authentication

package

v0.0.0-...-bd43069 Latest Latest Go to latest Published: Nov 4, 2020 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fireeye/gocrack

Documentation ¶

Index ¶

Variables
func CheckPasswordRequirement(password string) bool
func Register(name string, plugin AuthDriver)
type AuthAPI
type AuthClaim
type AuthDriver
type AuthSettings
- func (s *AuthSettings) Validate() error
type AuthStorageBackend
type AuthWrapper
- func Open(db AuthStorageBackend, cfg AuthSettings) (*AuthWrapper, error)
- func WrapProvider(prov AuthAPI, as AuthSettings) *AuthWrapper
- func (s *AuthWrapper) Login(username, password string, APIOnly bool) (string, error)
- func (s *AuthWrapper) VerifyClaim(rawclaim, expSubj string, expAuds ...string) (*AuthClaim, error)
type PluginSettings
type ProviderAPI

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrExpired indicates that token is used after expiry time indicated in exp claim.
	ErrExpired = errors.New("authentication has expired")
	// ErrFailsRequirements indicates the password fails to meet the system requirements
	ErrFailsRequirements = errors.New("password fails requirements")
	// ErrPasswordEmpty indicates the password is empty
	ErrPasswordEmpty = errors.New("password is empty")

	// DefaultTokenExpiry indicates the default duration of a JWT if the TokenExpiry in AuthSettings is nil
	DefaultTokenExpiry = shared.HumanDuration{Duration: 24 * time.Hour}
)

Functions ¶

func CheckPasswordRequirement ¶

func CheckPasswordRequirement(password string) bool

CheckPasswordRequirement ensures the password meets sane requirements of 8+ characters, at least one number, one special character, and both an upper and lowercase letter

func Register ¶

func Register(name string, plugin AuthDriver)

Register makes a storage backend available to the system

Types ¶

type AuthAPI ¶

type AuthAPI interface {
	// Login to the authentication backend with the given username and password
	Login(username, password string) (user *storage.User, err error)
	// CreateUser stores the user into the storage backend and takes any necessary actions to create the user that will function in this backend
	CreateUser(user storage.User) (err error)
	// UserCanChangePassword indicates if a user is able to change his or her's password in this backend
	UserCanChangePassword() bool
	// GenerateSecurePassword returns a secure version that is safe for long-term storage of the password passed into the function
	GenerateSecurePassword(password string) (string, error)
	// CanUsersRegister indicates if users are able to register on the system
	CanUsersRegister() bool
}

AuthAPI describes the APIs that authentication backends must implement

type AuthClaim ¶

type AuthClaim struct {
	Username string `json:"username"`
	UserUUID string `json:"user_uuid"`
	Email    string `json:"email"`
	IsAdmin  bool   `json:"is_admin"`
	APIOnly  bool   `json:"api_only"`
	jwt.Claims
}

AuthClaim is a JWT claim describing metadata about an authenticated user

type AuthDriver ¶

type AuthDriver interface {
	Open(AuthStorageBackend, PluginSettings) (AuthAPI, error)
}

type AuthSettings ¶

type AuthSettings struct {
	Backend     string                 `yaml:"backend"`
	Settings    map[string]interface{} `yaml:"backend_settings,omitempty"`
	TokenExpiry *shared.HumanDuration  `yaml:"token_expiry,omitempty"`
	SecretKey   *string                `yaml:"secret_key,omitempty"`
}

AuthSettings describes the basic configuration options for the modula authentication backend

func (*AuthSettings) Validate ¶

func (s *AuthSettings) Validate() error

Validate the configuration; setting default values and returning any errors

type AuthStorageBackend ¶

type AuthStorageBackend interface {
	CreateUser(*storage.User) error
	SearchForUserByPassword(string, storage.PasswordCheckFunc) (*storage.User, error)
	GetUsers() ([]storage.User, error)
}

AuthStorageBackend defines the APIs we need from the storage driver to implement a authentication driver

type AuthWrapper ¶

type AuthWrapper struct {
	AuthAPI
	// contains filtered or unexported fields
}

AuthWrapper wraps the requested provider

func Open ¶

func Open(db AuthStorageBackend, cfg AuthSettings) (*AuthWrapper, error)

Open creates the authentication plugin

func WrapProvider ¶

func WrapProvider(prov AuthAPI, as AuthSettings) *AuthWrapper

WrapProvider returns an auth wrapper that is used by services like the API to perform authentication

func (s *AuthWrapper) Login(username, password string, APIOnly bool) (string, error)

Login the user and set the JWT token to the header

func (*AuthWrapper) VerifyClaim ¶

func (s *AuthWrapper) VerifyClaim(rawclaim, expSubj string, expAuds ...string) (*AuthClaim, error)

VerifyClaim parses a raw JWT claim and validates it

type PluginSettings ¶

type PluginSettings map[string]interface{}

PluginSettings contains settings related to a specific authentication plugin

type ProviderAPI ¶

type ProviderAPI interface {
	Login(username, password string, APIOnly bool) (claimStr string, err error)
	VerifyClaim(rawclaim, expectedSubject string, auds ...string) (claim *AuthClaim, err error)
}

ProviderAPI describes the APIs available to the a service that requires authentication

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
database
ldap
test

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL