auth

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2016 License: BSD-2-Clause Imports: 4 Imported by: 0

Documentation

Overview

Package auth contains types for authenticating and authorizing requests.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrForbidden can be returned from Authenticator implementations when
	// the user provides invalid credentials.
	ErrForbidden = errors.New("auth: forbidden")

	// ErrTwoFactor can be returned by an Authenticator implementation when
	// a two factor code is either invalid or required.
	ErrTwoFactor = errors.New("auth: two factor code required or invalid")
)

Functions

This section is empty.

Types

type AccessTokenAuthenticator

type AccessTokenAuthenticator struct {
	// contains filtered or unexported fields
}

AccessTokenAuthenticator is an Authenticator that uses empire JWT access tokens to authenticate.

func NewAccessTokenAuthenticator

func NewAccessTokenAuthenticator(e *empire.Empire) *AccessTokenAuthenticator

NewAccessTokenAuthenticator reutrns a new AccessTokenAuthenticator.

func (*AccessTokenAuthenticator) Authenticate

func (a *AccessTokenAuthenticator) Authenticate(_ string, token string, _ string) (*empire.User, error)

Authenticate authenticates the access token, which should be provided as the password parameter. Username and otp are ignored.

type Authenticator

type Authenticator interface {
	// Authenticate should check the credentials and return the Empire user.
	Authenticate(username, password, twofactor string) (*empire.User, error)
}

Authenticator represents something that, given a username, password and OTP can authenticate an Empire user.

func Anyone

func Anyone(user *empire.User) Authenticator

Anyone returns an Authenticator that let's anyone in and sets them as the given user.

func MultiAuthenticator

func MultiAuthenticator(authenticators ...Authenticator) Authenticator

MultiAuthenticator returns an Authenticator that tries each Authenticator until one succeeds or they all fail.

It will proceed to the next authenticator when the error returned is ErrForbidden. Any other errors are bubbled up (e.g. ErrTwoFactor).

func StaticAuthenticator

func StaticAuthenticator(username, password, otp string, user *empire.User) Authenticator

StaticAuthenticator returns an Authenticator that returns the provided user when the given credentials are provided.

func WithAuthorization

func WithAuthorization(authenticator Authenticator, authorizer Authorizer) Authenticator

WithAuthorization wraps an Authenticator to also perform an Authorization after to user is successfully authenticated.

type AuthenticatorFunc

type AuthenticatorFunc func(string, string, string) (*empire.User, error)

AuthenticatorFunc is a function signature that implements the Authenticator interface.

func (AuthenticatorFunc) Authenticate

func (fn AuthenticatorFunc) Authenticate(username, password, otp string) (*empire.User, error)

Authenticate calls the AuthenticatorFunc.

type Authorizer

type Authorizer interface {
	// Authorize should check that the user has access to perform the
	// action. If not, ErrUnauthorized should be returned.
	Authorize(*empire.User) error
}

Authorizer represents something that can perform an authorization check.

func CacheAuthorization

func CacheAuthorization(a Authorizer, expiration time.Duration) Authorizer

CacheAuthorization wraps an Authorizer in an in memory cache that expires after the given expiration. Only positive authorizations will be cached.

type AuthorizerFunc

type AuthorizerFunc func(*empire.User) error

func (AuthorizerFunc) Authorize

func (fn AuthorizerFunc) Authorize(user *empire.User) error

type UnauthorizedError

type UnauthorizedError struct {
	// A user friendly message for why the user isn't authorized.
	Reason string
}

UnauthorizedError can be returned from Authorizer implementations when the user is not authorized to perform an action.

func (*UnauthorizedError) Error

func (e *UnauthorizedError) Error() string

Directories

Path Synopsis
Package github provides auth.Authentication and auth.Authorizer implementations backed by GitHub users, orgs and teams.
Package github provides auth.Authentication and auth.Authorizer implementations backed by GitHub users, orgs and teams.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL