session

package
v2.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 17, 2021 License: Apache-2.0 Imports: 31 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// SessionManagerClaimsIssuer fills the "iss" field of the token.
	SessionManagerClaimsIssuer = "argocd"
	AuthErrorCtxKey            = "auth-error"
)

Variables

View Source
var (
	InvalidLoginErr = status.Errorf(codes.Unauthenticated, invalidLoginError)
)

Functions

func GetSubjectAccountAndCapability

func GetSubjectAccountAndCapability(subject string) (string, settings.AccountCapability)

GetSubjectAccountAndCapability analyzes Argo CD account token subject and extract account name and the capability it was generated for (default capability is API Key).

func Groups

func Groups(ctx context.Context, scopes []string) []string

func Iat

func Iat(ctx context.Context) (time.Time, error)

func Iss

func Iss(ctx context.Context) string

func LoggedIn

func LoggedIn(ctx context.Context) bool

func NewUserStateStorage

func NewUserStateStorage(redis *redis.Client) *userStateStorage

func Sub

func Sub(ctx context.Context) string

func Username

func Username(ctx context.Context) string

Username is a helper to extract a human readable username from a context

Types

type LoginAttempts

type LoginAttempts struct {
	// Time of the last failed login
	LastFailed time.Time `json:"lastFailed"`
	// Number of consecutive login failures
	FailCount int `json:"failCount"`
}

LoginAttempts is a timestamped counter for failed login attempts

type SessionManager

type SessionManager struct {
	// contains filtered or unexported fields
}

SessionManager generates and validates JWT tokens for login sessions.

func NewSessionManager

func NewSessionManager(settingsMgr *settings.SettingsManager, projectsLister v1alpha1.AppProjectNamespaceLister, dexServerAddr string, storage UserStateStorage) *SessionManager

NewSessionManager creates a new session manager from Argo CD settings

func (*SessionManager) Create

func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64, id string) (string, error)

Create creates a new token for a given subject (user) and returns it as a string. Passing a value of `0` for secondsBeforeExpiry creates a token that never expires. The id parameter holds an optional unique JWT token identifier and stored as a standard claim "jti" in the JWT token.

func (*SessionManager) GetLoginFailures

func (mgr *SessionManager) GetLoginFailures() map[string]LoginAttempts

GetLoginFailures retrieves the login failure information from the cache

func (*SessionManager) Parse

func (mgr *SessionManager) Parse(tokenString string) (jwt.Claims, string, error)

Parse tries to parse the provided string and returns the token claims for local login.

func (*SessionManager) RevokeToken

func (mgr *SessionManager) RevokeToken(ctx context.Context, id string, expiringAt time.Duration) error

func (*SessionManager) VerifyToken

func (mgr *SessionManager) VerifyToken(tokenString string) (jwt.Claims, string, error)

VerifyToken verifies if a token is correct. Tokens can be issued either from us or by an IDP. We choose how to verify based on the issuer.

func (*SessionManager) VerifyUsernamePassword

func (mgr *SessionManager) VerifyUsernamePassword(username string, password string) error

VerifyUsernamePassword verifies if a username/password combo is correct

type UserStateStorage

type UserStateStorage interface {
	Init(ctx context.Context)
	// GetLoginAttempts return number of concurrent login attempts
	GetLoginAttempts(attempts *map[string]LoginAttempts) error
	// SetLoginAttempts sets number of concurrent login attempts
	SetLoginAttempts(attempts map[string]LoginAttempts) error
	// RevokeToken revokes token with given id (information about revocation expires after specified timeout)
	RevokeToken(ctx context.Context, id string, expiringAt time.Duration) error
	// IsTokenRevoked checks if given token is revoked
	IsTokenRevoked(id string) bool
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL