Documentation
¶
Index ¶
- func MustChangePassword(user *User) bool
- func TestPolicy(newPass string, user *User) *multierror.MultiError
- func ValidateRoleSet(roles []string) error
- type Application
- type EndpointAuth
- type Id
- type Login
- type PasswordAssertion
- type Policy
- type Session
- type Token
- type User
- func (u *User) AnyAdminRoles() bool
- func (u *User) GrantRoles(roles []string)
- func (u *User) InPasswordHistory(p []byte, n int) bool
- func (u *User) IsAccountExpired() bool
- func (u *User) IsDisabled() bool
- func (u *User) MustChangePassword() bool
- func (u *User) OldHashFormat() bool
- func (u *User) PasswordMatches(p []byte) error
- func (u *User) RevokeRoles(roles []string)
- func (u *User) SetPassword(plain string) error
- func (u *User) ShouldBePublished() bool
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MustChangePassword ¶
MustChangePassword will test if a user needs to change their password using the policy defined for this user's application, or against the default policy if none defined for this application
func TestPolicy ¶
func TestPolicy(newPass string, user *User) *multierror.MultiError
TestPolicy will test if a password is valid against the policy defined for this user's application, or against the default policy if none defined for this application
func ValidateRoleSet ¶
ValidateRoleSet will validate a user roleset is valid (what a shock)
Types ¶
type Application ¶
type Application string
Application represents some top-level namespace within which users can register
func (Application) ToAuthMechanism ¶
func (a Application) ToAuthMechanism() string
type EndpointAuth ¶
type EndpointAuth struct {
// ServiceName and EndpointName identify the single endpoint that we are allowing access to
ServiceName, EndpointName string
// AllowedService is the calling service that is granted access
AllowedService string
// Role is the role we are granting
Role string
}
EndpointAuth represents a single service being allowed `Role` access to a single endpoint
func (*EndpointAuth) FqEndpoint ¶
func (e *EndpointAuth) FqEndpoint() string
FqEndpoint returns the "fully qualified" endpoint name, which is service . endpoint
type Id ¶
type Id string
Id represents some secondary ID for a user, eg: email address or phone number we are expecting these to naturally avoid collisions within an application - this is left
type Login ¶
type Login struct {
App Application
Uid string
LoggedIn time.Time
AuthMechanism string
DeviceType string
Meta map[string]string
}
Login represents a single successful login action by a user
type PasswordAssertion ¶
PasswordAssertion asserts something about a new password a user is trying to set, returns nil (pass OK) or error (pass BAD)
func HasLowerCaseChar ¶
func HasLowerCaseChar() PasswordAssertion
HasLowerCaseChar mints a PasswordAssertion to test a password contains an lowercase character
func HasNotBeenUsedIn ¶
func HasNotBeenUsedIn(changes int) PasswordAssertion
HasNotBeenUsedIn mints a PasswordAssertion to test a password hasn't been used in N recent password changes
func HasNumericChar ¶
func HasNumericChar() PasswordAssertion
HasNumericChar mints a PasswordAssertion to test a password contains a number
func HasUpperCaseChar ¶
func HasUpperCaseChar() PasswordAssertion
HasUpperCaseChar mints a PasswordAssertion to test a password contains an uppercase character
func MinimumPasswordLength ¶
func MinimumPasswordLength(length int) PasswordAssertion
MinimumPasswordLength mints a PasswordAssertion to test for a minimum number of chars in password
type Policy ¶
type Policy struct {
// NewPasswordChecks contains a slice of assertions to make on any new password being set
NewPasswordChecks []PasswordAssertion
// PasswordValidFor defines a number of DAYS users can use a password for before it times out
PasswordValidFor int
}
Policy contains all policy rules pertaining to a given application type (one set of rules per type)
func (*Policy) MustChangePassword ¶
MustChangePassword will see if a user should be forced to change their password, based on this policy
func (*Policy) Test ¶
func (p *Policy) Test(newPass string, user *User) *multierror.MultiError
Test will check if a new password is valid for a policy
type Token ¶
type Token struct {
Created time.Time
AuthMechanism string
DeviceType string
Id string
Expires time.Time
AutoRenew time.Time
Roles []string
Signature string
}
Token identifies a user for a limited time, with private-key signature in order that it can be verified as legit by users of the token
func (*Token) CanAutoRenew ¶
CanAutoRenew tests to see if this token can be auto-renewed at the current time
func (*Token) DataToSign ¶
DataToSign returns bytes of the data component of the signature - this discludes sig
func (*Token) DecodedSig ¶
DecodedSig returns base64 decoded bytes of the signature component
type User ¶
type User struct {
App Application
Uid string
Ids []Id
Created time.Time
Roles []string
PasswordHistory [][]byte
Password []byte
PasswordChange time.Time
Status string
AccountExpirationDate string
}
User represents a single user within an application
func (*User) AnyAdminRoles ¶
AnyAdminRoles will return true if this user has any role within the ADMIN category
func (*User) GrantRoles ¶
GrantRoles will merge the user's current roles with those supplied
func (*User) InPasswordHistory ¶
InPasswordHistory tests whether the un-hashed pass p matches a stored value in our last N history items
func (*User) IsAccountExpired ¶
func (*User) IsDisabled ¶
func (*User) MustChangePassword ¶
MustChangePassword will determine if this user should be FORCED to change their password before they are granted access
func (*User) OldHashFormat ¶
OldHashFormat tests whether we have the old h1 driver hash format
func (*User) PasswordMatches ¶
PasswordMatches tests whether the un-hashed pass p matches our stored hashed version
func (*User) RevokeRoles ¶
RevokeRoles will remove supplied roles from the user's roles, if present in the first place
func (*User) SetPassword ¶
SetPassword will set the user's password, hashing it using bcrypt and storing the hash
Source Files