bool
}

func GetTeam

func GetTeam(r *http.Request) (Team, bool)

type TokenType

type TokenType string

type TokenValue

type TokenValue string

type UnauthorizedRejector

type UnauthorizedRejector struct{}

func (UnauthorizedRejector) Forbidden

func (UnauthorizedRejector) Unauthorized

func (UnauthorizedRejector) Unauthorized(w http.ResponseWriter, r *http.Request)

type UserContextReader

type UserContextReader interface {
	GetTeam(r *http.Request) (string, bool, bool)
	GetSystem(r *http.Request) (bool, bool)
	GetCSRFToken(r *http.Request) (string, bool)
}

type Validator

type Validator interface {
	IsAuthenticated(*http.Request) bool
}

func NewBasicAuthValidator

func NewBasicAuthValidator(team db.SavedTeam) Validator

func NewTeamAuthValidator

func NewTeamAuthValidator(
	teamDBFactory db.TeamDBFactory,
	jwtValidator Validator,
) Validator

Directories

Path Synopsis
This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter
This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter This file was generated by counterfeiter
githubfakes
This file was generated by counterfeiter
This file was generated by counterfeiter
providerfakes
This file was generated by counterfeiter This file was generated by counterfeiter
This file was generated by counterfeiter This file was generated by counterfeiter

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL