GO-2024-3160: Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials in github.com/ory/kratos

session

package

v0.0.1-alpha.5 Latest Latest Go to latest Published: Jan 29, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/kratos

Documentation ¶

Index ¶

Constants
Variables
func MockCookieClient(t *testing.T) *http.Client
func MockGetSession(t *testing.T, reg mockDeps) httprouter.Handle
func MockHydrateCookieClient(t *testing.T, c *http.Client, u string)
func MockMakeAuthenticatedRequest(t *testing.T, reg mockDeps, router *httprouter.Router, req *http.Request) ([]byte, *http.Response)
func MockSetSession(t *testing.T, reg mockDeps) httprouter.Handle
func RedirectOnAuthenticated(c configuration.Provider) httprouter.Handle
func RedirectOnUnauthenticated(to string) httprouter.Handle
func TestPersister(p interface{ ... }) func(t *testing.T)
type Device
type Handler
- func NewHandler(r handlerDependencies) *Handler
- func (h *Handler) IsAuthenticated(wrap httprouter.Handle, onUnauthenticated httprouter.Handle) httprouter.Handle
- func (h *Handler) IsNotAuthenticated(wrap httprouter.Handle, onAuthenticated httprouter.Handle) httprouter.Handle
- func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
- func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
type HandlerProvider
type ManagementProvider
type Manager
type ManagerHTTP
- func NewManagerHTTP(c managerHTTPConfiguration, r managerHTTPDependencies) *ManagerHTTP
- func (s *ManagerHTTP) CreateToRequest(ctx context.Context, i *identity.Identity, w http.ResponseWriter, ...) (*Session, error)
- func (s *ManagerHTTP) FetchFromRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) (*Session, error)
- func (s *ManagerHTTP) PurgeFromRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) error
- func (s *ManagerHTTP) SaveToRequest(ctx context.Context, session *Session, w http.ResponseWriter, r *http.Request) error
type PersistenceProvider
type Persister
type Session
- func MockSessionCreateHandler(t *testing.T, reg mockDeps) (httprouter.Handle, *Session)
- func MockSessionCreateHandlerWithIdentity(t *testing.T, reg mockDeps, i *identity.Identity) (httprouter.Handle, *Session)
- func NewSession(i *identity.Identity, r *http.Request, c interface{ ... }) *Session
- func (s *Session) GetIdentity() *identity.Identity
- func (s *Session) ResetModifiedIdentityFlag() *Session
- func (s Session) TableName() string
- func (s *Session) UpdateIdentity(i *identity.Identity) *Session
- func (s *Session) WasIdentityModified() bool

Constants ¶

View Source

const (
	CheckPath = "/sessions/me"
)

View Source

const DefaultSessionCookieName = "ory_kratos_session"

DefaultSessionCookieName returns the default cookie name for the kratos session.

Variables ¶

View Source

var (
	// ErrNoActiveSessionFound is returned when no active cookie session could be found in the request.
	ErrNoActiveSessionFound = herodot.ErrUnauthorized.WithError("request does not have a valid authentication session").WithReason("No active session was found in this request.")
)

Functions ¶

func MockCookieClient ¶

func MockCookieClient(t *testing.T) *http.Client

func MockGetSession ¶

func MockGetSession(t *testing.T, reg mockDeps) httprouter.Handle

func MockHydrateCookieClient ¶

func MockHydrateCookieClient(t *testing.T, c *http.Client, u string)

func MockMakeAuthenticatedRequest ¶

func MockMakeAuthenticatedRequest(t *testing.T, reg mockDeps, router *httprouter.Router, req *http.Request) ([]byte, *http.Response)

func MockSetSession ¶

func MockSetSession(t *testing.T, reg mockDeps) httprouter.Handle

func RedirectOnAuthenticated ¶

func RedirectOnAuthenticated(c configuration.Provider) httprouter.Handle

func RedirectOnUnauthenticated ¶

func RedirectOnUnauthenticated(to string) httprouter.Handle

func TestPersister ¶

func TestPersister(p interface {
	Persister
	identity.Pool
}) func(t *testing.T)

Types ¶

type Device ¶

type Device struct {
	UserAgent string      `json:"user_agent"`
	SeenAt    []time.Time `json:"seen_at" faker:"time_types"`
}

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler ¶

func NewHandler(
	r handlerDependencies,
) *Handler

func (*Handler) IsAuthenticated ¶

func (h *Handler) IsAuthenticated(wrap httprouter.Handle, onUnauthenticated httprouter.Handle) httprouter.Handle

func (*Handler) IsNotAuthenticated ¶

func (h *Handler) IsNotAuthenticated(wrap httprouter.Handle, onAuthenticated httprouter.Handle) httprouter.Handle

func (*Handler) RegisterAdminRoutes ¶

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

func (*Handler) RegisterPublicRoutes ¶

func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)

type HandlerProvider ¶

type HandlerProvider interface {
	SessionHandler() *Handler
}

type ManagementProvider ¶

type ManagementProvider interface {
	SessionManager() Manager
}

type Manager ¶

type Manager interface {
	CreateToRequest(context.Context, *identity.Identity, http.ResponseWriter, *http.Request) (*Session, error)

	// SaveToRequest creates an HTTP session using cookies.
	SaveToRequest(context.Context, *Session, http.ResponseWriter, *http.Request) error

	// FetchFromRequest creates an HTTP session using cookies.
	FetchFromRequest(context.Context, http.ResponseWriter, *http.Request) (*Session, error)

	// PurgeFromRequest removes an HTTP session.
	PurgeFromRequest(context.Context, http.ResponseWriter, *http.Request) error
}

Manager handles identity sessions.

type ManagerHTTP ¶

type ManagerHTTP struct {
	// contains filtered or unexported fields
}

func NewManagerHTTP ¶

func NewManagerHTTP(
	c managerHTTPConfiguration,
	r managerHTTPDependencies,
) *ManagerHTTP

func (*ManagerHTTP) CreateToRequest ¶

func (s *ManagerHTTP) CreateToRequest(ctx context.Context, i *identity.Identity, w http.ResponseWriter, r *http.Request) (*Session, error)

func (*ManagerHTTP) FetchFromRequest ¶

func (s *ManagerHTTP) FetchFromRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) (*Session, error)

func (*ManagerHTTP) PurgeFromRequest ¶

func (s *ManagerHTTP) PurgeFromRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) error

func (*ManagerHTTP) SaveToRequest ¶

func (s *ManagerHTTP) SaveToRequest(ctx context.Context, session *Session, w http.ResponseWriter, r *http.Request) error

type PersistenceProvider ¶

type PersistenceProvider interface {
	SessionPersister() Persister
}

type Persister ¶

type Persister interface {
	// Get retrieves a session from the store.
	GetSession(ctx context.Context, sid uuid.UUID) (*Session, error)

	// Create adds a session to the store.
	CreateSession(ctx context.Context, s *Session) error

	// Delete removes a session from the store
	DeleteSession(ctx context.Context, sid uuid.UUID) error

	// DeleteSessionsFor removes all active session from the store for the given identity.
	DeleteSessionsFor(ctx context.Context, sid uuid.UUID) error
}

type Session ¶

type Session struct {
	ID              uuid.UUID          `json:"sid" faker:"uuid" db:"id"`
	ExpiresAt       time.Time          `json:"expires_at" db:"expires_at" faker:"time_type"`
	AuthenticatedAt time.Time          `json:"authenticated_at" db:"authenticated_at" faker:"time_type"`
	IssuedAt        time.Time          `json:"issued_at" db:"issued_at" faker:"time_type"`
	Identity        *identity.Identity `json:"identity" faker:"identity" db:"-" belongs_to:"identities" fk_id:"IdentityID"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
	// contains filtered or unexported fields
}

func MockSessionCreateHandler ¶

func MockSessionCreateHandler(t *testing.T, reg mockDeps) (httprouter.Handle, *Session)

func MockSessionCreateHandlerWithIdentity ¶

func MockSessionCreateHandlerWithIdentity(t *testing.T, reg mockDeps, i *identity.Identity) (httprouter.Handle, *Session)

func NewSession ¶

func NewSession(i *identity.Identity, r *http.Request, c interface {
	SessionLifespan() time.Duration
}) *Session

func (*Session) GetIdentity ¶

func (s *Session) GetIdentity() *identity.Identity

func (*Session) ResetModifiedIdentityFlag ¶

func (s *Session) ResetModifiedIdentityFlag() *Session

func (Session) TableName ¶

func (s Session) TableName() string

func (*Session) UpdateIdentity ¶

func (s *Session) UpdateIdentity(i *identity.Identity) *Session

func (*Session) WasIdentityModified ¶

func (s *Session) WasIdentityModified() bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL