interaction

package
v0.0.0-...-ee57881 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SignupAnonymousPerIP    ratelimit.BucketName = "SignupAnonymousPerIP"
	SignupPerIP             ratelimit.BucketName = "SignupPerIP"
	AccountEnumerationPerIP ratelimit.BucketName = "AccountEnumerationPerIP"
)
View Source 
const GraphLifetime = duration.UserInteraction

Variables

View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(Context), "*"),
	wire.Struct(new(StoreRedis), "*"),
	wire.Bind(new(Store), new(*StoreRedis)),
	NewLogger,
	wire.Struct(new(Service), "*"),
)
View Source 
var ErrGraphNotFound = errors.New("invalid graph or graph not found")
View Source 
var ErrIncompatibleInput = errors.New("incompatible input type for this node")
View Source 
var ErrSameNode = errors.New("the edge points to the same current node")

Functions

func AccountEnumerationPerIPRateLimitBucketSpec 

func AccountEnumerationPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, ip string) ratelimit.BucketSpec

func Input 

func Input(i interface{}, input interface{}) bool

func IntentKind 

func IntentKind(intent Intent) string

func IsAdminAPI 

func IsAdminAPI(input interface{}) bool

func NodeKind 

func NodeKind(node Node) string

func RegisterIntent 

func RegisterIntent(intent Intent)

func RegisterNode 

func RegisterNode(node Node)

func SignupPerIPRateLimitBucketSpec 

func SignupPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, isAnonymous bool, ip string) ratelimit.BucketSpec

func SortAuthenticators 

func SortAuthenticators(
	preferred []model.AuthenticatorType,
	slice interface{},
	toSortable func(i int) SortableAuthenticator,
)

SortAuthenticators sorts slice in-place by considering preferred as the order. The item in the slice must somehow associated with a single AuthenticatorType.

Types

type AnonymousIdentityProvider 

type AnonymousIdentityProvider interface {
	ParseRequestUnverified(requestJWT string) (*anonymous.Request, error)
	ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error)

	Get(ctx context.Context, userID string, id string) (*identity.Anonymous, error)
	GetByKeyID(ctx context.Context, keyID string) (*identity.Anonymous, error)
}

type AnonymousUserPromotionCodeStore 

type AnonymousUserPromotionCodeStore interface {
	GetPromotionCode(ctx context.Context, codeHash string) (*anonymous.PromotionCode, error)
	DeletePromotionCode(ctx context.Context, code *anonymous.PromotionCode) error
}

type AuthenticationInfoService 

type AuthenticationInfoService interface {
	Save(ctx context.Context, entry *authenticationinfo.Entry) error
}

type AuthenticatorService 

type AuthenticatorService interface {
	New(ctx context.Context, spec *authenticator.Spec) (*authenticator.Info, error)
	NewWithAuthenticatorID(ctx context.Context, authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
	UpdatePassword(ctx context.Context, authenticatorInfo *authenticator.Info, options *service.UpdatePasswordOptions) (changed bool, info *authenticator.Info, err error)

	Get(ctx context.Context, id string) (*authenticator.Info, error)
	List(ctx context.Context, userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
	Create(ctx context.Context, authenticatorInfo *authenticator.Info, markVerified bool) error
	Update(ctx context.Context, authenticatorInfo *authenticator.Info) error
	Delete(ctx context.Context, authenticatorInfo *authenticator.Info) error
	VerifyWithSpec(ctx context.Context, info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error)
	VerifyOneWithSpec(ctx context.Context, userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error)
	ClearLockoutAttempts(ctx context.Context, userID string, usedMethods []config.AuthenticationLockoutMethod) error
	MarkOOBIdentityVerified(ctx context.Context, info *authenticator.Info) error
}

type AuthenticatorUpdateReason 

type AuthenticatorUpdateReason string
const (
	AuthenticatorUpdateReasonPolicy AuthenticatorUpdateReason = "policy"
	AuthenticatorUpdateReasonExpiry AuthenticatorUpdateReason = "expiry"
)

type BiometricIdentityProvider 

type BiometricIdentityProvider interface {
	ParseRequestUnverified(requestJWT string) (*biometric.Request, error)
	ParseRequest(requestJWT string, identity *identity.Biometric) (*biometric.Request, error)

	GetByKeyID(ctx context.Context, keyID string) (*identity.Biometric, error)
}

type ChallengeProvider 

type ChallengeProvider interface {
	Consume(ctx context.Context, token string) (*challenge.Purpose, error)
	Get(ctx context.Context, token string) (*challenge.Challenge, error)
}

type Context 

type Context struct {
	IsCommitting   bool   `wire:"-"`
	WebSessionID   string `wire:"-"`
	OAuthSessionID string `wire:"-"`

	Request  *http.Request
	RemoteIP httputil.RemoteIP

	Database            *appdb.SQLExecutor
	Clock               clock.Clock
	Config              *config.AppConfig
	FeatureConfig       *config.FeatureConfig
	OAuthClientResolver OAuthClientResolver

	OfflineGrants                   OfflineGrantStore
	Identities                      IdentityService
	Authenticators                  AuthenticatorService
	AnonymousIdentities             AnonymousIdentityProvider
	AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore
	BiometricIdentities             BiometricIdentityProvider
	OTPCodeService                  OTPCodeService
	OTPSender                       OTPSender
	OAuthProviderFactory            OAuthProviderFactory
	OAuthRedirectURIBuilder         OAuthRedirectURIBuilder
	OAuthStateStore                 OAuthStateStore
	MFA                             MFAService
	ForgotPassword                  ForgotPasswordService
	ResetPassword                   ResetPasswordService
	Passkey                         PasskeyService
	Verification                    VerificationService
	RateLimiter                     RateLimiter
	PasswordGenerator               *password.Generator

	Nonces NonceService

	Challenges                ChallengeProvider
	Users                     UserService
	StdAttrsService           StdAttrsService
	Events                    EventService
	CookieManager             CookieManager
	AuthenticationInfoService AuthenticationInfoService
	Sessions                  SessionProvider
	SessionManager            SessionManager
	SessionCookie             session.CookieDef
	OAuthSessions             OAuthSessions
	MFADeviceTokenCookie      mfa.CookieDef
}

type ContextValues 

type ContextValues struct {
	WebSessionID   string
	OAuthSessionID string
}

type CookieManager 

type CookieManager interface {
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type Edge 

type Edge interface {
	// Instantiate instantiates the node pointed by the edge.
	// It is ran once only for the pointed node, so side effects visible
	// outside the transaction (e.g. sending messages) is allowed.
	// It may return ErrSameNode if the edge loops back to self.
	// This is used to model side-effect only actions, such as sending
	// OTP message.
	Instantiate(goCtx context.Context, ctx *Context, graph *Graph, input interface{}) (Node, error)
}

type Effect 

type Effect interface {
	// contains filtered or unexported methods
}

type EffectOnCommit 

type EffectOnCommit func(goCtx context.Context, ctx *Context, graph *Graph, nodeIndex int) error

type EffectRun 

type EffectRun func(goCtx context.Context, ctx *Context, graph *Graph, nodeIndex int) error

type ErrClearCookie 

type ErrClearCookie struct {
	Cookies []*http.Cookie
	Inner   error
}

func (*ErrClearCookie) Error 

func (e *ErrClearCookie) Error() string

func (*ErrClearCookie) Unwrap 

func (e *ErrClearCookie) Unwrap() error

type ErrInputRequired 

type ErrInputRequired struct {
	Inner error
}

func (*ErrInputRequired) Error 

func (e *ErrInputRequired) Error() string

func (*ErrInputRequired) Unwrap 

func (e *ErrInputRequired) Unwrap() error

type EventService 

type EventService interface {
	DispatchEventOnCommit(ctx context.Context, payload event.Payload) error
}

type ForgotPasswordService 

type ForgotPasswordService interface {
	SendCode(ctx context.Context, loginID string, options *forgotpassword.CodeOptions) error
}

type Graph 

type Graph struct {
	// GraphID is the unique ID for a graph.
	// It is a constant value through out a graph.
	// It is used to keep track of which instances belong to a particular graph.
	// When one graph is committed, any other instances sharing the same GraphID become invalid.
	GraphID string

