Documentation
¶
Index ¶
- Constants
- Variables
- func FirstFactorPost(ctx *middlewares.AutheliaCtx)
- func LogoutPost(ctx *middlewares.AutheliaCtx)
- func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorAvailableMethodsGet(ctx *middlewares.AutheliaCtx)
- func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
- func SecondFactorPreferencesGet(ctx *middlewares.AutheliaCtx)
- func SecondFactorPreferencesPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)
- func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)
- func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)
- func SecondFactorU2FSignPost(ctx *middlewares.AutheliaCtx)
- func StateGet(ctx *middlewares.AutheliaCtx)
- func VerifyGet(ctx *middlewares.AutheliaCtx)
- type MethodList
- type StateResponse
- type TOTPKeyResponse
Constants ¶
const ( // Forbidden means the user is forbidden the access to a resource Forbidden authorizationMatching = iota // NotAuthorized means the user can access the resource with more permissions. NotAuthorized authorizationMatching = iota // Authorized means the user is authorized given her current permissions. Authorized authorizationMatching = iota )
const InternalError = "Internal error."
InternalError is the error message sent when there was an internal error but it should be hidden to the end user. In that case the error should be in the server logs.
const ResetPasswordAction = "ResetPassword"
ResetPasswordAction is the string representation of the action for which the token has been produced.
const TOTPRegistrationAction = "RegisterTOTPDevice"
TOTPRegistrationAction is the string representation of the action for which the token has been produced.
const U2FRegistrationAction = "RegisterU2FDevice"
U2FRegistrationAction is the string representation of the action for which the token has been produced.
UnauthorizedError is the error message sent when the user is not authorized.
Variables ¶
var ResetPasswordIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ActionClaim: ResetPasswordAction}, resetPasswordIdentityFinish)
ResetPasswordIdentityFinish the handler for finishing the identity validation
var ResetPasswordIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailSubject: "[Authelia] Reset your password", MailTitle: "Reset your password", MailButtonContent: "Reset", TargetEndpoint: "/reset-password", ActionClaim: ResetPasswordAction, IdentityRetrieverFunc: identityRetrieverFromStorage, })
ResetPasswordIdentityStart the handler for initiating the identity validation for resetting a password. We need to ensure the attacker cannot perform user enumeration by alway replying with 200 whatever what happens in backend.
var SecondFactorTOTPIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: TOTPRegistrationAction, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, secondFactorTOTPIdentityFinish)
SecondFactorTOTPIdentityFinish the handler for finishing the identity validation
var SecondFactorTOTPIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailSubject: "[Authelia] Register your mobile", MailTitle: "Register your mobile", MailButtonContent: "Register", TargetEndpoint: "/one-time-password-registration", ActionClaim: TOTPRegistrationAction, IdentityRetrieverFunc: identityRetrieverFromSession, })
SecondFactorTOTPIdentityStart the handler for initiating the identity validation.
var SecondFactorU2FIdentityFinish = middlewares.IdentityVerificationFinish( middlewares.IdentityVerificationFinishArgs{ ActionClaim: U2FRegistrationAction, IsTokenUserValidFunc: isTokenUserValidFor2FARegistration, }, secondFactorU2FIdentityFinish)
SecondFactorU2FIdentityFinish the handler for finishing the identity validation
var SecondFactorU2FIdentityStart = middlewares.IdentityVerificationStart(middlewares.IdentityVerificationStartArgs{ MailSubject: "[Authelia] Register your key", MailTitle: "Register your key", MailButtonContent: "Register", TargetEndpoint: "/security-key-registration", ActionClaim: U2FRegistrationAction, IdentityRetrieverFunc: identityRetrieverFromSession, })
SecondFactorU2FIdentityStart the handler for initiating the identity validation.
Functions ¶
func FirstFactorPost ¶
func FirstFactorPost(ctx *middlewares.AutheliaCtx)
FirstFactorPost is the handler performing the first factory.
func LogoutPost ¶
func LogoutPost(ctx *middlewares.AutheliaCtx)
LogoutPost is the handler logging out the user attached to the given cookie.
func ResetPasswordPost ¶
func ResetPasswordPost(ctx *middlewares.AutheliaCtx)
ResetPasswordPost handler for resetting passwords
func SecondFactorAvailableMethodsGet ¶
func SecondFactorAvailableMethodsGet(ctx *middlewares.AutheliaCtx)
SecondFactorAvailableMethodsGet retrieve available 2FA methods. The supported methods are: "totp", "u2f", "duo"
func SecondFactorDuoPost ¶
func SecondFactorDuoPost(duoAPI duo.API) middlewares.RequestHandler
SecondFactorDuoPost handler for sending a push notification via duo api.
func SecondFactorPreferencesGet ¶
func SecondFactorPreferencesGet(ctx *middlewares.AutheliaCtx)
SecondFactorPreferencesGet get the user preferences regarding 2FA.
func SecondFactorPreferencesPost ¶
func SecondFactorPreferencesPost(ctx *middlewares.AutheliaCtx)
SecondFactorPreferencesPost update the user preferences regarding 2FA.
func SecondFactorTOTPPost ¶
func SecondFactorTOTPPost(ctx *middlewares.AutheliaCtx)
SecondFactorTOTPPost validate the TOTP passcode provided by the user.
func SecondFactorU2FRegister ¶
func SecondFactorU2FRegister(ctx *middlewares.AutheliaCtx)
SecondFactorU2FRegister handler validating the client has successfully validated the challenge to complete the U2F registration.
func SecondFactorU2FSignGet ¶
func SecondFactorU2FSignGet(ctx *middlewares.AutheliaCtx)
SecondFactorU2FSignGet handler for initiating a signing request.
func SecondFactorU2FSignPost ¶
func SecondFactorU2FSignPost(ctx *middlewares.AutheliaCtx)
SecondFactorU2FSignPost handler for completing a signing request.
func StateGet ¶
func StateGet(ctx *middlewares.AutheliaCtx)
StateGet is the handler serving the user state.
func VerifyGet ¶
func VerifyGet(ctx *middlewares.AutheliaCtx)
VerifyGet is the handler verifying if a request is allowed to go through.
Types ¶
type StateResponse ¶
type StateResponse struct { Username string `json:"username"` AuthenticationLevel authentication.Level `json:"authentication_level"` DefaultRedirectionURL string `json:"default_redirection_url"` }
StateResponse represents the response sent by the state endpoint.
type TOTPKeyResponse ¶
type TOTPKeyResponse struct { Base32Secret string `json:"base32_secret"` OTPAuthURL string `json:"otpauth_url"` }
TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.
Source Files
¶
- const.go
- errors.go
- handler_2fa_available_methods.go
- handler_2fa_preferences.go
- handler_firstfactor.go
- handler_logout.go
- handler_register_totp.go
- handler_register_u2f_step1.go
- handler_register_u2f_step2.go
- handler_reset_password_step1.go
- handler_reset_password_step2.go
- handler_sign_duo.go
- handler_sign_totp.go
- handler_sign_u2f_step1.go
- handler_sign_u2f_step2.go
- handler_state.go
- handler_verify.go
- safe_redirection.go
- types.go