Documentation
¶
Index ¶
- func AuthCodeURL(ctx context.Context, state string) (string, error)
- func FixEmptySubIss(ctx context.Context) (bool, error)
- func InjectGroupsToUser(info *UserInfo, user *models.User, f ...populate)
- func SetHardcodeVerifierForTest(s string)
- func TestEndpoint(conn Conn) error
- func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)
- type Conn
- type MetaManager
- type SecretManager
- type SecretVerifyError
- type Token
- type UserInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthCodeURL ¶
AuthCodeURL returns the URL for OIDC provider's consent page. The state should be verified when user is redirected back to Harbor.
func FixEmptySubIss ¶
FixEmptySubIss remediates the issue https://github.com/goharbor/harbor/issues/15241 by restoring the subiss via the persisted token
func InjectGroupsToUser ¶
InjectGroupsToUser populates the group to DB and inject the group IDs to user model. The third optional parm is for UT only.
func SetHardcodeVerifierForTest ¶
func SetHardcodeVerifierForTest(s string)
SetHardcodeVerifierForTest overwrite the default secret manager for testing. Be reminded this is for testing only.
func TestEndpoint ¶
TestEndpoint tests whether the endpoint is a valid OIDC endpoint. The nil return value indicates the success of the test
Types ¶
type MetaManager ¶
type MetaManager interface {
// Create creates the oidc user meta record, returns the ID of the record in DB
Create(ctx context.Context, oidcUser *models.OIDCUser) (int, error)
// GetByUserID gets the oidc meta record by user's ID
GetByUserID(ctx context.Context, uid int) (*models.OIDCUser, error)
// DeleteByUserID delete by user id
DeleteByUserID(ctx context.Context, uid int) error
// GetBySubIss gets the oidc meta record by the subject and issuer
GetBySubIss(ctx context.Context, sub, iss string) (*models.OIDCUser, error)
// SetCliSecretByUserID updates the cli secret of a user based on the user ID
SetCliSecretByUserID(ctx context.Context, uid int, secret string) error
// Update provides a general method for updating the data record for OIDC metadata
Update(ctx context.Context, oidcUser *models.OIDCUser, cols ...string) error
}
MetaManager is used for managing user's OIDC info
func NewMetaMgr ¶
func NewMetaMgr() MetaManager
NewMetaMgr returns a default implementation of MetaManager
type SecretManager ¶
type SecretManager interface {
// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
// refreshed during the verification.
VerifySecret(ctx context.Context, username string, secret string) (*UserInfo, error)
}
SecretManager is the interface for store and verify the secret
type SecretVerifyError ¶
type SecretVerifyError struct {
// contains filtered or unexported fields
}
SecretVerifyError wraps the different errors happened when verifying a secret for OIDC user. When seeing this error, the caller should consider this an authentication error.
func (*SecretVerifyError) Error ¶
func (se *SecretVerifyError) Error() string
type UserInfo ¶
type UserInfo struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Username string `json:"name"`
Email string `json:"email"`
Groups []string `json:"groups"`
AdminGroupMember bool `json:"admin_group_member"`
// contains filtered or unexported fields
}
UserInfo wraps the information that is extracted via token. It will be transformed to data object that is persisted in the DB
func UserInfoFromIDToken ¶
func UserInfoFromIDToken(ctx context.Context, token *Token, setting cfgModels.OIDCSetting) (*UserInfo, error)
UserInfoFromIDToken extract user info from ID token
func UserInfoFromToken ¶
UserInfoFromToken tries to call the UserInfo endpoint of the OIDC provider, and consolidate with ID token to generate a UserInfo object, if the ID token is not in the input token struct, some attributes will be empty
Source Files
Directories