Documentation ¶
Overview ¶
Package auth provides tools related to authentication of pydio services
Index ¶
- func AddContextVerifier(v ContextVerifier)
- func FromMetadata(ctx context.Context) (c claim.Claims, o bool)
- func RegisterDexProvider(c common.ConfigValues)
- func RegisterGRPCProvider(service string)
- func RegisterOryProvider(o fosite.OAuth2Provider)
- func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)
- func ToMetadata(ctx context.Context, claims claim.Claims) context.Context
- func VerifyContext(ctx context.Context, user *idm.User) error
- func WithImpersonate(ctx context.Context, user *idm.User) context.Context
- type BasicAuthenticator
- type ContextVerifier
- type Exchanger
- type IDToken
- type JWTVerifier
- func (j *JWTVerifier) Exchange(ctx context.Context, code string) (*oauth2.Token, error)
- func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)
- func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)
- type LockVerifier
- type MappingRule
- func (m MappingRule) AddPrefix(prefix string, strs []string) []string
- func (m MappingRule) ConvertDNtoName(strs []string) []string
- func (m MappingRule) FilterList(list []string, strs []string) []string
- func (m MappingRule) FilterPreg(preg string, strs []string) []string
- func (m MappingRule) IsDnFormat(str string) bool
- func (m MappingRule) RemoveLdapEscape(strs []string) []string
- func (m MappingRule) SanitizeValues(strs []string) []string
- type OIDCPoliciesVerifier
- type PasswordCredentialsTokenExchanger
- type Provider
- type ProviderType
- type PydioPW
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddContextVerifier ¶
func AddContextVerifier(v ContextVerifier)
AddContextVerifier registers an additional verifier
func FromMetadata ¶ added in v1.6.0
FromMetadata loads Claims from metadata (be passed along by grpc queries)
func RegisterDexProvider ¶
func RegisterDexProvider(c common.ConfigValues)
func RegisterGRPCProvider ¶
func RegisterGRPCProvider(service string)
func RegisterOryProvider ¶
func RegisterOryProvider(o fosite.OAuth2Provider)
func SubjectsForResourcePolicyQuery ¶
func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)
SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.
func ToMetadata ¶ added in v1.6.0
ToMetadata stores Claims in metadata (to be passed along by grpc queries)
Types ¶
type BasicAuthenticator ¶
type BasicAuthenticator struct { TTL time.Duration Realm string // contains filtered or unexported fields }
func NewBasicAuthenticator ¶
func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator
func (*BasicAuthenticator) Wrap ¶
func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc
type ContextVerifier ¶
type JWTVerifier ¶
type JWTVerifier struct{}
func DefaultJWTVerifier ¶
func DefaultJWTVerifier() *JWTVerifier
DefaultJWTVerifier creates a ready to use JWTVerifier
func (*JWTVerifier) PasswordCredentialsToken ¶
func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)
PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials
type LockVerifier ¶
type LockVerifier struct{}
type MappingRule ¶
type MappingRule struct { RuleName string // Left Attribute is attribute of external user (ldap, sql, api ...) // For example: displayName, mail, memberOf LeftAttribute string // Right Attribute is attribute of standard user // For example: displayName, email // Two reserved attributes: Roles, GroupPath RightAttribute string // Rule string define an acceptable list of right value // It can be: // * Empty // * A list of accepted values separated by comma , . For example: teacher,researcher,employee // * preg string RuleString string // RolePrefix // AuthSourceName_Prefix_RoleID RolePrefix string }
func (MappingRule) AddPrefix ¶
func (m MappingRule) AddPrefix(prefix string, strs []string) []string
func (MappingRule) ConvertDNtoName ¶
func (m MappingRule) ConvertDNtoName(strs []string) []string
ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like:
user01 user02 user03
func (MappingRule) FilterList ¶
func (m MappingRule) FilterList(list []string, strs []string) []string
func (MappingRule) FilterPreg ¶
func (m MappingRule) FilterPreg(preg string, strs []string) []string
func (MappingRule) IsDnFormat ¶
func (m MappingRule) IsDnFormat(str string) bool
IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt
func (MappingRule) RemoveLdapEscape ¶
func (m MappingRule) RemoveLdapEscape(strs []string) []string
RemoveLdapEscape remove LDAP escape characters but except '\,'.
func (MappingRule) SanitizeValues ¶
func (m MappingRule) SanitizeValues(strs []string) []string
type OIDCPoliciesVerifier ¶
type OIDCPoliciesVerifier struct{}
type Provider ¶
type Provider interface {
GetType() ProviderType
}
type ProviderType ¶
type ProviderType int
const ( ProviderTypeDex ProviderType = iota ProviderTypeOry ProviderTypeGrpc )
type PydioPW ¶
type PydioPW struct { PBKDF2_HASH_ALGORITHM string PBKDF2_ITERATIONS int PBKDF2_SALT_BYTE_SIZE int PBKDF2_HASH_BYTE_SIZE int HASH_SECTIONS int HASH_ALGORITHM_INDEX int HASH_ITERATION_INDEX int HASH_SALT_INDEX int HASH_PBKDF2_INDEX int }
func (PydioPW) CheckDBKDF2PydioPwd ¶
func (PydioPW) CreateHash ¶
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package claim wraps the JWT claims with util functions
|
Package claim wraps the JWT claims with util functions |
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol
|
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol |