Versions in this module Expand all Collapse all v0 v0.14.0 Apr 24, 2024 v0.13.0 Feb 27, 2024 Changes in this version + const MFAEventOtpCreate + const MFAEventOtpRefresh + const MFAEventVerificationFailure + const MFAEventVerificationSuccess + const MessageAccountDisabled + const MessageAccountLocked + const MessageAccountStatus + const MessageBadCredential + const MessageCannotRefresh + const MessageInvalidAccountStatus + const MessageInvalidPasscode + const MessageLockedDueToBadCredential + const MessageMaxAttemptsReached + const MessageMaxRefreshAttemptsReached + const MessageOtpNotAvailable + const MessagePasscodeExpired + const MessagePasswordExpired + const MessagePasswordLoginNotAllowed + const MessageUserNotFound + const SpecialPermissionMFAPending + const SpecialPermissionOtpId + var Module = &bootstrap.Module + var PasswordAuthenticatorFeatureId = security.FeatureId("passwdAuth", security.FeatureOrderAuthenticator) + func GobRegister() + func IsSamePrincipal(username string, currentAuth security.Authentication) bool + type AccountLockingPostProcessor struct + func NewAccountLockingPostProcessor(store security.AccountStore) *AccountLockingPostProcessor + func (p *AccountLockingPostProcessor) Order() int + func (p *AccountLockingPostProcessor) Process(ctx context.Context, acct security.Account, result AuthenticationResult) AuthenticationResult + type AccountStatusChecker struct + func NewAccountStatusChecker(store security.AccountStore) *AccountStatusChecker + func (adm *AccountStatusChecker) Decide(ctx context.Context, _ security.Candidate, acct security.Account, ...) error + type AccountStatusPostProcessor struct + func NewAccountStatusPostProcessor(store security.AccountStore) *AccountStatusPostProcessor + func (p *AccountStatusPostProcessor) Order() int + func (p *AccountStatusPostProcessor) Process(ctx context.Context, acct security.Account, result AuthenticationResult) AuthenticationResult + type AdditionalDetailsPostProcessor struct + func NewAdditionalDetailsPostProcessor() *AdditionalDetailsPostProcessor + func (p *AdditionalDetailsPostProcessor) Order() int + func (p *AdditionalDetailsPostProcessor) Process(_ context.Context, _ security.Account, result AuthenticationResult) AuthenticationResult + type AuthenticationDecisionMaker interface + Decide func(context.Context, security.Candidate, security.Account, security.Authentication) error + func FinalCheck(delegate AuthenticationDecisionMaker) AuthenticationDecisionMaker + func PostCredentialsCheck(delegate AuthenticationDecisionMaker) AuthenticationDecisionMaker + func PreCredentialsCheck(delegate AuthenticationDecisionMaker) AuthenticationDecisionMaker + type AuthenticationResult struct + Auth security.Authentication + Candidate security.Candidate + Error error + type Authenticator struct + func NewAuthenticator(optionFuncs ...AuthenticatorOptionsFunc) *Authenticator + func (a *Authenticator) Authenticate(ctx context.Context, candidate security.Candidate) (auth security.Authentication, err error) + func (a *Authenticator) CreateSuccessAuthentication(candidate *UsernamePasswordPair, account security.Account) (security.Authentication, error) + type AuthenticatorBuilder struct + func NewAuthenticatorBuilder(f *PasswordAuthFeature, defaults ...*builderDefaults) *AuthenticatorBuilder + func (b *AuthenticatorBuilder) Build(_ context.Context) (security.Authenticator, error) + type AuthenticatorOptions struct + AccountStore security.AccountStore + Checkers []AuthenticationDecisionMaker + MFAEventListeners []MFAEventListenerFunc + OTPManager OTPManager + PasswordEncoder PasswordEncoder + PostProcessors []PostAuthenticationProcessor + type AuthenticatorOptionsFunc func(*AuthenticatorOptions) + type ConditionalDecisionMaker struct + func (dm *ConditionalDecisionMaker) Decide(ctx context.Context, c security.Candidate, acct security.Account, ...) error + type DecisionMakerConditionFunc func(context.Context, security.Candidate, security.Account, security.Authentication) bool + type MFAEvent int + type MFAEventListenerFunc func(event MFAEvent, otp OTP, principal interface{}) + type MFAMode int + const MFAModeMust + const MFAModeOptional + const MFAModeSkip + type MFAOtpRefresh struct + CurrentAuth UsernamePasswordAuthentication + DetailsMap map[string]interface{} + func (uop *MFAOtpRefresh) Credentials() interface{} + func (uop *MFAOtpRefresh) Details() interface{} + func (uop *MFAOtpRefresh) Principal() interface{} + type MFAOtpVerification struct + CurrentAuth UsernamePasswordAuthentication + DetailsMap map[string]interface{} + OTP string + func (uop *MFAOtpVerification) Credentials() interface{} + func (uop *MFAOtpVerification) Details() interface{} + func (uop *MFAOtpVerification) Principal() interface{} + type MfaRefreshAuthenticator struct + func NewMFARefreshAuthenticator(optionFuncs ...AuthenticatorOptionsFunc) *MfaRefreshAuthenticator + func (a *MfaRefreshAuthenticator) Authenticate(ctx context.Context, candidate security.Candidate) (auth security.Authentication, err error) + func (a *MfaRefreshAuthenticator) CreateSuccessAuthentication(candidate *MFAOtpRefresh, _ security.Account) (security.Authentication, error) + type MfaVerifyAuthenticator struct + func NewMFAVerifyAuthenticator(optionFuncs ...AuthenticatorOptionsFunc) *MfaVerifyAuthenticator + func (a *MfaVerifyAuthenticator) Authenticate(ctx context.Context, candidate security.Candidate) (auth security.Authentication, err error) + func (a *MfaVerifyAuthenticator) CreateSuccessAuthentication(candidate *MFAOtpVerification, account security.Account) (security.Authentication, error) + type OTP interface + Attempts func() uint + Expire func() time.Time + ID func() string + IncrementAttempts func() + IncrementRefreshes func() + Passcode func() string + Refreshes func() uint + TTL func() time.Duration + type OTPManager interface + Delete func(id string) error + Get func(id string) (OTP, error) + New func() (OTP, error) + Refresh func(id string) (refreshed OTP, hasMoreChances bool, err error) + Verify func(id, passcode string) (loaded OTP, hasMoreChances bool, err error) + type OTPStore interface + Delete func(id string) error + Load func(id string) (OTP, error) + Save func(OTP) error + type PasswordAuthConfigurer struct + func (pac *PasswordAuthConfigurer) Apply(feature security.Feature, ws security.WebSecurity) error + type PasswordAuthFeature struct + func Configure(ws security.WebSecurity) *PasswordAuthFeature + func New() *PasswordAuthFeature + func (f *PasswordAuthFeature) AccountStore(as security.AccountStore) *PasswordAuthFeature + func (f *PasswordAuthFeature) Identifier() security.FeatureIdentifier + func (f *PasswordAuthFeature) MFA(enabled bool) *PasswordAuthFeature + func (f *PasswordAuthFeature) MFAEventListeners(handlers ...MFAEventListenerFunc) *PasswordAuthFeature + func (f *PasswordAuthFeature) OtpLength(v uint) *PasswordAuthFeature + func (f *PasswordAuthFeature) OtpRefreshLimit(v uint) *PasswordAuthFeature + func (f *PasswordAuthFeature) OtpSecretSize(v uint) *PasswordAuthFeature + func (f *PasswordAuthFeature) OtpTTL(ttl time.Duration) *PasswordAuthFeature + func (f *PasswordAuthFeature) OtpVerifyLimit(v uint) *PasswordAuthFeature + func (f *PasswordAuthFeature) PasswordEncoder(pe PasswordEncoder) *PasswordAuthFeature + type PasswordEncoder interface + Encode func(rawPassword string) string + Matches func(raw, encoded string) bool + func NewBcryptPasswordEncoder() PasswordEncoder + func NewNoopPasswordEncoder() PasswordEncoder + type PasswordPolicyChecker struct + func NewPasswordPolicyChecker(store security.AccountStore) *PasswordPolicyChecker + func (c *PasswordPolicyChecker) Decide(ctx context.Context, _ security.Candidate, acct security.Account, ...) error + type PersistAccountPostProcessor struct + func NewPersistAccountPostProcessor(store security.AccountStore) *PersistAccountPostProcessor + func (p *PersistAccountPostProcessor) Order() int + func (p *PersistAccountPostProcessor) Process(ctx context.Context, acct security.Account, result AuthenticationResult) AuthenticationResult + type PostAuthenticationProcessor interface + Process func(context.Context, security.Account, AuthenticationResult) AuthenticationResult + type TOTP struct + Expire time.Time + Passcode string + Secret string + TTL time.Duration + type TOTPFactory interface + Generate func(ttl time.Duration) (totp TOTP, err error) + Refresh func(secret string, ttl time.Duration) (totp TOTP, err error) + Validate func(totp TOTP) (valid bool, err error) + type UsernamePasswordAuthentication interface + IsMFAPending func() bool + OTPIdentifier func() string + Username func() string + type UsernamePasswordPair struct + DetailsMap map[string]interface{} + EnforceMFA MFAMode + Password string + Username string + func (upp *UsernamePasswordPair) Credentials() interface{} + func (upp *UsernamePasswordPair) Details() interface{} + func (upp *UsernamePasswordPair) Principal() interface{}