restrictions

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 24, 2022 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Restriction

type Restriction struct {
	NotBefore       unixtime.UnixTime `json:"nbf,omitempty"`
	ExpiresAt       unixtime.UnixTime `json:"exp,omitempty"`
	api.Restriction `json:",inline"`
}

Restriction describes a token usage restriction

func (Restriction) ToUsedRestriction

func (r Restriction) ToUsedRestriction(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (UsedRestriction, error)

ToUsedRestriction turns a Restriction into an UsedRestriction

func (*Restriction) UsedAT

func (r *Restriction) UsedAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error

UsedAT will update the usages_AT value for this restriction; it should be called after this restriction was used to obtain an access token;

func (*Restriction) UsedOther

func (r *Restriction) UsedOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error

UsedOther will update the usages_other value for this restriction; it should be called after this restriction was used for other reasons than obtaining an access token;

type Restrictions

type Restrictions []*Restriction

Restrictions is a slice of Restriction

func Tighten

func Tighten(rlog log.Ext1FieldLogger, old, wanted Restrictions) (res Restrictions, ok bool)

Tighten tightens/restricts a Restrictions with another set; if the wanted Restrictions are not tighter the original ones are returned

func (*Restrictions) ClearUnsupportedKeys added in v0.3.0

func (r *Restrictions) ClearUnsupportedKeys()

ClearUnsupportedKeys sets default values for the keys that are not supported by this instance

func (*Restrictions) EnforceMaxLifetime added in v0.3.0

func (r *Restrictions) EnforceMaxLifetime(issuer string) (changed bool)

EnforceMaxLifetime enforces the maximum mytoken lifetime set by server admins. Returns true if the restrictions was changed.

func (*Restrictions) GetAudiences

func (r *Restrictions) GetAudiences() (auds []string)

GetAudiences returns the union of all audiences, i.e. all audiences that must be requested at the issuer

func (*Restrictions) GetExpires

func (r *Restrictions) GetExpires() unixtime.UnixTime

GetExpires gets the maximum (latest) expiration time of all restrictions

func (*Restrictions) GetNotBefore

func (r *Restrictions) GetNotBefore() unixtime.UnixTime

GetNotBefore gets the minimal (earliest) nbf time of all restrictions

func (*Restrictions) GetScopes

func (r *Restrictions) GetScopes() (scopes []string)

GetScopes returns the union of all scopes, i.e. all scopes that must be requested at the issuer

func (Restrictions) GetValidForAT

func (r Restrictions) GetValidForAT(
	rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID,
) (ret Restrictions)

GetValidForAT returns the subset of Restrictions that can be used to obtain an access token

func (Restrictions) GetValidForOther

func (r Restrictions) GetValidForOther(
	rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID,
) (ret Restrictions)

GetValidForOther returns the subset of Restrictions that can be used for other actions than obtaining an access token

func (*Restrictions) ReplaceThisIp

func (r *Restrictions) ReplaceThisIp(ip string)

ReplaceThisIp replaces the special value 'this' with the given ip.

func (*Restrictions) Scan

func (r *Restrictions) Scan(src interface{}) error

Scan implements the sql.Scanner interface.

func (*Restrictions) SetMaxAudiences

func (r *Restrictions) SetMaxAudiences(mAud []string)

SetMaxAudiences sets the maximum audiences, i.e. all audiences are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested audiences that are dropped by the provider.

func (*Restrictions) SetMaxScopes

func (r *Restrictions) SetMaxScopes(mScopes []string)

SetMaxScopes sets the maximum scopes, i.e. all scopes are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested scopes that are dropped by the provider. Don't use it to eliminate scopes that are not enabled for the oidc client, because it also could be a custom scope.

func (Restrictions) ToUsedRestrictions

func (r Restrictions) ToUsedRestrictions(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (
	ur []UsedRestriction, err error,
)

ToUsedRestrictions turns a Restrictions into a slice of UsedRestriction

func (Restrictions) Value

func (r Restrictions) Value() (driver.Value, error)

Value implements the driver.Valuer interface

func (Restrictions) VerifyForAT

func (r Restrictions) VerifyForAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForAT verifies if this restrictions can be used to obtain an access token

func (Restrictions) VerifyForOther

func (r Restrictions) VerifyForOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForOther verifies if this restrictions can be used for other actions than obtaining an access token

func (Restrictions) WithAudiences

func (r Restrictions) WithAudiences(rlog log.Ext1FieldLogger, audiences []string) (ret Restrictions)

WithAudiences returns the subset of Restrictions that can be used with the specified audiences

func (Restrictions) WithScopes

func (r Restrictions) WithScopes(rlog log.Ext1FieldLogger, scopes []string) (ret Restrictions)

WithScopes returns the subset of Restrictions that can be used with the specified scopes

type UsedRestriction

type UsedRestriction struct {
	Restriction
	UsagesATDone    *int64 `json:"usages_AT_done,omitempty"`
	UsagesOtherDone *int64 `json:"usages_other_done,omitempty"`
}

UsedRestriction is a type for a restriction that has been used and additionally has information how often is has been used

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL