auth

package
v2.0.0-rc3+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 5, 2019 License: AGPL-3.0 Imports: 41 Imported by: 0

Documentation

Overview

Package auth provides tools related to authentication of pydio services

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddContextVerifier

func AddContextVerifier(v ContextVerifier)

AddContextVerifier registers an additional verifier

func FromMetadata added in v1.6.0

func FromMetadata(ctx context.Context) (c claim.Claims, o bool)

FromMetadata loads Claims from metadata (be passed along by grpc queries)

func RegisterDexProvider

func RegisterDexProvider(c common.ConfigValues)

func RegisterGRPCProvider

func RegisterGRPCProvider(service string)

func RegisterOryProvider

func RegisterOryProvider(o fosite.OAuth2Provider)

func SubjectsForResourcePolicyQuery

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func ToMetadata added in v1.6.0

func ToMetadata(ctx context.Context, claims claim.Claims) context.Context

ToMetadata stores Claims in metadata (to be passed along by grpc queries)

func VerifyContext

func VerifyContext(ctx context.Context, user *idm.User) error

func WithImpersonate

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types

type BasicAuthenticator

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type ContextVerifier

type ContextVerifier interface {
	Verify(ctx context.Context, user *idm.User) error
}

type Exchanger

type Exchanger interface {
	Exchange(context.Context, string) (*oauth2.Token, error)
}

type IDToken

type IDToken interface {
	Claims(interface{}) error
}

type JWTVerifier

type JWTVerifier struct{}

func DefaultJWTVerifier

func DefaultJWTVerifier() *JWTVerifier

DefaultJWTVerifier creates a ready to use JWTVerifier

func (*JWTVerifier) Exchange

func (j *JWTVerifier) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

Exchange retrives a oauth2 Token from a code

func (*JWTVerifier) PasswordCredentialsToken

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type LockVerifier

type LockVerifier struct{}

func (LockVerifier) Verify

func (l LockVerifier) Verify(ctx context.Context, user *idm.User) error

type MappingRule

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, sql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like:

user01
user02
user03

func (MappingRule) FilterList

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues

func (m MappingRule) SanitizeValues(strs []string) []string

type OIDCPoliciesVerifier

type OIDCPoliciesVerifier struct{}

func (OIDCPoliciesVerifier) Verify

func (O OIDCPoliciesVerifier) Verify(ctx context.Context, user *idm.User) error

type PasswordCredentialsTokenExchanger

type PasswordCredentialsTokenExchanger interface {
	PasswordCredentialsToken(context.Context, string, string) (*oauth2.Token, error)
	PasswordCredentialsTokenVerify(context.Context, string) (IDToken, error)
}

type Provider

type Provider interface {
	GetType() ProviderType
}

type ProviderType

type ProviderType int
const (
	ProviderTypeDex ProviderType = iota
	ProviderTypeOry
	ProviderTypeGrpc
)

type PydioPW

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash

func (p PydioPW) CreateHash(password string) (base64Pw string)

type Verifier

type Verifier interface {
	Verify(context.Context, string) (IDToken, error)
}

Directories

Path Synopsis
Package claim wraps the JWT claims with util functions
Package claim wraps the JWT claims with util functions
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL