password

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2021 License: MPL-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthMethodPrefix = "ampw"
	AccountPrefix    = "apw"
)

PublicId prefixes for the resources in the password package.

Variables

View Source 
var (
	// ErrTooShort results from attempting to set a password which is to
	// short.
	ErrTooShort = errors.E(errors.WithCode(errors.PasswordTooShort))

	// ErrUnsupportedConfiguration results from attempting to perform an
	// operation that sets a password configuration to an unsupported type.
	ErrUnsupportedConfiguration = errors.E(errors.WithCode(errors.PasswordUnsupportedConfiguration))

	// ErrInvalidConfiguration results from attempting to perform an
	// operation that sets a password configuration with invalid settings.
	ErrInvalidConfiguration = errors.E(errors.WithCode(errors.PasswordInvalidConfiguration))

	// ErrPasswordsEqual is returned from ChangePassword when the old and
	// new passwords are equal.
	ErrPasswordsEqual = errors.E(errors.WithCode(errors.PasswordsEqual))
)

TODO: remove these errors once all code has been refactored to creating inline domain errors

Functions

This section is empty.

Types

type Account 

type Account struct {
	*store.Account

	// CredentialId is included when Authenticate or ChangePassword is
	// called. A new CredentialId is generated when a password is changed.
	CredentialId string `gorm:"-"`
	// contains filtered or unexported fields
}

An Account contains a user name. It is owned by an auth method.

func NewAccount 

func NewAccount(authMethodId string, opt ...Option) (*Account, error)

NewAccount creates a new in memory Account. LoginName, name, and description are the only valid options. All other options are ignored.

func TestAccounts 

func TestAccounts(t *testing.T, conn *gorm.DB, authMethodId string, count int) []*Account

TestAccounts creates count number of password account to the provided DB with the provided auth method id. The auth method must have been created previously. If any errors are encountered during the creation of the account, the test will fail.

func (*Account) SetTableName 

func (a *Account) SetTableName(n string)

SetTableName sets the table name.

func (*Account) TableName 

func (a *Account) TableName() string

TableName returns the table name.

type Argon2Configuration 

type Argon2Configuration struct {
	*store.Argon2Configuration
	// contains filtered or unexported fields
}

Argon2Configuration is a configuration for using the argon2id key derivation function. It is owned by an AuthMethod.

Iterations, Memory, and Threads are the cost parameters. The cost parameters should be increased as memory latency and CPU parallelism increases.

For a detailed specification of Argon2 see: https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf

func NewArgon2Configuration 

func NewArgon2Configuration() *Argon2Configuration

NewArgon2Configuration creates a new in memory Argon2Configuration with reasonable default settings.

func (*Argon2Configuration) AuthMethodId 

func (c *Argon2Configuration) AuthMethodId() string

AuthMethodId returns the Id of the AuthMethod which owns c.

func (*Argon2Configuration) SetTableName 

func (c *Argon2Configuration) SetTableName(n string)

SetTableName sets the table name.

func (*Argon2Configuration) TableName 

func (c *Argon2Configuration) TableName() string

TableName returns the table name.

type Argon2Credential 

type Argon2Credential struct {
	*store.Argon2Credential
	// contains filtered or unexported fields
}

A Argon2Credential contains a key derived from a password and the salt used in the key derivation. It is owned by an Account.

func (*Argon2Credential) SetTableName 

func (c *Argon2Credential) SetTableName(n string)

SetTableName sets the table name.

func (*Argon2Credential) TableName 

func (c *Argon2Credential) TableName() string

TableName returns the table name.

type AuthMethod 

type AuthMethod struct {
	*store.AuthMethod
	// contains filtered or unexported fields
}

A AuthMethod contains accounts and password configurations. It is owned by a scope.

func NewAuthMethod 

func NewAuthMethod(scopeId string, opt ...Option) (*AuthMethod, error)

NewAuthMethod creates a new in memory AuthMethod assigned to scopeId. Name and description are the only valid options. All other options are ignored. MinLoginNameLength and MinPasswordLength are pre-set to the default values of 5 and 8 respectively.

func TestAuthMethods 

func TestAuthMethods(t *testing.T, conn *gorm.DB, scopeId string, count int) []*AuthMethod

TestAuthMethods creates count number of password auth methods to the provided DB with the provided scope id. If any errors are encountered during the creation of the auth methods, the test will fail.

func (*AuthMethod) SetTableName 

func (a *AuthMethod) SetTableName(n string)

SetTableName sets the table name.

func (*AuthMethod) TableName 

func (a *AuthMethod) TableName() string

TableName returns the table name.

type Configuration 

type Configuration interface {
	AuthMethodId() string
	// contains filtered or unexported methods
}

A Configuration is an interface holding one of the configuration types for a specific key derivation function. Argon2Configuration is currently the only configuration type.

type Credential 

type Credential struct {
	*store.Credential
	// contains filtered or unexported fields
}

A Credential is a base type and contains the attributes common to all credentials.

func (*Credential) SetTableName 

func (c *Credential) SetTableName(n string)

SetTableName sets the table name.

func (*Credential) TableName 

func (c *Credential) TableName() string

TableName returns the table name.

type Option 

type Option func(*options)

Option - how Options are passed as arguments.

func WithConfiguration 

func WithConfiguration(config Configuration) Option

WithConfiguration provides an optional configuration.

func WithDescription 

func WithDescription(desc string) Option

WithDescription provides an optional description.

func WithLimit 

func WithLimit(l int) Option

WithLimit provides an option to provide a limit. Intentionally allowing negative integers. If WithLimit < 0, then unlimited results are returned. If WithLimit == 0, then default limits are used for results.

func WithLoginName 

func WithLoginName(loginName string) Option

WithLoginName provides an optional login name.

func WithName 

func WithName(name string) Option

WithName provides an optional name.

func WithPassword 

func WithPassword(password string) Option

WithPassword provides an optional password.

func WithPublicId 

func WithPublicId(id string) Option

WithPublicId provides an optional public id

type Repository 

type Repository struct {
	// contains filtered or unexported fields
}

A Repository stores and retrieves the persistent types in the password package. It is not safe to use a repository concurrently.

func NewRepository 

func NewRepository(r db.Reader, w db.Writer, kms *kms.Kms, opt ...Option) (*Repository, error)

NewRepository creates a new Repository. The returned repository should only be used for one transaction and it is not safe for concurrent go routines to access it. WithLimit option is used as a repo wide default limit applied to all ListX methods.

func (*Repository) Authenticate 

func (r *Repository) Authenticate(ctx context.Context, scopeId, authMethodId, loginName, password string) (*Account, error)

Authenticate authenticates loginName and password match for loginName in authMethodId. The account for the loginName is returned if authentication is successful. Returns nil if authentication fails.

The CredentialId in the returned account represents a user's current password. A new CredentialId is generated when a user's password is changed and the old one is deleted.

Authenticate will update the stored values for password to the current password settings for authMethodId if authentication is successful and the stored values are not using the current password settings.

func (*Repository) ChangePassword 

func (r *Repository) ChangePassword(ctx context.Context, scopeId, accountId, old, new string, version uint32) (*Account, error)

ChangePassword updates the password for accountId to new if old equals the stored password. The account for the accountId is returned with a new CredentialId if password is successfully changed.

Returns nil, db.ErrorRecordNotFound if the account doesn't exist. Returns nil, nil if old does not match the stored password for accountId. Returns nil, ErrPasswordsEqual if old and new are equal.

func (*Repository) CreateAccount 

func (r *Repository) CreateAccount(ctx context.Context, scopeId string, a *Account, opt ...Option) (*Account, error)

CreateAccount inserts a into the repository and returns a new Account containing the account's PublicId. a is not changed. a must contain a valid AuthMethodId. a must not contain a PublicId. The PublicId is generated and assigned by this method.

a must contain a valid LoginName. a.LoginName must be unique within a.AuthMethodId.

WithPassword is the only valid option. All other options are ignored.

Both a.Name and a.Description are optional. If a.Name is set, it must be unique within a.AuthMethodId.

func (*Repository) CreateAuthMethod 

func (r *Repository) CreateAuthMethod(ctx context.Context, m *AuthMethod, opt ...Option) (*AuthMethod, error)

CreateAuthMethod inserts m into the repository and returns a new AuthMethod containing the auth method's PublicId. m is not changed. m must contain a valid ScopeId. m must not contain a PublicId. The PublicId is generated and assigned by this method.

WithConfiguration and WithPublicId are the only valid options. All other options are ignored.

Both m.Name and m.Description are optional. If m.Name is set, it must be unique within m.ScopeId.

func (*Repository) DeleteAccount 

func (r *Repository) DeleteAccount(ctx context.Context, scopeId, withPublicId string, opt ...Option) (int, error)

DeleteAccount deletes the account for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) DeleteAuthMethod 

func (r *Repository) DeleteAuthMethod(ctx context.Context, scopeId, publicId string, opt ...Option) (int, error)

DeleteAuthMethod deletes the auth method for the provided id from the repository returning a count of the number of records deleted. All options are ignored.

func (*Repository) GetConfiguration 

func (r *Repository) GetConfiguration(ctx context.Context, authMethodId string) (Configuration, error)

GetConfiguration returns the current configuration for authMethodId.

func (*Repository) ListAccounts 

func (r *Repository) ListAccounts(ctx context.Context, withAuthMethodId string, opt ...Option) ([]*Account, error)

ListAccounts in an auth method and supports WithLimit option.

func (*Repository) ListAuthMethods 

func (r *Repository) ListAuthMethods(ctx context.Context, scopeId string, opt ...Option) ([]*AuthMethod, error)

ListAuthMethods returns a slice of AuthMethods for the scopeId. WithLimit is the only option supported.

func (*Repository) LookupAccount 

func (r *Repository) LookupAccount(ctx context.Context, withPublicId string, opt ...Option) (*Account, error)

LookupAccount will look up an account in the repository. If the account is not found, it will return nil, nil. All options are ignored.

func (*Repository) LookupAuthMethod 

func (r *Repository) LookupAuthMethod(ctx context.Context, publicId string, opt ...Option) (*AuthMethod, error)

LookupAuthMethod will look up an auth method in the repository. If the auth method is not found, it will return nil, nil. All options are ignored.

func (*Repository) SetConfiguration 

func (r *Repository) SetConfiguration(ctx context.Context, scopeId string, c Configuration) (Configuration, error)

SetConfiguration sets the configuration for c.AuthMethodId to c and returns a new Configuration. c is not changed. c must contain a valid AuthMethodId. c.PrivateId is ignored.

If c contains new settings for c.AuthMethodId, SetConfiguration inserts c into the repository and updates AuthMethod to use the new configuration. If c contains settings equal to the current configuration for c.AuthMethodId, SetConfiguration ignores c. If c contains settings equal to a previous configuration for c.AuthMethodId, SetConfiguration updates AuthMethod to use the previous configuration.

func (*Repository) SetPassword 

func (r *Repository) SetPassword(ctx context.Context, scopeId, accountId, password string, version uint32) (*Account, error)

SetPassword sets the password for accountId to password. If password contains an empty string, the password for accountId will be deleted.

func (*Repository) UpdateAccount 

func (r *Repository) UpdateAccount(ctx context.Context, scopeId string, a *Account, version uint32, fieldMaskPaths []string, opt ...Option) (*Account, int, error)

UpdateAccount updates the repository entry for a.PublicId with the values in a for the fields listed in fieldMaskPaths. It returns a new Account containing the updated values and a count of the number of records updated. a is not changed.

a must contain a valid PublicId. Only a.Name, a.Description and a.LoginName can be updated. If a.Name is set to a non-empty string, it must be unique within a.AuthMethodId. If a.LoginName is set to a non-empty string, it must be unique within a.AuthMethodId.

An attribute of a will be set to NULL in the database if the attribute in a is the zero value and it is included in fieldMaskPaths. a.LoginName cannot be set to NULL.

func (*Repository) UpdateAuthMethod 

func (r *Repository) UpdateAuthMethod(ctx context.Context, authMethod *AuthMethod, version uint32, fieldMaskPaths []string, opt ...Option) (*AuthMethod, int, error)

UpdateAuthMethod will update an auth method in the repository and return the written auth method. MinPasswordLength and MinLoginNameLength should not be set to null, but instead use the default values returned by NewAuthMethod. fieldMaskPaths provides field_mask.proto paths for fields that should be updated. Fields will be set to NULL if the field is a zero value and included in fieldMask. Name, Description, MinPasswordLength, and MinLoginNameLength are the only updatable fields, If no updatable fields are included in the fieldMaskPaths, then an error is returned.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.