flow

package
v1.2.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 4, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrStrategyNotResponsible   = errors.New("strategy is not responsible for this request")
	ErrCompletedByStrategy      = errors.New("flow response completed by strategy")
	ErrStrategyAsksToReturnToUI = errors.New("flow strategy is redirecting to the ui")
)
View Source
var ErrCookieHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
	WithReasonf(`The HTTP Request Header included the "Cookie" key, indicating that this request was made by a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
View Source
var ErrOriginHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
	WithReasonf(`The HTTP Request Header included the "Origin" key, indicating that this request was made as part of an AJAX request in a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)

Functions

func AppendFlowTo

func AppendFlowTo(src *url.URL, id uuid.UUID) *url.URL

func EnsureCSRF

func EnsureCSRF(
	reg config.Provider,
	r *http.Request,
	flowType Type,
	disableAPIFlowEnforcement bool,
	generator func(r *http.Request) string,
	actual string,
) error

func ErrorWithContinueWith added in v1.1.0

func ErrorWithContinueWith(err *herodot.DefaultError, continueWith ...ContinueWith) *herodot.DefaultError

func GetCSRFToken

func GetCSRFToken(reg interface {
	x.CSRFProvider
	x.CSRFTokenGeneratorProvider
}, w http.ResponseWriter, r *http.Request, p Type) string

func GetFlowExpiredRedirectURL

func GetFlowExpiredRedirectURL(ctx context.Context, config *config.Config, route, returnTo string) *url.URL

func GetFlowID

func GetFlowID(r *http.Request) (uuid.UUID, error)

func HandleHookError added in v0.11.0

func HandleHookError(_ http.ResponseWriter, r *http.Request, f Flow, traits identity.Traits, group node.UiNodeGroup, flowError error, logger x.LoggingProvider, csrf x.CSRFTokenGeneratorProvider) error

func HasReachedState added in v1.1.0

func HasReachedState(expected, actual State) bool

func MethodEnabledAndAllowed

func MethodEnabledAndAllowed(ctx context.Context, flowName FlowName, expected, actual string, d config.Provider) error

func MethodEnabledAndAllowedFromRequest

func MethodEnabledAndAllowedFromRequest(r *http.Request, flow FlowName, expected string, d interface {
	config.Provider
},
) error

func PrefixInternalContextKey

func PrefixInternalContextKey(t identity.CredentialsType, suffix string) string

func SetDuplicateCredentials added in v1.1.0

func SetDuplicateCredentials(flow InternalContexter, creds DuplicateCredentialsData) error

SetDuplicateCredentials sets the duplicate credentials data in the flow's internal context.

Types

type BrowserLocationChangeRequiredError

type BrowserLocationChangeRequiredError struct {
	*herodot.DefaultError `json:"error"`

	// Points to where to redirect the user to next.
	RedirectBrowserTo string `json:"redirect_browser_to"`
}

BrowserLocationChangeRequiredError is sent when a flow requires a browser to change its location.

func NewBrowserLocationChangeRequiredError

func NewBrowserLocationChangeRequiredError(redirectTo string) *BrowserLocationChangeRequiredError

func (*BrowserLocationChangeRequiredError) EnhanceJSONError

func (e *BrowserLocationChangeRequiredError) EnhanceJSONError() interface{}

type ContinueWith added in v0.13.0

type ContinueWith any

swagger:model continueWith

type ContinueWithActionSetOrySessionToken added in v0.13.0

type ContinueWithActionSetOrySessionToken string

swagger:enum ContinueWithActionSetOrySessionToken

const (
	ContinueWithActionSetOrySessionTokenString ContinueWithActionSetOrySessionToken = "set_ory_session_token" // #nosec G101 -- only a key constant
)

type ContinueWithActionShowRecoveryUI added in v1.1.0

type ContinueWithActionShowRecoveryUI string

swagger:enum ContinueWithActionShowRecoveryUI

const (
	ContinueWithActionShowRecoveryUIString ContinueWithActionShowRecoveryUI = "show_recovery_ui"
)

#nosec G101 -- only a key constant

type ContinueWithActionShowSettingsUI added in v1.1.0

type ContinueWithActionShowSettingsUI string

swagger:enum ContinueWithActionShowSettingsUI

const (
	ContinueWithActionShowSettingsUIString ContinueWithActionShowSettingsUI = "show_settings_ui"
)

#nosec G101 -- only a key constant

type ContinueWithActionShowVerificationUI added in v0.13.0

type ContinueWithActionShowVerificationUI string

swagger:enum ContinueWithActionShowVerificationUI

const (
	ContinueWithActionShowVerificationUIString ContinueWithActionShowVerificationUI = "show_verification_ui"
)

#nosec G101 -- only a key constant

type ContinueWithRecoveryUI added in v1.1.0

type ContinueWithRecoveryUI struct {
	// Action will always be `show_recovery_ui`
	//
	// required: true
	Action ContinueWithActionShowRecoveryUI `json:"action"`
	// Flow contains the ID of the recovery flow
	//
	// required: true
	Flow ContinueWithRecoveryUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a recovery ui

swagger:model continueWithRecoveryUi

func NewContinueWithRecoveryUI added in v1.1.0

func NewContinueWithRecoveryUI(f Flow) *ContinueWithRecoveryUI

type ContinueWithRecoveryUIFlow added in v1.1.0

type ContinueWithRecoveryUIFlow struct {
	// The ID of the recovery flow
	//
	// required: true
	ID uuid.UUID `json:"id"`

	// The URL of the recovery flow
	//
	// required: false
	URL string `json:"url,omitempty"`
}

swagger:model continueWithRecoveryUiFlow

type ContinueWithSetOrySessionToken added in v1.1.0

type ContinueWithSetOrySessionToken struct {
	// Action will always be `set_ory_session_token`
	//
	// required: true
	Action ContinueWithActionSetOrySessionToken `json:"action"`

	// Token is the token of the session
	//
	// required: true
	OrySessionToken string `json:"ory_session_token"`
}

Indicates that a session was issued, and the application should use this token for authenticated requests

swagger:model continueWithSetOrySessionToken

func NewContinueWithSetToken added in v0.13.0

func NewContinueWithSetToken(t string) *ContinueWithSetOrySessionToken

func (ContinueWithSetOrySessionToken) AppendTo added in v1.1.0

type ContinueWithSettingsUI added in v1.1.0

type ContinueWithSettingsUI struct {
	// Action will always be `show_settings_ui`
	//
	// required: true
	Action ContinueWithActionShowSettingsUI `json:"action"`
	// Flow contains the ID of the verification flow
	//
	// required: true
	Flow ContinueWithSettingsUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a settings ui

swagger:model continueWithSettingsUi

func NewContinueWithSettingsUI added in v1.1.0

func NewContinueWithSettingsUI(f Flow) *ContinueWithSettingsUI

type ContinueWithSettingsUIFlow added in v1.1.0

type ContinueWithSettingsUIFlow struct {
	// The ID of the settings flow
	//
	// required: true
	ID uuid.UUID `json:"id"`
}

swagger:model continueWithSettingsUiFlow

type ContinueWithVerificationUI added in v0.13.0

type ContinueWithVerificationUI struct {
	// Action will always be `show_verification_ui`
	//
	// required: true
	Action ContinueWithActionShowVerificationUI `json:"action"`
	// Flow contains the ID of the verification flow
	//
	// required: true
	Flow ContinueWithVerificationUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a verification ui

swagger:model continueWithVerificationUi

func NewContinueWithVerificationUI added in v0.13.0

func NewContinueWithVerificationUI(f Flow, address, url string) *ContinueWithVerificationUI

func (ContinueWithVerificationUI) AppendTo added in v0.13.0

func (c ContinueWithVerificationUI) AppendTo(src *url.URL) *url.URL

type ContinueWithVerificationUIFlow added in v0.13.0

type ContinueWithVerificationUIFlow struct {
	// The ID of the verification flow
	//
	// required: true
	ID uuid.UUID `json:"id"`

	// The address that should be verified in this flow
	//
	// required: true
	VerifiableAddress string `json:"verifiable_address"`

	// The URL of the verification flow
	//
	// required: false
	URL string `json:"url,omitempty"`
}

swagger:model continueWithVerificationUiFlow

type DuplicateCredentialsData added in v1.1.0

type DuplicateCredentialsData struct {
	CredentialsType     identity.CredentialsType
	CredentialsConfig   sqlxx.JSONRawMessage
	DuplicateIdentifier string
}

func DuplicateCredentials added in v1.1.0

func DuplicateCredentials(flow InternalContexter) (*DuplicateCredentialsData, error)

DuplicateCredentials returns the duplicate credentials data from the flow's internal context.

type ExpiredError

type ExpiredError struct {
	*herodot.DefaultError `json:"error"`

	// When the flow has expired
	ExpiredAt time.Time `json:"expired_at"`

	// DEPRECATED: Please use the "expired_at" field instead to have a more accurate result.
	Since time.Duration `json:"since"`

	// The flow ID that should be used for the new flow as it contains the correct messages.
	FlowID uuid.UUID `json:"use_flow_id"`
	// contains filtered or unexported fields
}

