auth

package

v1.2.3 Latest Latest Go to latest Published: Dec 7, 2018 License: AGPL-3.0 Imports: 34 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nschaeferComnet/cells

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides tools related to authentication of pydio services

Index ¶

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)
func WithImpersonate(ctx context.Context, user *idm.User) context.Context
type BasicAuthenticator
- func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator
- func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc
type JWTVerifier
- func DefaultJWTVerifier() *JWTVerifier
- func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)
- func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)
type MappingRule
type PydioPW
- func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)
- func (p PydioPW) CreateHash(password string) (base64Pw string)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SubjectsForResourcePolicyQuery ¶

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func WithImpersonate ¶

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types ¶

type BasicAuthenticator ¶

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator ¶

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap ¶

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type JWTVerifier ¶

type JWTVerifier struct {
	IssuerUrl string
	// contains filtered or unexported fields
}

func DefaultJWTVerifier ¶

func DefaultJWTVerifier() *JWTVerifier

func (*JWTVerifier) PasswordCredentialsToken ¶

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify ¶

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type MappingRule ¶

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, mysql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix ¶

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName ¶

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like:

user01
user02
user03

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg ¶

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat ¶

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape ¶

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues ¶

func (m MappingRule) SanitizeValues(strs []string) []string

type PydioPW ¶

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd ¶

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash ¶

func (p PydioPW) CreateHash(password string) (base64Pw string)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
claim Package claim wraps the JWT claims with util functions	Package claim wraps the JWT claims with util functions
dex Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol	Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL