GO-2022-0786: Authentication Bypass in hydra in github.com/ory/hydra

The highest tagged major version is v2.

warden

package

v0.2.0 Latest Latest Go to latest Published: Aug 9, 2016 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/hydra

Links

Open Source Insights

Documentation ¶

Overview ¶

Package warden decides if access requests should be allowed or denied. In a scientific taxonomy, the warden is classified as a Policy Decision Point. THe warden's primary goal is to implement `github.com/ory-am/hydra/firewall.Firewall`.

This package is structured as follows: * handler.go: A HTTP handler capable of validating access tokens. * warden_http.go: A Go API using HTTP to validate access tokens. * warden_local.go: A Go API using storage managers to validate access tokens. * warden_test.go: Functional tests all of the above.

Index ¶

Constants
func TokenFromRequest(r *http.Request) string
type HTTPWarden
type LocalWarden
type WardenAccessRequest
type WardenAuthorizedRequest
type WardenHandler
- func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler

Constants ¶

View Source

const (
	TokenValidHandlerPath   = "/warden/token/valid"
	TokenAllowedHandlerPath = "/warden/token/allowed"
	AllowedHandlerPath      = "/warden/allowed"
	IntrospectPath          = "/oauth2/introspect"
)

Variables ¶

This section is empty.

Functions ¶

func TokenFromRequest ¶

func TokenFromRequest(r *http.Request) string

Types ¶

type HTTPWarden ¶

type HTTPWarden struct {
	Client   *http.Client
	Dry      bool
	Endpoint *url.URL
}

func (*HTTPWarden) InspectToken ¶

func (w *HTTPWarden) InspectToken(ctx context.Context, token string, scopes ...string) (*firewall.Context, error)

func (*HTTPWarden) IntrospectToken ¶

func (w *HTTPWarden) IntrospectToken(ctx context.Context, token string) (*firewall.Introspection, error)

func (*HTTPWarden) IsAllowed ¶

func (w *HTTPWarden) IsAllowed(ctx context.Context, a *ladon.Request) error

func (*HTTPWarden) SetClient ¶

func (w *HTTPWarden) SetClient(c *clientcredentials.Config)

func (*HTTPWarden) TokenAllowed ¶

func (w *HTTPWarden) TokenAllowed(ctx context.Context, token string, a *ladon.Request, scopes ...string) (*firewall.Context, error)

func (*HTTPWarden) TokenFromRequest ¶

func (w *HTTPWarden) TokenFromRequest(r *http.Request) string

type LocalWarden ¶

type LocalWarden struct {
	Warden ladon.Warden
	OAuth2 fosite.OAuth2Provider

	AccessTokenLifespan time.Duration
	Issuer              string
}

func (*LocalWarden) InspectToken ¶

func (w *LocalWarden) InspectToken(ctx context.Context, token string, scopes ...string) (*firewall.Context, error)

func (*LocalWarden) IntrospectToken ¶

func (w *LocalWarden) IntrospectToken(ctx context.Context, token string) (*firewall.Introspection, error)

func (*LocalWarden) IsAllowed ¶

func (w *LocalWarden) IsAllowed(ctx context.Context, a *ladon.Request) error

func (*LocalWarden) TokenAllowed ¶

func (w *LocalWarden) TokenAllowed(ctx context.Context, token string, a *ladon.Request, scopes ...string) (*firewall.Context, error)

func (*LocalWarden) TokenFromRequest ¶

func (w *LocalWarden) TokenFromRequest(r *http.Request) string

type WardenAccessRequest ¶

type WardenAccessRequest struct {
	*ladon.Request
	*WardenAuthorizedRequest
}

type WardenAuthorizedRequest ¶

type WardenAuthorizedRequest struct {
	Scopes []string `json:"scopes"`
	Token  string   `json:"token"`
}

type WardenHandler ¶

type WardenHandler struct {
	H      herodot.Herodot
	Warden firewall.Firewall
}

func NewHandler ¶

func NewHandler(c *config.Config, router *httprouter.Router) *WardenHandler

func (*WardenHandler) Allowed ¶

func (h *WardenHandler) Allowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*WardenHandler) Introspect ¶

func (h *WardenHandler) Introspect(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*WardenHandler) SetRoutes ¶

func (h *WardenHandler) SetRoutes(r *httprouter.Router)

func (*WardenHandler) TokenAllowed ¶

func (h *WardenHandler) TokenAllowed(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*WardenHandler) TokenValid ¶

func (h *WardenHandler) TokenValid(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL