session

package
v0.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2023 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RouteCollection = "/sessions"
	RouteWhoami     = RouteCollection + "/whoami"
	RouteSession    = RouteCollection + "/:id"
)
View Source 
const (
	AdminRouteIdentity           = "/identities"
	AdminRouteIdentitiesSessions = AdminRouteIdentity + "/:id/sessions"
	AdminRouteSessionExtendId    = RouteSession + "/extend"
)

Variables

View Source 
var ErrIdentityDisabled = herodot.ErrUnauthorized.WithError("identity is disabled").WithReason("This account was disabled.")
View Source 
var ErrNoSessionFound = herodot.ErrUnauthorized.WithReasonf("No valid session credentials found in the request.")
View Source 
var ExpandDefault = Expandables{
	ExpandSessionIdentity,
}

ExpandDefault expands the default fields of a session - Associated Identity

View Source 
var ExpandEverything = Expandables{
	ExpandSessionDevices,
	ExpandSessionIdentity,
}

ExpandEverything expands all the fields of a session.

View Source 
var ExpandNothing []Expandable

ExpandNothing expands nothing

Functions

func RedirectOnAuthenticated 

func RedirectOnAuthenticated(d interface{ config.Provider }) httprouter.Handle

func RedirectOnUnauthenticated 

func RedirectOnUnauthenticated(to string) httprouter.Handle

func RespondWithJSONErrorOnAuthenticated 

func RespondWithJSONErrorOnAuthenticated(h herodot.Writer, err error) httprouter.Handle

func RespondWitherrorGenericOnAuthenticated added in v0.11.0 

func RespondWitherrorGenericOnAuthenticated(h herodot.Writer, err error) httprouter.Handle

Types

type AuthenticationMethod 

type AuthenticationMethod struct {
	// The method used in this authenticator.
	Method identity.CredentialsType `json:"method"`

	// The AAL this method introduced.
	AAL identity.AuthenticatorAssuranceLevel `json:"aal"`

	// When the authentication challenge was completed.
	CompletedAt time.Time `json:"completed_at"`
}

AuthenticationMethod identifies an authentication method

A singular authenticator used during authentication / login.

swagger:model sessionAuthenticationMethod

func (*AuthenticationMethod) Scan 

func (n *AuthenticationMethod) Scan(value interface{}) error

Scan implements the Scanner interface.

func (AuthenticationMethod) Value 

func (n AuthenticationMethod) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type AuthenticationMethods 

type AuthenticationMethods []AuthenticationMethod

List of (Used) AuthenticationMethods

A list of authenticators which were used to authenticate the session.

swagger:model sessionAuthenticationMethods

func (*AuthenticationMethods) Scan 

func (n *AuthenticationMethods) Scan(value interface{}) error

Scan implements the Scanner interface.

func (AuthenticationMethods) Value 

func (n AuthenticationMethods) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type Device 

type Device struct {
	// Device record ID
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// SessionID is a helper struct field for gobuffalo.pop.
	SessionID uuid.UUID `json:"-" faker:"-" db:"session_id"`

	// IPAddress of the client
	IPAddress *string `json:"ip_address" faker:"ptr_ipv4" db:"ip_address"`

	// UserAgent of the client
	UserAgent *string `json:"user_agent" faker:"-" db:"user_agent"`

	// Geo Location corresponding to the IP Address
	Location *string `json:"location" faker:"ptr_geo_location" db:"location"`

	// Time of capture
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`

	// Last updated at
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`

	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

Device corresponding to a Session

swagger:model sessionDevice

func (Device) TableName added in v0.11.0 

func (m Device) TableName(ctx context.Context) string

type ErrAALNotSatisfied 

type ErrAALNotSatisfied struct {
	*herodot.DefaultError `json:"error"`
	RedirectTo            string `json:"redirect_browser_to"`
}

ErrAALNotSatisfied is returned when an active session was found but the requested AAL is not satisfied.

swagger:model errorAuthenticatorAssuranceLevelNotSatisfied

func NewErrAALNotSatisfied 

func NewErrAALNotSatisfied(redirectTo string) *ErrAALNotSatisfied

NewErrAALNotSatisfied creates a new ErrAALNotSatisfied.

func (*ErrAALNotSatisfied) EnhanceJSONError 

func (e *ErrAALNotSatisfied) EnhanceJSONError() interface{}

func (*ErrAALNotSatisfied) PassReturnToAndLoginChallengeParameters added in v0.11.0 

func (e *ErrAALNotSatisfied) PassReturnToAndLoginChallengeParameters(requestURL string) error

type ErrNoActiveSessionFound 

type ErrNoActiveSessionFound struct {
	*herodot.DefaultError `json:"error"`
	// contains filtered or unexported fields
}

ErrNoActiveSessionFound is returned when no active cookie session could be found in the request.

func NewErrNoActiveSessionFound 

func NewErrNoActiveSessionFound() *ErrNoActiveSessionFound

NewErrNoActiveSessionFound creates a new ErrNoActiveSessionFound

func NewErrNoCredentialsForSession added in v0.11.0 

func NewErrNoCredentialsForSession() *ErrNoActiveSessionFound

NewErrNoCredentialsForSession creates a new NewErrNoCredentialsForSession

func (*ErrNoActiveSessionFound) EnhanceJSONError 

func (e *ErrNoActiveSessionFound) EnhanceJSONError() interface{}

type Expandable added in v0.11.0 

type Expandable string

Expandable controls what fields to expand for sessions. swagger:enum Expandable 

const (
	// ExpandSessionDevices expands devices related to the session
	ExpandSessionDevices Expandable = "Devices"
	// ExpandSessionIdentity expands Identity related to the session
	ExpandSessionIdentity Expandable = "Identity"
)

func ParseExpandable added in v0.11.0 

func ParseExpandable(in string) (Expandable, bool)

func (Expandable) String added in v0.11.0 

func (e Expandable) String() string

String returns a string representation of the Expandable.

type Expandables added in v0.11.0 

type Expandables []Expandable

Expandables is a list of Expandable values.

func (Expandables) Has added in v0.11.0 

func (e Expandables) Has(search Expandable) bool

Has returns true if the Expandable is in the list.

func (Expandables) ToEager added in v0.11.0 

func (e Expandables) ToEager() []string

ToEager returns the fields used by pop's Eager command.

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler(
	r handlerDependencies,
) *Handler

func (*Handler) IsAuthenticated 

func (h *Handler) IsAuthenticated(wrap httprouter.Handle, onUnauthenticated httprouter.Handle) httprouter.Handle

func (*Handler) IsNotAuthenticated 

func (h *Handler) IsNotAuthenticated(wrap httprouter.Handle, onAuthenticated httprouter.Handle) httprouter.Handle

func (*Handler) RegisterAdminRoutes 

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

func (*Handler) RegisterPublicRoutes 

func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)

type HandlerProvider 

type HandlerProvider interface {
	SessionHandler() *Handler
}

type ManagementProvider 

type ManagementProvider interface {
	SessionManager() Manager
}

type Manager 

type Manager interface {
	// UpsertAndIssueCookie stores a session in the database and issues a cookie by calling IssueCookie.
	//
	// Also regenerates CSRF tokens due to assumed principal change.
	UpsertAndIssueCookie(context.Context, http.ResponseWriter, *http.Request, *Session) error

	// IssueCookie issues a cookie for the given session.
	//
	// Also regenerates CSRF tokens due to assumed principal change.
	IssueCookie(context.Context, http.ResponseWriter, *http.Request, *Session) error

	// RefreshCookie checks if the request uses an outdated cookie and refreshes the cookie if needed.
	RefreshCookie(context.Context, http.ResponseWriter, *http.Request, *Session) error

	// FetchFromRequest creates an HTTP session using cookies.
	FetchFromRequest(context.Context, *http.Request) (*Session, error)

	// PurgeFromRequest removes an HTTP session.
	PurgeFromRequest(context.Context, http.ResponseWriter, *http.Request) error

	// DoesSessionSatisfy answers if a session is satisfying the AAL.
	DoesSessionSatisfy(r *http.Request, sess *Session, requestedAAL string) error

	// SessionAddAuthenticationMethods adds one or more authentication method to the session.
	SessionAddAuthenticationMethods(ctx context.Context, sid uuid.UUID, methods ...AuthenticationMethod) error
}

Manager handles identity sessions.

type ManagerHTTP 

type ManagerHTTP struct {
	// contains filtered or unexported fields
}

func NewManagerHTTP 

func NewManagerHTTP(r managerHTTPDependencies) *ManagerHTTP

func (*ManagerHTTP) DoesSessionSatisfy 

func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, requestedAAL string) (err error)

func (*ManagerHTTP) FetchFromRequest 

func (s *ManagerHTTP) FetchFromRequest(ctx context.Context, r *http.Request) (_ *Session, err error)

func (*ManagerHTTP) IssueCookie 

func (s *ManagerHTTP) IssueCookie(ctx context.Context, w http.ResponseWriter, r *http.Request, session *Session) (err error)

func (*ManagerHTTP) PurgeFromRequest 

func (s *ManagerHTTP) PurgeFromRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) (err error)

func (*ManagerHTTP) RefreshCookie added in v0.11.0 

func (s *ManagerHTTP) RefreshCookie(ctx context.Context, w http.ResponseWriter, r *http.Request, session *Session) (err error)

func (*ManagerHTTP) SessionAddAuthenticationMethods 

func (s *ManagerHTTP) SessionAddAuthenticationMethods(ctx context.Context, sid uuid.UUID, ams ...AuthenticationMethod) (err error)

func (*ManagerHTTP) UpsertAndIssueCookie 

func (s *ManagerHTTP) UpsertAndIssueCookie(ctx context.Context, w http.ResponseWriter, r *http.Request, ss *Session) (err error)

type PersistenceProvider 

type PersistenceProvider interface {
	SessionPersister() Persister
}

type Persister 

type Persister interface {
	GetConnection(ctx context.Context) *pop.Connection

	// GetSession retrieves a session from the store.
	GetSession(ctx context.Context, sid uuid.UUID, expandables Expandables) (*Session, error)

	// ListSessions retrieves all sessions.
	ListSessions(ctx context.Context, active *bool, paginatorOpts []keysetpagination.Option, expandables Expandables) ([]Session, int64, *keysetpagination.Paginator, error)

	// ListSessionsByIdentity retrieves sessions for an identity from the store.
	ListSessionsByIdentity(ctx context.Context, iID uuid.UUID, active *bool, page, perPage int, except uuid.UUID, expandables Expandables) ([]*Session, int64, error)

	// UpsertSession inserts or updates a session into / in the store.
	UpsertSession(ctx context.Context, s *Session) error

	// DeleteSession removes a session from the store.
	DeleteSession(ctx context.Context, id uuid.UUID) error

	// DeleteSessionsByIdentity removes all active session from the store for the given identity.
	DeleteSessionsByIdentity(ctx context.Context, identity uuid.UUID) error

	// GetSessionByToken gets the session associated with the given token.
	//
	// Functionality is similar to GetSession but accepts a session token
	// instead of a session ID.
	GetSessionByToken(ctx context.Context, token string, expandables Expandables, identityExpandables identity.Expandables) (*Session, error)

	// DeleteExpiredSessions deletes sessions that expired before the given time.
	DeleteExpiredSessions(context.Context, time.Time, int) error

	// DeleteSessionByToken deletes a session associated with the given token.
	//
	// Functionality is similar to DeleteSession but accepts a session token
	// instead of a session ID.
	DeleteSessionByToken(context.Context, string) error

	// RevokeSessionByToken marks a session inactive with the given token.
	RevokeSessionByToken(ctx context.Context, token string) error

	// RevokeSessionById marks a session inactive with the specified uuid
	RevokeSessionById(ctx context.Context, sID uuid.UUID) error

	// RevokeSession marks a given session inactive.
	RevokeSession(ctx context.Context, iID, sID uuid.UUID) error

	// RevokeSessionsIdentityExcept marks all except the given session of an identity inactive. It returns the number of sessions that were revoked.
	RevokeSessionsIdentityExcept(ctx context.Context, iID, sID uuid.UUID) (int, error)
}

type Session 

type Session struct {
	// Session ID
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// Active state. If false the session is no longer active.
	Active bool `json:"active" db:"active"`

	// The Session Expiry
	//
	// When this session expires at.
	ExpiresAt time.Time `json:"expires_at" db:"expires_at" faker:"time_type"`

	// The Session Authentication Timestamp
	//
	// When this session was authenticated at. If multi-factor authentication was used this
	// is the time when the last factor was authenticated (e.g. the TOTP code challenge was completed).
	AuthenticatedAt time.Time `json:"authenticated_at" db:"authenticated_at" faker:"time_type"`

	// AuthenticationMethod Assurance Level (AAL)
	//
	// The authenticator assurance level can be one of "aal1", "aal2", or "aal3". A higher number means that it is harder
	// for an attacker to compromise the account.
	//
	// Generally, "aal1" implies that one authentication factor was used while AAL2 implies that two factors (e.g.
	// password + TOTP) have been used.
	//
	// To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials
	AuthenticatorAssuranceLevel identity.AuthenticatorAssuranceLevel `faker:"len=4" db:"aal" json:"authenticator_assurance_level"`

	// Authentication Method References (AMR)
	//
	// A list of authentication methods (e.g. password, oidc, ...) used to issue this session.
	AMR AuthenticationMethods `db:"authentication_methods" json:"authentication_methods"`

	// The Session Issuance Timestamp
	//
	// When this session was issued at. Usually equal or close to `authenticated_at`.
	IssuedAt time.Time `json:"issued_at" db:"issued_at" faker:"time_type"`

	// The Logout Token
	//
	// Use this token to log out a user.
	LogoutToken string `json:"-" db:"logout_token"`

	// required: true
	Identity *identity.Identity `json:"identity" faker:"identity" db:"-" belongs_to:"identities" fk_id:"IdentityID"`

	// Devices has history of all endpoints where the session was used
	Devices []Device `json:"devices" faker:"-" has_many:"session_devices" fk_id:"session_id"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`

	// The Session Token
	//
	// The token of this session.
	Token string    `json:"-" db:"token"`
	NID   uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

A Session

swagger:model session

func NewActiveSession 

func NewActiveSession(r *http.Request, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time, completedLoginFor identity.CredentialsType, completedLoginAAL identity.AuthenticatorAssuranceLevel) (*Session, error)

func NewInactiveSession 

func NewInactiveSession() *Session

func (*Session) Activate 

func (s *Session) Activate(r *http.Request, i *identity.Identity, c lifespanProvider, authenticatedAt time.Time) error

func (*Session) CanBeRefreshed 

func (s *Session) CanBeRefreshed(ctx context.Context, c refreshWindowProvider) bool

func (*Session) CompletedLoginFor 

func (s *Session) CompletedLoginFor(method identity.CredentialsType, aal identity.AuthenticatorAssuranceLevel)

func (*Session) Declassify 

func (s *Session) Declassify() *Session

func (Session) DefaultPageToken added in v0.11.1 

func (s Session) DefaultPageToken() keysetpagination.PageToken

func (*Session) IsActive 

func (s *Session) IsActive() bool

func (Session) PageToken added in v0.11.0 

func (s Session) PageToken() keysetpagination.PageToken

func (*Session) Refresh 

func (s *Session) Refresh(ctx context.Context, c lifespanProvider) *Session

func (*Session) SaveSessionDeviceInformation added in v0.11.0 

func (s *Session) SaveSessionDeviceInformation(r *http.Request)

func (*Session) SetAuthenticatorAssuranceLevel 

func (s *Session) SetAuthenticatorAssuranceLevel()

func (Session) TableName 

func (s Session) TableName(ctx context.Context) string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.