password

package
v0.0.0-...-2bc625b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 19, 2024 License: Apache-2.0 Imports: 25 Imported by: 1

Documentation

Index

Constants

View Source
const (
	CharListLowercase    = "abcdefghijklmnopqrstuvwxyz"
	CharListUppercase    = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	CharListAlphabet     = CharListLowercase + CharListUppercase
	CharListDigit        = "0123456789"
	CharListAlphanumeric = CharListAlphabet + CharListDigit
	// Referenced from "special" character class in Apple's Password Autofill rules.
	// https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules
	CharListSymbol = "-~!@#$%^&*_+=`|(){}[:;\"'<>,.?]"
)

Character list for each category.

View Source
const (
	// Max trials to generate a password that satisfies the checker.
	DefaultMaxTrials MaxTrials = 10
	// Default minimum length of a password, overrides min length in the policy if less than it.
	DefaultMinLength = 8
	// When min guessable level is > 0, the minimum length of a password.
	GuessableEnabledMinLength = 32
)

Variables

View Source
var ErrPasswordGenerateFailed = apierrors.InternalError.WithReason("PasswordGenerateError").New("failed to generate password")
View Source
var InvalidBcryptHash = apierrors.Invalid.WithReason("InvalidBcryptHash")
View Source
var PasswordExpiryForceChange apierrors.Kind = apierrors.Invalid.WithReason("PasswordExpiryForceChange")
View Source
var PasswordPolicyViolated apierrors.Kind = apierrors.Invalid.WithReason("PasswordPolicyViolated")

Functions

func IsSamePassword

func IsSamePassword(hashedPassword []byte, password string) bool

func TranslateBcryptError

func TranslateBcryptError(err error) error

Types

type Checker

type Checker struct {
	PwMinLength            int
	PwUppercaseRequired    bool
	PwLowercaseRequired    bool
	PwAlphabetRequired     bool
	PwDigitRequired        bool
	PwSymbolRequired       bool
	PwMinGuessableLevel    int
	PwExcludedKeywords     []string
	PwHistorySize          int
	PwHistoryDays          config.DurationDays
	PasswordHistoryEnabled bool
	PasswordHistoryStore   CheckerHistoryStore
}

func (*Checker) PasswordPolicy

func (pc *Checker) PasswordPolicy() (out []Policy)

PasswordPolicy outputs a list of PasswordPolicy to reflect the password policy.

func (*Checker) PasswordRules

func (pc *Checker) PasswordRules() string

func (*Checker) ValidateCurrentPassword

func (pc *Checker) ValidateCurrentPassword(plainPassword string) error

ValidateCurrentPassword should be used when the user authenticates.

func (*Checker) ValidateNewPassword

func (pc *Checker) ValidateNewPassword(ctx context.Context, userID string, plainPassword string) error

ValidateNewPassword should be used when the user changes their password.

type CheckerHistoryStore

type CheckerHistoryStore interface {
	GetPasswordHistory(ctx context.Context, userID string, historySize int, historyDays config.DurationDays) ([]History, error)
}

type Expiry

type Expiry struct {
	ForceChangeEnabled         bool
	ForceChangeSinceLastUpdate config.DurationString
	Clock                      clock.Clock
}

func ProvideExpiry

func ProvideExpiry(
	cfg *config.AuthenticatorPasswordConfig,
	c clock.Clock,
) *Expiry

func (*Expiry) Validate

func (pe *Expiry) Validate(authenticator *authenticator.Password) error

type Generator

type Generator struct {
	MaxTrials      MaxTrials
	Checker        *Checker
	Rand           Rand
	PasswordConfig *config.AuthenticatorPasswordConfig
}

func (*Generator) Generate

func (g *Generator) Generate() (string, error)

type History

type History struct {
	ID             string
	UserID         string
	HashedPassword []byte
	CreatedAt      time.Time
}

History contains a password history of a user

type HistoryStore

type HistoryStore struct {
	Clock       clock.Clock
	SQLBuilder  *appdb.SQLBuilderApp
	SQLExecutor *appdb.SQLExecutor
}

func (*HistoryStore) CreatePasswordHistory

func (p *HistoryStore) CreatePasswordHistory(ctx context.Context, userID string, hashedPassword []byte, createdAt time.Time) error

func (*HistoryStore) GetPasswordHistory

func (p *HistoryStore) GetPasswordHistory(ctx context.Context, userID string, historySize int, historyDays config.DurationDays) ([]History, error)

func (*HistoryStore) RemovePasswordHistory

func (p *HistoryStore) RemovePasswordHistory(ctx context.Context, userID string, historySize int, historyDays config.DurationDays) error

func (*HistoryStore) ResetPasswordHistory

func (p *HistoryStore) ResetPasswordHistory(ctx context.Context, userID string) error

type Housekeeper

type Housekeeper struct {
	Store  *HistoryStore
	Logger HousekeeperLogger
	Config *config.AuthenticatorPasswordConfig
}

func (*Housekeeper) Housekeep

func (p *Housekeeper) Housekeep(ctx context.Context, authID string) (err error)

type HousekeeperLogger

type HousekeeperLogger struct {
	*log.Logger
}

func NewHousekeeperLogger

func NewHousekeeperLogger(lf *log.Factory) HousekeeperLogger

type Logger

type Logger struct{ *log.Logger }

func NewLogger

func NewLogger(lf *log.Factory) Logger

type MaxTrials

type MaxTrials int

type Policy

type Policy struct {
	Name PolicyName
	Info map[string]interface{} `json:",omitempty"`
}

func (Policy) Kind

func (v Policy) Kind() string

type PolicyName

type PolicyName string
const (
	// PasswordTooShort is self-explanatory
	PasswordTooShort PolicyName = "PasswordTooShort"
	// PasswordUppercaseRequired means the password does not contain ASCII uppercase character
	PasswordUppercaseRequired PolicyName = "PasswordUppercaseRequired"
	// PasswordLowercaseRequired means the password does not contain ASCII lowercase character
	PasswordLowercaseRequired PolicyName = "PasswordLowercaseRequired"
	// PasswordAlphabetRequired means the password does not contain ASCII alphabet character
	PasswordAlphabetRequired PolicyName = "PasswordAlphabetRequired"
	// PasswordDigitRequired means the password does not contain ASCII digit character
	PasswordDigitRequired PolicyName = "PasswordDigitRequired"
	// PasswordSymbolRequired means the password does not contain ASCII non-alphanumeric character
	PasswordSymbolRequired PolicyName = "PasswordSymbolRequired"
	// PasswordContainingExcludedKeywords means the password contains configured excluded keywords
	PasswordContainingExcludedKeywords PolicyName = "PasswordContainingExcludedKeywords"
	// PasswordBelowGuessableLevel means the password's guessable level is below configured level.
	// The current implementation uses Dropbox's zxcvbn.
	PasswordBelowGuessableLevel PolicyName = "PasswordBelowGuessableLevel"
	// PasswordReused is self-explanatory
	PasswordReused PolicyName = "PasswordReused"
)

type Provider

type Provider struct {
	Store           *Store
	Config          *config.AuthenticatorPasswordConfig
	Clock           clock.Clock
	Logger          Logger
	PasswordHistory *HistoryStore
	PasswordChecker *Checker
	Expiry          *Expiry
	Housekeeper     *Housekeeper
}

func (*Provider) Authenticate

func (p *Provider) Authenticate(ctx context.Context, a *authenticator.Password, password string) (verifyResult *VerifyResult, err error)

func (*Provider) Create

func (p *Provider) Create(ctx context.Context, a *authenticator.Password) error

func (*Provider) Delete

func (p *Provider) Delete(ctx context.Context, a *authenticator.Password) error

func (*Provider) Get

func (p *Provider) Get(ctx context.Context, userID string, id string) (*authenticator.Password, error)

func (*Provider) GetMany

func (p *Provider) GetMany(ctx context.Context, ids []string) ([]*authenticator.Password, error)

func (*Provider) List

func (p *Provider) List(ctx context.Context, userID string) ([]*authenticator.Password, error)

func (*Provider) New

func (p *Provider) New(ctx context.Context, id string, userID string, passwordSpec *authenticator.PasswordSpec, isDefault bool, kind string) (*authenticator.Password, error)

func (*Provider) Update

func (p *Provider) Update(ctx context.Context, a *authenticator.Password) error

func (*Provider) UpdatePassword

UpdatePassword return new authenticator pointer if password or expireAfter is changed Otherwise original authenticator will be returned

type Rand

type Rand interface {
	Intn(n int) int
	Shuffle(n int, swap func(i, j int))
}

func NewRandSource

func NewRandSource() Rand

type RandRand

type RandRand struct {
	*rand.Rand
}

type Store

type Store struct {
	SQLBuilder  *appdb.SQLBuilderApp
	SQLExecutor *appdb.SQLExecutor
}

func (*Store) Create

func (s *Store) Create(ctx context.Context, a *authenticator.Password) (err error)

func (*Store) Delete

func (s *Store) Delete(ctx context.Context, id string) error

func (*Store) Get

func (s *Store) Get(ctx context.Context, userID string, id string) (*authenticator.Password, error)

func (*Store) GetMany

func (s *Store) GetMany(ctx context.Context, ids []string) ([]*authenticator.Password, error)

func (*Store) List

func (s *Store) List(ctx context.Context, userID string) ([]*authenticator.Password, error)

func (*Store) UpdatePasswordHash

func (s *Store) UpdatePasswordHash(ctx context.Context, a *authenticator.Password) error

type UpdatePasswordOptions

type UpdatePasswordOptions struct {
	SetPassword    bool
	PlainPassword  string
	SetExpireAfter bool
	ExpireAfter    *time.Time
}

type VerifyResult

type VerifyResult struct {
	PolicyForceChange bool
	ExpiryForceChange bool
}

func (*VerifyResult) RequireUpdate

func (r *VerifyResult) RequireUpdate() bool

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL