Documentation ¶
Overview ¶
Package auth provides interfaces and types required for implementing an authenticaor.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthHandler ¶
type AuthHandler interface { // Init initializes the handler taking config string and logical name as parameters. Init(jsonconf json.RawMessage, name string) error // IsInitialized returns true if the handler is initialized. IsInitialized() bool // AddRecord adds persistent authentication record to the database. // Returns: updated auth record, error AddRecord(rec *Rec, secret []byte, remoteAddr string) (*Rec, error) // UpdateRecord updates existing record with new credentials. // Returns updated auth record, error. UpdateRecord(rec *Rec, secret []byte, remoteAddr string) (*Rec, error) // Authenticate: given a user-provided authentication secret (such as "login:password"), either // return user's record (ID, time when the secret expires, etc), or issue a challenge to // continue the authentication process to the next step, or return an error code. // The remoteAddr (i.e. the IP address of the client) can be used by custom authenticators for // additional validation. The stock authenticators don't use it. // store.Users.GetAuthRecord("scheme", "unique") // Returns: user auth record, challenge, error. Authenticate(secret []byte, remoteAddr string) (*Rec, []byte, error) // AsTag converts search token into prefixed tag or an empty string if it // cannot be represented as a prefixed tag. AsTag(token string) string // IsUnique verifies if the provided secret can be considered unique by the auth scheme // E.g. if login is unique. IsUnique(secret []byte, remoteAddr string) (bool, error) // GenSecret generates a new secret, if appropriate. GenSecret(rec *Rec) ([]byte, time.Time, error) // DelRecords deletes (or disables) all authentication records for the given user. DelRecords(uid types.Uid) error // RestrictedTags returns the tag namespaces (prefixes) which are restricted by this authenticator. RestrictedTags() ([]string, error) // GetResetParams returns authenticator parameters passed to password reset handler // for the provided user id. // Returns: map of params. GetResetParams(uid types.Uid) (map[string]interface{}, error) // GetRealName returns the hardcoded name of the authenticator. GetRealName() string }
AuthHandler is the interface which auth providers must implement.
type Duration ¶
Duration is identical to time.Duration except it can be sanely unmarshallend from JSON.
func (*Duration) UnmarshalJSON ¶
UnmarshalJSON handles the cases where duration is specified in JSON as a "5000s" string or just plain seconds.
type Feature ¶
type Feature uint16
Feature is a bitmap of authenticated features, such as validated/not validated.
func (Feature) MarshalJSON ¶
MarshalJSON converts Feature to a quoted string.
func (Feature) MarshalText ¶
MarshalText converts Feature to ASCII byte slice.
func (*Feature) UnmarshalJSON ¶
UnmarshalJSON reads Feature from a quoted string or an integer.
func (*Feature) UnmarshalText ¶
UnmarshalText parses Feature string as byte slice.
type Level ¶
type Level int
Level is the type for authentication levels.
const ( // LevelNone is undefined/not authenticated LevelNone Level = iota * 10 // LevelAnon is anonymous user/light authentication LevelAnon // LevelAuth is fully authenticated user LevelAuth // LevelRoot is a superuser (currently unused) LevelRoot )
Authentication levels
func ParseAuthLevel ¶
ParseAuthLevel parses authentication level from a string.
func (Level) MarshalJSON ¶
MarshalJSON converts Level to a quoted string.
func (Level) MarshalText ¶
MarshalText converts Level to a slice of bytes with the name of the level.
func (Level) String ¶
String implements Stringer interface: gets human-readable name for a numeric authentication level.
func (*Level) UnmarshalJSON ¶
UnmarshalJSON reads Level from a quoted string.
func (*Level) UnmarshalText ¶
UnmarshalText parses authentication level from a string.
type Rec ¶
type Rec struct { // User ID. Uid types.Uid `json:"uid,omitempty"` // Authentication level. AuthLevel Level `json:"authlvl,omitempty"` // Lifetime of this record. Lifetime Duration `json:"lifetime,omitempty"` // Bitmap of features. Currently 'validated'/'not validated' only. Features Feature `json:"features,omitempty"` // Tags generated by this authentication record. Tags []string `json:"tags,omitempty"` // User account state received or read by the authenticator. State types.ObjState // Authenticator may request the server to create a new account. // These are the account parameters which can be used for creating the account. DefAcs *types.DefaultAccess `json:"defacs,omitempty"` Public interface{} `json:"public,omitempty"` Private interface{} `json:"private,omitempty"` }
Rec is an authentication record.
Directories ¶
Path | Synopsis |
---|---|
Package anon provides authentication without credentials.
|
Package anon provides authentication without credentials. |
Package basic is an authenticator by login-password.
|
Package basic is an authenticator by login-password. |
Package mock_auth is a generated GoMock package.
|
Package mock_auth is a generated GoMock package. |
Package rest provides authentication by calling a separate process over REST API (technically JSON RPC, not REST).
|
Package rest provides authentication by calling a separate process over REST API (technically JSON RPC, not REST). |
Package token implements authentication by HMAC-signed security token.
|
Package token implements authentication by HMAC-signed security token. |