	// InstanceID is a unique ID for a particular instance of a graph.
	InstanceID string

	// Intent is the intent (i.e. flow type) of the graph
	Intent Intent

	// Nodes are nodes in a specific path from intent of the interaction graph.
	Nodes []Node
}

func (*Graph) Apply 

func (g *Graph) Apply(goCtx context.Context, ctx *Context) error

Apply applies the effect the the graph nodes into the context.

func (*Graph) CurrentNode 

func (g *Graph) CurrentNode() Node

func (*Graph) FillDetails 

func (g *Graph) FillDetails(err error) error

func (*Graph) FindLastNode 

func (g *Graph) FindLastNode(node interface{}) bool

func (*Graph) FindLastNodeAndPosition 

func (g *Graph) FindLastNodeAndPosition(node interface{}) int

func (*Graph) FindLastNodeFromList 

func (g *Graph) FindLastNodeFromList(nodes []interface{}) (node interface{})

FindLastNodeFromList find the last node from a list of node interface

func (*Graph) GetAMR 

func (g *Graph) GetAMR() []string

func (*Graph) GetAuthenticationInfoEntry 

func (g *Graph) GetAuthenticationInfoEntry() (*authenticationinfo.Entry, bool)

func (*Graph) GetNewUserID 

func (g *Graph) GetNewUserID() (string, bool)

func (*Graph) GetRequireUpdateAuthenticator 

func (g *Graph) GetRequireUpdateAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, *AuthenticatorUpdateReason, bool)

func (*Graph) GetUsedAuthenticationLockoutMethods 

func (g *Graph) GetUsedAuthenticationLockoutMethods() []config.AuthenticationLockoutMethod

func (*Graph) GetUserAuthenticator 

func (g *Graph) GetUserAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, bool)

func (*Graph) GetUserLastIdentity 

func (g *Graph) GetUserLastIdentity() (*identity.Info, bool)

func (*Graph) GetUserNewAuthenticators 

func (g *Graph) GetUserNewAuthenticators() []*authenticator.Info

func (*Graph) GetUserNewIdentities 

func (g *Graph) GetUserNewIdentities() []*identity.Info

func (*Graph) MarshalJSON 

func (g *Graph) MarshalJSON() ([]byte, error)

func (*Graph) MustGetUpdateIdentityID 

func (g *Graph) MustGetUpdateIdentityID() string

func (*Graph) MustGetUserID 

func (g *Graph) MustGetUserID() string

func (*Graph) MustGetUserLastIdentity 

func (g *Graph) MustGetUserLastIdentity() *identity.Info

func (*Graph) UnmarshalJSON 

func (g *Graph) UnmarshalJSON(d []byte) error

type IdentityService 

type IdentityService interface {
	New(ctx context.Context, userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	UpdateWithSpec(ctx context.Context, is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)

	Get(ctx context.Context, id string) (*identity.Info, error)
	SearchBySpec(ctx context.Context, spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error)
	ListByUser(ctx context.Context, userID string) ([]*identity.Info, error)
	Create(ctx context.Context, is *identity.Info) error
	Update(ctx context.Context, oldInfo *identity.Info, newInfo *identity.Info) error
	Delete(ctx context.Context, is *identity.Info) error
	CheckDuplicated(ctx context.Context, info *identity.Info) (*identity.Info, error)
}

type Intent 

type Intent interface {
	InstantiateRootNode(goCtx context.Context, ctx *Context, graph *Graph) (Node, error)
	DeriveEdgesForNode(goCtx context.Context, graph *Graph, node Node) ([]Edge, error)
}

func InstantiateIntent 

func InstantiateIntent(kind string) Intent

type IntentFactory 

type IntentFactory func() Intent

type Logger 

type Logger struct{ *log.Logger }

func NewLogger 

func NewLogger(lf *log.Factory) Logger

type MFAService 

type MFAService interface {
	GenerateDeviceToken(ctx context.Context) string
	CreateDeviceToken(ctx context.Context, userID string, token string) (*mfa.DeviceToken, error)
	VerifyDeviceToken(ctx context.Context, userID string, token string) error
	InvalidateAllDeviceTokens(ctx context.Context, userID string) error

	VerifyRecoveryCode(ctx context.Context, userID string, code string) (*mfa.RecoveryCode, error)
	ConsumeRecoveryCode(ctx context.Context, rc *mfa.RecoveryCode) error
	GenerateRecoveryCodes(ctx context.Context) []string
	ReplaceRecoveryCodes(ctx context.Context, userID string, codes []string) ([]*mfa.RecoveryCode, error)
	ListRecoveryCodes(ctx context.Context, userID string) ([]*mfa.RecoveryCode, error)
}

type Node 

type Node interface {
	// Prepare the node with data required by DeriveEdges.
	Prepare(goCtx context.Context, ctx *Context, graph *Graph) error
	// GetEffects describe the effects of this node.
	// The effects may be ran multiple times, due replaying the graph.
	// So no external visible side effect is allowed.
	GetEffects(goCtx context.Context) (effs []Effect, err error)
	DeriveEdges(goCtx context.Context, graph *Graph) ([]Edge, error)
}

func InstantiateNode 

func InstantiateNode(kind string) Node

type NodeFactory 

type NodeFactory func() Node

type NonceService 

type NonceService interface {
	GenerateAndSet() string
	GetAndClear() string
}

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthProviderFactory 

type OAuthProviderFactory interface {
	GetProviderConfig(alias string) (oauthrelyingparty.ProviderConfig, error)

	GetAuthorizationURL(ctx context.Context, alias string, options oauthrelyingparty.GetAuthorizationURLOptions) (string, error)
	GetUserProfile(ctx context.Context, alias string, options oauthrelyingparty.GetUserProfileOptions) (oauthrelyingparty.UserProfile, error)
}

type OAuthRedirectURIBuilder 

type OAuthRedirectURIBuilder interface {
	SSOCallbackURL(alias string) *url.URL
	WeChatAuthorizeURL(alias string) *url.URL
	WeChatCallbackEndpointURL() *url.URL
}

type OAuthSessions 

type OAuthSessions interface {
	Get(ctx context.Context, entryID string) (*oauthsession.Entry, error)
	Save(ctx context.Context, entry *oauthsession.Entry) (err error)
}

type OAuthStateStore 

type OAuthStateStore interface {
	GenerateState(ctx context.Context, state *webappoauth.WebappOAuthState) (stateToken string, err error)
	PopAndRecoverState(ctx context.Context, stateToken string) (state *webappoauth.WebappOAuthState, err error)
}

type OOBType 

type OOBType string
const (
	OOBTypeSetupPrimary          OOBType = "setup-primary-oob"
	OOBTypeSetupSecondary        OOBType = "setup-secondary-oob"
	OOBTypeAuthenticatePrimary   OOBType = "authenticate-primary-oob"
	OOBTypeAuthenticateSecondary OOBType = "authenticate-secondary-oob"
)

type OTPCodeService 

type OTPCodeService interface {
	GenerateOTP(ctx context.Context, kind otp.Kind, target string, form otp.Form, opt *otp.GenerateOptions) (string, error)
	VerifyOTP(ctx context.Context, kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error
}

type OTPSender 

type OTPSender interface {
	Send(ctx context.Context, opts otp.SendOptions) error
}

type OfflineGrantStore 

type OfflineGrantStore interface {
	ListClientOfflineGrants(ctx context.Context, clientID string, userID string) ([]*oauth.OfflineGrant, error)
}

type PasskeyService 

type PasskeyService interface {
	ConsumeAttestationResponse(ctx context.Context, attestationResponse []byte) (err error)
	ConsumeAssertionResponse(ctx context.Context, assertionResponse []byte) (err error)
}

type RateLimiter 

type RateLimiter interface {
	Allow(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.FailedReservation, error)
	Reserve(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.Reservation, *ratelimit.FailedReservation, error)
	Cancel(ctx context.Context, r *ratelimit.Reservation)
}

type ResetPasswordService 

type ResetPasswordService interface {
	ResetPasswordByEndUser(ctx context.Context, code string, newPassword string) error
	ChangePasswordByAdmin(ctx context.Context, options *forgotpassword.SetPasswordOptions) error
}

type Service 

type Service struct {
	Logger  Logger
	Context *Context
	Store   Store
}

func (*Service) Accept 

func (s *Service) Accept(goCtx context.Context, ctx *Context, graph *Graph, input interface{}) (*Graph, []Edge, error)

func (*Service) DryRun 

func (s *Service) DryRun(ctx context.Context, contextValues ContextValues, fn func(ctx context.Context, interactionCtx *Context) (*Graph, error)) (err error)

func (*Service) Get 

func (s *Service) Get(ctx context.Context, instanceID string) (*Graph, error)

func (*Service) NewGraph 

func (s *Service) NewGraph(ctx context.Context, interactionCtx *Context, intent Intent) (*Graph, error)

func (*Service) Run 

func (s *Service) Run(ctx context.Context, contextValues ContextValues, graph *Graph) (err error)

type SessionManager 

type SessionManager interface {
	RevokeWithoutEvent(ctx context.Context, s session.SessionBase) error
}

type SessionProvider 

type SessionProvider interface {
	MakeSession(*session.Attrs) (*idpsession.IDPSession, string)

	Create(ctx context.Context, s *idpsession.IDPSession) error
	Reauthenticate(ctx context.Context, idpSessionID string, amr []string) error
}

type SortableAuthenticator 

type SortableAuthenticator interface {
	AuthenticatorType() model.AuthenticatorType
	IsDefaultAuthenticator() bool
}

type SortableAuthenticatorInfo 

type SortableAuthenticatorInfo authenticator.Info

func (*SortableAuthenticatorInfo) AuthenticatorType 

func (i *SortableAuthenticatorInfo) AuthenticatorType() model.AuthenticatorType

func (*SortableAuthenticatorInfo) IsDefaultAuthenticator 

func (i *SortableAuthenticatorInfo) IsDefaultAuthenticator() bool

type StdAttrsService 

type StdAttrsService interface {
	PopulateStandardAttributes(ctx context.Context, userID string, iden *identity.Info) error
}

type Store 

type Store interface {
	CreateGraph(ctx context.Context, graph *Graph) error
	CreateGraphInstance(ctx context.Context, graph *Graph) error
	GetGraphInstance(ctx context.Context, instanceID string) (*Graph, error)
	DeleteGraph(ctx context.Context, graph *Graph) error
}

type StoreRedis 

type StoreRedis struct {
	Redis *appredis.Handle
	AppID config.AppID
}

func (*StoreRedis) CreateGraph 

func (s *StoreRedis) CreateGraph(ctx context.Context, graph *Graph) error

func (*StoreRedis) CreateGraphInstance 

func (s *StoreRedis) CreateGraphInstance(ctx context.Context, graph *Graph) error

func (*StoreRedis) DeleteGraph 

func (s *StoreRedis) DeleteGraph(ctx context.Context, graph *Graph) error

func (*StoreRedis) GetGraphInstance 

func (s *StoreRedis) GetGraphInstance(ctx context.Context, instanceID string) (*Graph, error)

type UserService 

type UserService interface {
	Get(ctx context.Context, id string, role accesscontrol.Role) (*model.User, error)
	GetRaw(ctx context.Context, id string) (*user.User, error)
	Create(ctx context.Context, userID string) (*user.User, error)
	UpdateLoginTime(ctx context.Context, userID string, lastLoginAt time.Time) error
	AfterCreate(
		ctx context.Context,
		user *user.User,
		identities []*identity.Info,
		authenticators []*authenticator.Info,
		isAdminAPI bool,
	) error
}

type VerificationService 

type VerificationService interface {
	NewVerifiedClaim(ctx context.Context, userID string, claimName string, claimValue string) *verification.Claim

	GetIdentityVerificationStatus(ctx context.Context, i *identity.Info) ([]verification.ClaimStatus, error)
	GetAuthenticatorVerificationStatus(ctx context.Context, a *authenticator.Info) (verification.AuthenticatorStatus, error)
	MarkClaimVerified(ctx context.Context, claim *verification.Claim) error
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.