Documentation
¶
Index ¶
- func AuthCodeURL(ctx context.Context, state string, pkceCode pkce.Code) (string, error)
- func FixEmptySubIss(ctx context.Context) (bool, error)
- func InjectGroupsToUser(info *UserInfo, user *models.User, f ...populate)
- func SetHardcodeVerifierForTest(s string)
- func TestEndpoint(conn Conn) error
- func VerifyToken(ctx context.Context, rawIDToken string) (*gooidc.IDToken, error)
- type Conn
- type MetaManager
- type SecretManager
- type SecretVerifyError
- type Token
- type UserInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthCodeURL ¶
AuthCodeURL returns the URL for OIDC provider's consent page. The state should be verified when user is redirected back to Harbor. pkceCode is for the PKCE workflow of authentication. It is optional.
func FixEmptySubIss ¶
FixEmptySubIss remediates the issue https://github.com/goharbor/harbor/issues/15241 by restoring the subiss via the persisted token
func InjectGroupsToUser ¶
InjectGroupsToUser populates the group to DB and inject the group IDs to user model. The third optional parm is for UT only.
func SetHardcodeVerifierForTest ¶
func SetHardcodeVerifierForTest(s string)
SetHardcodeVerifierForTest overwrite the default secret manager for testing. Be reminded this is for testing only.
func TestEndpoint ¶
TestEndpoint tests whether the endpoint is a valid OIDC endpoint. The nil return value indicates the success of the test
Types ¶
type MetaManager ¶
type MetaManager interface {
// Create creates the oidc user meta record, returns the ID of the record in DB
Create(ctx context.Context, oidcUser *models.OIDCUser) (int, error)
// GetByUserID gets the oidc meta record by user's ID
GetByUserID(ctx context.Context, uid int) (*models.OIDCUser, error)
// DeleteByUserID delete by user id
DeleteByUserID(ctx context.Context, uid int) error
// GetBySubIss gets the oidc meta record by the subject and issuer
GetBySubIss(ctx context.Context, sub, iss string) (*models.OIDCUser, error)
// SetCliSecretByUserID updates the cli secret of a user based on the user ID
SetCliSecretByUserID(ctx context.Context, uid int, secret string) error
// Update provides a general method for updating the data record for OIDC metadata
Update(ctx context.Context, oidcUser *models.OIDCUser, cols ...string) error
}
MetaManager is used for managing user's OIDC info
func NewMetaMgr ¶
func NewMetaMgr() MetaManager
NewMetaMgr returns a default implementation of MetaManager
type SecretManager ¶
type SecretManager interface {
// VerifySecret verifies the secret and the token associated with it, it refreshes the token in the DB if it's
// refreshed during the verification.
VerifySecret(ctx context.Context, username string, secret string) (*UserInfo, error)
}
SecretManager is the interface for store and verify the secret
type SecretVerifyError ¶
type SecretVerifyError struct {
// contains filtered or unexported fields
}
SecretVerifyError wraps the different errors happened when verifying a secret for OIDC user. When seeing this error, the caller should consider this an authentication error.
func (*SecretVerifyError) Error ¶
func (se *SecretVerifyError) Error() string
type UserInfo ¶
type UserInfo struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Username string `json:"name"`
Email string `json:"email"`
Groups []string `json:"groups"`
AdminGroupMember bool `json:"admin_group_member"`
// contains filtered or unexported fields
}
UserInfo wraps the information that is extracted via token. It will be transformed to data object that is persisted in the DB
func UserInfoFromIDToken ¶
func UserInfoFromIDToken(ctx context.Context, token *Token, setting cfgModels.OIDCSetting) (*UserInfo, error)
UserInfoFromIDToken extract user info from ID token
func UserInfoFromToken ¶
UserInfoFromToken tries to call the UserInfo endpoint of the OIDC provider, and consolidate with ID token to generate a UserInfo object, if the ID token is not in the input token struct, some attributes will be empty
Source Files
Directories