Documentation ¶
Index ¶
- Constants
- Variables
- func IsSamePassword(hashedPassword []byte, password string) bool
- func TranslateBcryptError(err error) error
- type Checker
- type CheckerHistoryStore
- type Expiry
- type Generator
- type History
- type HistoryStore
- func (p *HistoryStore) CreatePasswordHistory(ctx context.Context, userID string, hashedPassword []byte, createdAt time.Time) error
- func (p *HistoryStore) GetPasswordHistory(ctx context.Context, userID string, historySize int, ...) ([]History, error)
- func (p *HistoryStore) RemovePasswordHistory(ctx context.Context, userID string, historySize int, ...) error
- func (p *HistoryStore) ResetPasswordHistory(ctx context.Context, userID string) error
- type Housekeeper
- type HousekeeperLogger
- type Logger
- type MaxTrials
- type Policy
- type PolicyName
- type Provider
- func (p *Provider) Authenticate(ctx context.Context, a *authenticator.Password, password string) (verifyResult *VerifyResult, err error)
- func (p *Provider) Create(ctx context.Context, a *authenticator.Password) error
- func (p *Provider) Delete(ctx context.Context, a *authenticator.Password) error
- func (p *Provider) Get(ctx context.Context, userID string, id string) (*authenticator.Password, error)
- func (p *Provider) GetMany(ctx context.Context, ids []string) ([]*authenticator.Password, error)
- func (p *Provider) List(ctx context.Context, userID string) ([]*authenticator.Password, error)
- func (p *Provider) New(ctx context.Context, id string, userID string, ...) (*authenticator.Password, error)
- func (p *Provider) Update(ctx context.Context, a *authenticator.Password) error
- func (p *Provider) UpdatePassword(ctx context.Context, a *authenticator.Password, options *UpdatePasswordOptions) (bool, *authenticator.Password, error)
- type Rand
- type RandRand
- type Store
- func (s *Store) Create(ctx context.Context, a *authenticator.Password) (err error)
- func (s *Store) Delete(ctx context.Context, id string) error
- func (s *Store) Get(ctx context.Context, userID string, id string) (*authenticator.Password, error)
- func (s *Store) GetMany(ctx context.Context, ids []string) ([]*authenticator.Password, error)
- func (s *Store) List(ctx context.Context, userID string) ([]*authenticator.Password, error)
- func (s *Store) UpdatePasswordHash(ctx context.Context, a *authenticator.Password) error
- type UpdatePasswordOptions
- type VerifyResult
Constants ¶
View Source
const ( CharListLowercase = "abcdefghijklmnopqrstuvwxyz" CharListUppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" CharListAlphabet = CharListLowercase + CharListUppercase CharListDigit = "0123456789" CharListAlphanumeric = CharListAlphabet + CharListDigit // Referenced from "special" character class in Apple's Password Autofill rules. // https://developer.apple.com/documentation/security/password_autofill/customizing_password_autofill_rules CharListSymbol = "-~!@#$%^&*_+=`|(){}[:;\"'<>,.?]" )
Character list for each category.
View Source
const ( // Max trials to generate a password that satisfies the checker. DefaultMaxTrials MaxTrials = 10 // Default minimum length of a password, overrides min length in the policy if less than it. DefaultMinLength = 8 // When min guessable level is > 0, the minimum length of a password. GuessableEnabledMinLength = 32 )
Variables ¶
View Source
var DependencySet = wire.NewSet( NewLogger, wire.Struct(new(Provider), "*"), wire.Struct(new(Store), "*"), NewHousekeeperLogger, wire.Struct(new(Housekeeper), "*"), ProvideChecker, wire.Struct(new(HistoryStore), "*"), wire.Bind(new(CheckerHistoryStore), new(*HistoryStore)), ProvideExpiry, NewRandSource, wire.Value(DefaultMaxTrials), wire.Struct(new(Generator), "*"), )
View Source
var ErrPasswordGenerateFailed = apierrors.InternalError.WithReason("PasswordGenerateError").New("failed to generate password")
View Source
var InvalidBcryptHash = apierrors.Invalid.WithReason("InvalidBcryptHash")
View Source
var PasswordExpiryForceChange apierrors.Kind = apierrors.Invalid.WithReason("PasswordExpiryForceChange")
View Source
var PasswordPolicyViolated apierrors.Kind = apierrors.Invalid.WithReason("PasswordPolicyViolated")
Functions ¶
func IsSamePassword ¶
func TranslateBcryptError ¶
Types ¶
type Checker ¶
type Checker struct { PwMinLength int PwUppercaseRequired bool PwLowercaseRequired bool PwAlphabetRequired bool PwDigitRequired bool PwSymbolRequired bool PwMinGuessableLevel int PwExcludedKeywords []string PwHistorySize int PwHistoryDays config.DurationDays PasswordHistoryEnabled bool PasswordHistoryStore CheckerHistoryStore }
func ProvideChecker ¶
func ProvideChecker( cfg *config.AuthenticatorPasswordConfig, featureCfg *config.AuthenticatorFeatureConfig, s CheckerHistoryStore, ) *Checker
func (*Checker) PasswordPolicy ¶
PasswordPolicy outputs a list of PasswordPolicy to reflect the password policy.
func (*Checker) PasswordRules ¶
func (*Checker) ValidateCurrentPassword ¶
ValidateCurrentPassword should be used when the user authenticates.
type CheckerHistoryStore ¶
type Expiry ¶
type Expiry struct { ForceChangeEnabled bool ForceChangeSinceLastUpdate config.DurationString Clock clock.Clock }
func ProvideExpiry ¶
func ProvideExpiry( cfg *config.AuthenticatorPasswordConfig, c clock.Clock, ) *Expiry
type Generator ¶
type Generator struct { MaxTrials MaxTrials Checker *Checker Rand Rand PasswordConfig *config.AuthenticatorPasswordConfig }
type HistoryStore ¶
type HistoryStore struct { Clock clock.Clock SQLBuilder *appdb.SQLBuilderApp SQLExecutor *appdb.SQLExecutor }
func (*HistoryStore) CreatePasswordHistory ¶
func (*HistoryStore) GetPasswordHistory ¶
func (p *HistoryStore) GetPasswordHistory(ctx context.Context, userID string, historySize int, historyDays config.DurationDays) ([]History, error)
func (*HistoryStore) RemovePasswordHistory ¶
func (p *HistoryStore) RemovePasswordHistory(ctx context.Context, userID string, historySize int, historyDays config.DurationDays) error
func (*HistoryStore) ResetPasswordHistory ¶
func (p *HistoryStore) ResetPasswordHistory(ctx context.Context, userID string) error
type Housekeeper ¶
type Housekeeper struct { Store *HistoryStore Logger HousekeeperLogger Config *config.AuthenticatorPasswordConfig }
type HousekeeperLogger ¶
func NewHousekeeperLogger ¶
func NewHousekeeperLogger(lf *log.Factory) HousekeeperLogger
type Policy ¶
type Policy struct { Name PolicyName Info map[string]interface{} `json:",omitempty"` }
type PolicyName ¶
type PolicyName string
const ( // PasswordTooShort is self-explanatory PasswordTooShort PolicyName = "PasswordTooShort" // PasswordUppercaseRequired means the password does not contain ASCII uppercase character PasswordUppercaseRequired PolicyName = "PasswordUppercaseRequired" // PasswordLowercaseRequired means the password does not contain ASCII lowercase character PasswordLowercaseRequired PolicyName = "PasswordLowercaseRequired" // PasswordAlphabetRequired means the password does not contain ASCII alphabet character PasswordAlphabetRequired PolicyName = "PasswordAlphabetRequired" // PasswordDigitRequired means the password does not contain ASCII digit character PasswordDigitRequired PolicyName = "PasswordDigitRequired" // PasswordSymbolRequired means the password does not contain ASCII non-alphanumeric character PasswordSymbolRequired PolicyName = "PasswordSymbolRequired" // PasswordContainingExcludedKeywords means the password contains configured excluded keywords PasswordContainingExcludedKeywords PolicyName = "PasswordContainingExcludedKeywords" // PasswordBelowGuessableLevel means the password's guessable level is below configured level. // The current implementation uses Dropbox's zxcvbn. PasswordBelowGuessableLevel PolicyName = "PasswordBelowGuessableLevel" // PasswordReused is self-explanatory PasswordReused PolicyName = "PasswordReused" )
type Provider ¶
type Provider struct { Store *Store Config *config.AuthenticatorPasswordConfig Clock clock.Clock Logger Logger PasswordHistory *HistoryStore PasswordChecker *Checker Expiry *Expiry Housekeeper *Housekeeper }
func (*Provider) Authenticate ¶
func (p *Provider) Authenticate(ctx context.Context, a *authenticator.Password, password string) (verifyResult *VerifyResult, err error)
func (*Provider) New ¶
func (p *Provider) New(ctx context.Context, id string, userID string, passwordSpec *authenticator.PasswordSpec, isDefault bool, kind string) (*authenticator.Password, error)
func (*Provider) UpdatePassword ¶
func (p *Provider) UpdatePassword(ctx context.Context, a *authenticator.Password, options *UpdatePasswordOptions) (bool, *authenticator.Password, error)
UpdatePassword return new authenticator pointer if password or expireAfter is changed Otherwise original authenticator will be returned
type Rand ¶
func NewRandSource ¶
func NewRandSource() Rand
type Store ¶
type Store struct { SQLBuilder *appdb.SQLBuilderApp SQLExecutor *appdb.SQLExecutor }
func (*Store) UpdatePasswordHash ¶
type UpdatePasswordOptions ¶
type VerifyResult ¶
func (*VerifyResult) RequireUpdate ¶
func (r *VerifyResult) RequireUpdate() bool
Click to show internal directories.
Click to hide internal directories.