ExpiredError is sent when a flow is expired

func NewFlowExpiredError

func NewFlowExpiredError(at time.Time) *ExpiredError

func (*ExpiredError) EnhanceJSONError

func (e *ExpiredError) EnhanceJSONError() interface{}

func (*ExpiredError) GetFlow

func (e *ExpiredError) GetFlow() Flow

func (*ExpiredError) Unwrap added in v1.1.0

func (e *ExpiredError) Unwrap() error

func (*ExpiredError) WithContinueWith added in v1.1.0

func (e *ExpiredError) WithContinueWith(continueWith ...ContinueWith) *ExpiredError

func (*ExpiredError) WithFlow

func (e *ExpiredError) WithFlow(flow Flow) *ExpiredError

type Flow

type Flow interface {
	GetID() uuid.UUID
	GetType() Type
	GetRequestURL() string
	AppendTo(*url.URL) *url.URL
	GetUI() *container.Container
	GetState() State
	SetState(State)
	GetFlowName() FlowName
	GetTransientPayload() json.RawMessage
}

type FlowName added in v1.1.0

type FlowName string

FlowName is the flow name.

The flow name can be one of: - 'login' - 'registration' - 'settings' - 'recovery' - 'verification'

swagger:ignore

const (
	LoginFlow        FlowName = "login"
	RegistrationFlow FlowName = "registration"
	SettingsFlow     FlowName = "settings"
	RecoveryFlow     FlowName = "recovery"
	VerificationFlow FlowName = "verification"
)

type FlowWithContinueWith added in v0.13.0

type FlowWithContinueWith interface {
	Flow
	AddContinueWith(ContinueWith)
	ContinueWith() []ContinueWith
}

type FlowWithRedirect added in v1.0.0

type FlowWithRedirect interface {
	SecureRedirectToOpts(ctx context.Context, cfg config.Provider) (opts []x.SecureRedirectOption)
}

type InternalContexter added in v1.1.0

type InternalContexter interface {
	EnsureInternalContext()
	GetInternalContext() sqlxx.JSONRawMessage
	SetInternalContext(sqlxx.JSONRawMessage)
}

type MethodConfigurator

type MethodConfigurator interface {
	container.NodeGetter

	container.ErrorParser

	// form.NodeSetter
	// form.NodeUnsetter
	container.ValueSetter

	container.Resetter
	container.MessageResetter
	container.CSRFSetter
	container.FieldSorter
}

swagger:ignore

type ReplacedError added in v0.11.0

type ReplacedError struct {
	*herodot.DefaultError `json:"error"`

	// The flow ID that should be used for the new flow as it contains the correct messages.
	FlowID uuid.UUID `json:"use_flow_id"`
	// contains filtered or unexported fields
}

ReplacedError is sent when a flow is replaced by a different flow of the same class

func NewFlowReplacedError added in v0.11.0

func NewFlowReplacedError(message *text.Message) *ReplacedError

func (*ReplacedError) EnhanceJSONError added in v0.11.0

func (e *ReplacedError) EnhanceJSONError() interface{}

func (*ReplacedError) GetFlow added in v0.11.0

func (e *ReplacedError) GetFlow() Flow

func (*ReplacedError) WithFlow added in v0.11.0

func (e *ReplacedError) WithFlow(flow Flow) *ReplacedError

type State added in v1.1.0

type State string

Flow State

The state represents the state of the verification flow.

- choose_method: ask the user to choose a method (e.g. recover account via email) - sent_email: the email has been sent to the user - passed_challenge: the request was successful and the recovery challenge was passed. - show_form: a form is shown to the user to perform the flow - success: the flow has been completed successfully

swagger:enum selfServiceFlowState

const (
	StateChooseMethod    State = "choose_method"
	StateEmailSent       State = "sent_email"
	StatePassedChallenge State = "passed_challenge"
	StateShowForm        State = "show_form"
	StateSuccess         State = "success"
)

#nosec G101 -- only a key constant

func NextState added in v1.1.0

func NextState(current State) State

func (State) MarshalJSON added in v1.1.0

func (ns State) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*State) Scan added in v1.1.0

func (ns *State) Scan(value interface{}) error

Scan implements the Scanner interface.

func (State) String added in v1.1.0

func (ns State) String() string

String implements the Stringer interface.

func (*State) UnmarshalJSON added in v1.1.0

func (ns *State) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (State) Value added in v1.1.0

func (ns State) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type Type

type Type string

Type is the flow type.

The flow type can either be `api` or `browser`.

swagger:model selfServiceFlowType

const (
	TypeAPI     Type = "api"
	TypeBrowser Type = "browser"
)

func (Type) IsAPI added in v0.11.0

func (t Type) IsAPI() bool

func (Type) IsBrowser added in v0.11.0

func (t Type) IsBrowser() bool

func (Type) String added in v1.1.0

func (t Type) String() string

func (Type) Valid added in v1.2.0

func (t Type) Valid() bool

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL