auth

Documentation

Overview

Package auth defines how Evergreen users authenticate to various authentication back ends.

Index

• func LoadUserManager(settings *evergreen.Settings) (gimlet.UserManager, evergreen.UserManagerInfo, error)
• func NewExternalUserManager() (gimlet.UserManager, error)
• func NewGithubUserManager(g *evergreen.GithubAuthConfig, loginDomain string) (gimlet.UserManager, error)
• func NewOktaUserManager(conf *evergreen.OktaConfig, evgURL, loginDomain string) (gimlet.UserManager, error)
• func NewOnlyAPIUserManager() (gimlet.UserManager, error)
• func SetLoginToken(token, domain string, w http.ResponseWriter)
• type GithubUserManager
  • func (*GithubUserManager) ClearUser(u gimlet.User, all bool) error
  • func (*GithubUserManager) CreateUserToken(string, string) (string, error)
  • func (*GithubUserManager) GetGroupsForUser(string) ([]string, error)
  • func (gum *GithubUserManager) GetLoginCallbackHandler() http.HandlerFunc
  • func (gum *GithubUserManager) GetLoginHandler(callbackUri string) http.HandlerFunc
  • func (*GithubUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)
  • func (*GithubUserManager) GetUserByID(id string) (gimlet.User, error)
  • func (gum *GithubUserManager) GetUserByToken(ctx context.Context, token string) (gimlet.User, error)
  • func (*GithubUserManager) IsRedirect() bool
  • func (*GithubUserManager) ReauthorizeUser(gimlet.User) error
• type NaiveUserManager
  • func NewNaiveUserManager(naiveAuthConfig *evergreen.NaiveAuthConfig) (*NaiveUserManager, error)
  • func (*NaiveUserManager) ClearUser(_ gimlet.User, _ bool) error
  • func (b *NaiveUserManager) CreateUserToken(username, password string) (string, error)
  • func (*NaiveUserManager) GetGroupsForUser(string) ([]string, error)
  • func (*NaiveUserManager) GetLoginCallbackHandler() http.HandlerFunc
  • func (*NaiveUserManager) GetLoginHandler(string) http.HandlerFunc
  • func (*NaiveUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)
  • func (*NaiveUserManager) GetUserByID(id string) (gimlet.User, error)
  • func (b *NaiveUserManager) GetUserByToken(_ context.Context, token string) (gimlet.User, error)
  • func (*NaiveUserManager) IsRedirect() bool
  • func (*NaiveUserManager) ReauthorizeUser(gimlet.User) error

Functions

func LoadUserManager

func LoadUserManager(settings *evergreen.Settings) (gimlet.UserManager, evergreen.UserManagerInfo, error)

LoadUserManager is used to check the configuration for authentication and create a UserManager depending on what type of authentication is used.

func NewExternalUserManager

func NewExternalUserManager() (gimlet.UserManager, error)

NewExternalUserManager returns a gimlet.UserManager that's a thin wrapper around a database backed user cache.

func NewGithubUserManager

func NewGithubUserManager(g *evergreen.GithubAuthConfig, loginDomain string) (gimlet.UserManager, error)

NewGithubUserManager initializes a GithubUserManager with a Salt as randomly generated string used in Github authentication

func NewOktaUserManager

func NewOktaUserManager(conf *evergreen.OktaConfig, evgURL, loginDomain string) (gimlet.UserManager, error)

func NewOnlyAPIUserManager

func NewOnlyAPIUserManager() (gimlet.UserManager, error)

NewOnlyAPIUserManager creates a user manager for special users that can only make API requests. Users cannot be created and must come from the database.

func SetLoginToken

func SetLoginToken(token, domain string, w http.ResponseWriter)

SetLoginToken sets the token in the session cookie for authentication.

Types

type GithubUserManager

type GithubUserManager struct {
	ClientId               string
	ClientSecret           string
	AuthorizedUsers        []string
	AuthorizedOrganization string
	Salt                   string
	LoginDomain            string
}

func (*GithubUserManager) ClearUser

func (*GithubUserManager) ClearUser(u gimlet.User, all bool) error

func (*GithubUserManager) CreateUserToken

func (*GithubUserManager) CreateUserToken(string, string) (string, error)

CreateUserToken is not implemented in GithubUserManager

func (*GithubUserManager) GetGroupsForUser

func (*GithubUserManager) GetGroupsForUser(string) ([]string, error)

func (*GithubUserManager) GetLoginCallbackHandler

func (gum *GithubUserManager) GetLoginCallbackHandler() http.HandlerFunc

GetLoginCallbackHandler returns the function that is called when GitHub redirects the user back to Evergreen.

func (*GithubUserManager) GetLoginHandler

func (gum *GithubUserManager) GetLoginHandler(callbackUri string) http.HandlerFunc

GetLoginHandler returns the function that starts oauth by redirecting the user to authenticate with Github

func (*GithubUserManager) GetOrCreateUser

func (*GithubUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)

func (*GithubUserManager) GetUserByID

func (*GithubUserManager) GetUserByID(id string) (gimlet.User, error)

func (*GithubUserManager) GetUserByToken

func (gum *GithubUserManager) GetUserByToken(ctx context.Context, token string) (gimlet.User, error)

GetUserByToken sends the token to Github and gets back a user and optionally an organization. If there are Authorized Users, it checks the authorized usernames against the GitHub user's login If there is no match and there is an organization it checks the user's organizations against the UserManager's Authorized organization string.

func (*GithubUserManager) IsRedirect

func (*GithubUserManager) IsRedirect() bool

func (*GithubUserManager) ReauthorizeUser

func (*GithubUserManager) ReauthorizeUser(gimlet.User) error

type NaiveUserManager

type NaiveUserManager struct {
	// contains filtered or unexported fields
}

NaiveUserManager implements the UserManager interface and has a list of AuthUsers{UserName, DisplayName, Password, Email string} which is stored in the settings configuration file. Note: This use of the UserManager is recommended for dev/test purposes only and users who need high security authentication mechanisms should rely on a different authentication mechanism.

func NewNaiveUserManager

func NewNaiveUserManager(naiveAuthConfig *evergreen.NaiveAuthConfig) (*NaiveUserManager, error)

func (*NaiveUserManager) ClearUser

func (*NaiveUserManager) ClearUser(_ gimlet.User, _ bool) error

func (*NaiveUserManager) CreateUserToken

func (b *NaiveUserManager) CreateUserToken(username, password string) (string, error)

CreateUserToken finds the user with the same username and password in its list of users and creates a token that is a combination of the index of the list the user is at, the email address and a hash of the username and password and returns that token.

func (*NaiveUserManager) GetGroupsForUser

func (*NaiveUserManager) GetGroupsForUser(string) ([]string, error)

func (*NaiveUserManager) GetLoginCallbackHandler

func (*NaiveUserManager) GetLoginCallbackHandler() http.HandlerFunc

func (*NaiveUserManager) GetLoginHandler

func (*NaiveUserManager) GetLoginHandler(string) http.HandlerFunc

func (*NaiveUserManager) GetOrCreateUser

func (*NaiveUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)

func (*NaiveUserManager) GetUserByID

func (*NaiveUserManager) GetUserByID(id string) (gimlet.User, error)

func (*NaiveUserManager) GetUserByToken

func (b *NaiveUserManager) GetUserByToken(_ context.Context, token string) (gimlet.User, error)

GetUserByToken does a find by creating a temporary token from the index of the user on the list, the email of the user and a hash of the username and password, checking it against the token string and returning a User if there is a match.

func (*NaiveUserManager) IsRedirect

func (*NaiveUserManager) IsRedirect() bool

func (*NaiveUserManager) ReauthorizeUser

func (*NaiveUserManager) ReauthorizeUser(gimlet.User) error