oidc

package
v0.0.0-...-ec03ccd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthCodeURL

func AuthCodeURL(ctx context.Context, state string) (string, error)

AuthCodeURL returns the URL for OIDC provider's consent page. The state should be verified when user is redirected back to Harbor.

func FixEmptySubIss

func FixEmptySubIss(ctx context.Context) (bool, error)

FixEmptySubIss remediates the issue https://github.com/goharbor/harbor/issues/15241 by restoring the subiss via the persisted token

func InjectGroupsToUser

func InjectGroupsToUser(info *UserInfo, user *models.User, f ...populate)

InjectGroupsToUser populates the group to DB and inject the group IDs to user model. The third optional parm is for UT only.

func SetHardcodeVerifierForTest

func SetHardcodeVerifierForTest(s string)

SetHardcodeVerifierForTest overwrite the default secret manager for testing. Be reminded this is for testing only.

func TestEndpoint

func TestEndpoint(conn Conn) error

TestEndpoint tests whether the endpoint is a valid OIDC endpoint. The nil return value indicates the success of the test

func VerifyToken

func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)

VerifyToken verifies the ID token based on the OIDC settings

Types

type Conn

type Conn struct {
	URL        string `json:"url"`
	VerifyCert bool   `json:"verify_cert"`
}

Conn wraps connection info of an OIDC endpoint

type MetaManager

type MetaManager interface {
	// Create creates the oidc user meta record, returns the ID of the record in DB
	Create(ctx context.Context, oidcUser *models.OIDCUser) (int, error)
	// GetByUserID gets the oidc meta record by user's ID
	GetByUserID(ctx context.Context, uid int) (*models.OIDCUser, error)
	// DeleteByUserID delete by user id
	DeleteByUserID(ctx context.Context, uid int) error
	// GetBySubIss gets the oidc meta record by the subject and issuer
	GetBySubIss(ctx context.Context, sub, iss string) (*models.OIDCUser, error)
	// SetCliSecretByUserID updates the cli secret of a user based on the user ID
	SetCliSecretByUserID(ctx context.Context, uid int, secret string) error
	// Update provides a general method for updating the data record for OIDC metadata
	Update(ctx context.Context, oidcUser *models.OIDCUser, cols ...string) error
}

MetaManager is used for managing user's OIDC info

func NewMetaMgr

func NewMetaMgr() MetaManager

NewMetaMgr returns a default implementation of MetaManager

type SecretManager

type SecretManager interface {
	// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
	// refreshed during the verification.
	VerifySecret(ctx context.Context, username string, secret string) (*UserInfo, error)
}

SecretManager is the interface for store and verify the secret

type SecretVerifyError

type SecretVerifyError struct {
	// contains filtered or unexported fields
}

SecretVerifyError wraps the different errors happened when verifying a secret for OIDC user. When seeing this error, the caller should consider this an authentication error.

func (*SecretVerifyError) Error

func (se *SecretVerifyError) Error() string

type Token

type Token struct {
	oauth2.Token
	RawIDToken string `json:"id_token,omitempty"`
}

Token wraps the attributes of a oauth2 token plus the attribute of ID token

func ExchangeToken

func ExchangeToken(ctx context.Context, code string) (*Token, error)

ExchangeToken get the token from token provider via the code

type UserInfo

type UserInfo struct {
	Issuer           string   `json:"iss"`
	Subject          string   `json:"sub"`
	Username         string   `json:"name"`
	Email            string   `json:"email"`
	Groups           []string `json:"groups"`
	AdminGroupMember bool     `json:"admin_group_member"`
	// contains filtered or unexported fields
}

UserInfo wraps the information that is extracted via token. It will be transformed to data object that is persisted in the DB

func UserInfoFromIDToken

func UserInfoFromIDToken(ctx context.Context, token *Token, setting cfgModels.OIDCSetting) (*UserInfo, error)

UserInfoFromIDToken extract user info from ID token

func UserInfoFromToken

func UserInfoFromToken(ctx context.Context, token *Token) (*UserInfo, error)

UserInfoFromToken tries to call the UserInfo endpoint of the OIDC provider, and consolidate with ID token to generate a UserInfo object, if the ID token is not in the input token struct, some attributes will be empty

func VerifySecret

func VerifySecret(ctx context.Context, name string, secret string) (*UserInfo, error)

VerifySecret calls the manager to verify the secret.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL