GO-2024-3160: Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials in github.com/ory/kratos

configuration

package

v0.2.1-alpha.1 Latest Latest Go to latest Published: May 5, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/kratos

Documentation ¶

Index ¶

Constants
func HookStrategyKey(key, strategy string) string
type HasherArgon2Config
type Provider
type SchemaConfig
type SchemaConfigs
- func (s SchemaConfigs) FindSchemaByID(id string) (*SchemaConfig, error)
type SelfServiceHook
type SelfServiceStrategy
type ViperProvider
- func NewViperProvider(l logrus.FieldLogger, dev bool) *ViperProvider

Constants ¶

View Source

const (
	ViperKeyDSN = "dsn"

	ViperKeyCourierSMTPURL       = "courier.smtp.connection_uri"
	ViperKeyCourierTemplatesPath = "courier.template_override_path"
	ViperKeyCourierSMTPFrom      = "courier.smtp.from_address"

	ViperKeySecretsSession = "secrets.session"

	ViperKeyDefaultReturnTo                = "default_return_to"
	ViperKeyURLsDefaultReturnTo            = "urls." + ViperKeyDefaultReturnTo
	ViperKeyURLsSelfPublic                 = "urls.self.public"
	ViperKeyURLsSelfAdmin                  = "urls.self.admin"
	ViperKeyURLsLogin                      = "urls.login_ui"
	ViperKeyURLsError                      = "urls.error_ui"
	ViperKeyURLsVerification               = "urls.verify_ui"
	ViperKeyURLsSettings                   = "urls.settings_ui"
	ViperKeyURLsMFA                        = "urls.mfa_ui"
	ViperKeyURLsRegistration               = "urls.registration_ui"
	ViperKeyURLsWhitelistedReturnToDomains = "urls.whitelisted_return_to_urls"

	ViperKeyLifespanSession = "ttl.session"

	ViperKeySessionSameSite = "security.session.cookie.same_site"

	ViperKeySelfServiceStrategyConfig = "selfservice.strategies"

	ViperKeySelfServiceRegistrationAfter           = "selfservice.registration.after"
	ViperKeySelfServiceRegistrationBeforeHooks     = "selfservice.registration.before.hooks"
	ViperKeySelfServiceLifespanRegistrationRequest = "selfservice.registration.request_lifespan"

	ViperKeySelfServiceLoginAfter           = "selfservice.login.after"
	ViperKeySelfServiceLoginBeforeHooks     = "selfservice.login.before.hooks"
	ViperKeySelfServiceLifespanLoginRequest = "selfservice.login.request_lifespan"

	ViperKeySelfServiceLogoutRedirectURL = "selfservice.logout.redirect_to"

	ViperKeySelfServiceSettingsAfter                 = "selfservice.settings.after"
	ViperKeySelfServiceSettingsRequestLifespan       = "selfservice.settings.request_lifespan"
	ViperKeySelfServicePrivilegedAuthenticationAfter = "selfservice.settings.privileged_session_max_age"

	ViperKeySelfServiceLifespanLink                = "selfservice.verify.link_lifespan"
	ViperKeySelfServiceLifespanVerificationRequest = "selfservice.verify.request_lifespan"
	ViperKeySelfServiceVerifyReturnTo              = "selfservice.verify.return_to"

	ViperKeyDefaultIdentityTraitsSchemaURL = "identity.traits.default_schema_url"
	ViperKeyIdentityTraitsSchemas          = "identity.traits.schemas"

	ViperKeyHasherArgon2ConfigMemory      = "hashers.argon2.memory"
	ViperKeyHasherArgon2ConfigIterations  = "hashers.argon2.iterations"
	ViperKeyHasherArgon2ConfigParallelism = "hashers.argon2.parallelism"
	ViperKeyHasherArgon2ConfigSaltLength  = "hashers.argon2.salt_length"
	ViperKeyHasherArgon2ConfigKeyLength   = "hashers.argon2.key_length"
)

View Source

const DefaultIdentityTraitsSchemaID = "default"

Variables ¶

This section is empty.

Functions ¶

func HookStrategyKey ¶

func HookStrategyKey(key, strategy string) string

Types ¶

type HasherArgon2Config ¶

type HasherArgon2Config struct {
	Memory      uint32
	Iterations  uint32
	Parallelism uint8
	SaltLength  uint32
	KeyLength   uint32
}

type Provider ¶

type Provider interface {
	AdminListenOn() string
	PublicListenOn() string
	DSN() string

	SessionSecrets() [][]byte

	SelfPublicURL() *url.URL
	SelfAdminURL() *url.URL

	DefaultReturnToURL() *url.URL

	SettingsURL() *url.URL
	LoginURL() *url.URL
	VerificationURL() *url.URL
	ErrorURL() *url.URL
	MultiFactorURL() *url.URL

	SessionLifespan() time.Duration
	SelfServiceSettingsRequestLifespan() time.Duration
	SelfServiceVerificationRequestLifespan() time.Duration
	SelfServiceLoginRequestLifespan() time.Duration
	SelfServiceRegistrationRequestLifespan() time.Duration

	SelfServiceStrategy(strategy string) *SelfServiceStrategy
	SelfServiceLoginBeforeHooks() []SelfServiceHook
	SelfServiceRegistrationBeforeHooks() []SelfServiceHook
	SelfServiceLoginAfterHooks(strategy string) []SelfServiceHook
	SelfServiceLoginReturnTo(strategy string) *url.URL
	SelfServiceRegistrationAfterHooks(strategy string) []SelfServiceHook
	SelfServiceRegistrationReturnTo(strategy string) *url.URL
	SelfServiceSettingsAfterHooks(strategy string) []SelfServiceHook
	SelfServiceSettingsReturnTo(strategy string, defaultReturnTo *url.URL) *url.URL
	SelfServiceLogoutRedirectURL() *url.URL
	SelfServiceVerificationLinkLifespan() time.Duration
	SelfServicePrivilegedSessionMaxAge() time.Duration
	SelfServiceVerificationReturnTo() *url.URL

	CourierSMTPFrom() string
	CourierSMTPURL() *url.URL
	CourierTemplatesRoot() string

	DefaultIdentityTraitsSchemaURL() *url.URL
	IdentityTraitsSchemas() SchemaConfigs

	WhitelistedReturnToDomains() []url.URL

	RegisterURL() *url.URL

	HashersArgon2() *HasherArgon2Config

	TracingServiceName() string
	TracingProvider() string
	TracingJaegerConfig() *tracing.JaegerConfig

	IsInsecureDevMode() bool

	SessionSameSiteMode() http.SameSite
}

type SchemaConfig ¶

type SchemaConfig struct {
	ID  string `json:"id"`
	URL string `json:"url"`
}

type SchemaConfigs ¶

type SchemaConfigs []SchemaConfig

func (SchemaConfigs) FindSchemaByID ¶

func (s SchemaConfigs) FindSchemaByID(id string) (*SchemaConfig, error)

type SelfServiceHook ¶

type SelfServiceHook struct {
	Name   string          `json:"hook"`
	Config json.RawMessage `json:"config"`
}

type SelfServiceStrategy ¶

type SelfServiceStrategy struct {
	Enabled bool            `json:"enabled"`
	Config  json.RawMessage `json:"config"`
}

type ViperProvider ¶

type ViperProvider struct {
	// contains filtered or unexported fields
}

func NewViperProvider ¶

func NewViperProvider(l logrus.FieldLogger, dev bool) *ViperProvider

func (*ViperProvider) AdminListenOn ¶

func (p *ViperProvider) AdminListenOn() string

func (*ViperProvider) CourierSMTPFrom ¶

func (p *ViperProvider) CourierSMTPFrom() string

func (*ViperProvider) CourierSMTPURL ¶

func (p *ViperProvider) CourierSMTPURL() *url.URL

func (*ViperProvider) CourierTemplatesRoot ¶

func (p *ViperProvider) CourierTemplatesRoot() string

func (*ViperProvider) DSN ¶

func (p *ViperProvider) DSN() string

func (*ViperProvider) DefaultIdentityTraitsSchemaURL ¶

func (p *ViperProvider) DefaultIdentityTraitsSchemaURL() *url.URL

func (*ViperProvider) DefaultReturnToURL ¶

func (p *ViperProvider) DefaultReturnToURL() *url.URL

func (*ViperProvider) ErrorURL ¶

func (p *ViperProvider) ErrorURL() *url.URL

func (*ViperProvider) HashersArgon2 ¶

func (p *ViperProvider) HashersArgon2() *HasherArgon2Config

func (*ViperProvider) IdentityTraitsSchemas ¶

func (p *ViperProvider) IdentityTraitsSchemas() SchemaConfigs

func (*ViperProvider) IsInsecureDevMode ¶

func (p *ViperProvider) IsInsecureDevMode() bool

func (*ViperProvider) LoginURL ¶

func (p *ViperProvider) LoginURL() *url.URL

func (*ViperProvider) MultiFactorURL ¶

func (p *ViperProvider) MultiFactorURL() *url.URL

func (*ViperProvider) PublicListenOn ¶

func (p *ViperProvider) PublicListenOn() string

func (*ViperProvider) RegisterURL ¶

func (p *ViperProvider) RegisterURL() *url.URL

func (*ViperProvider) SelfAdminURL ¶

func (p *ViperProvider) SelfAdminURL() *url.URL

func (*ViperProvider) SelfPublicURL ¶

func (p *ViperProvider) SelfPublicURL() *url.URL

func (*ViperProvider) SelfServiceLoginAfterHooks ¶

func (p *ViperProvider) SelfServiceLoginAfterHooks(strategy string) []SelfServiceHook

func (*ViperProvider) SelfServiceLoginBeforeHooks ¶

func (p *ViperProvider) SelfServiceLoginBeforeHooks() []SelfServiceHook

func (*ViperProvider) SelfServiceLoginRequestLifespan ¶

func (p *ViperProvider) SelfServiceLoginRequestLifespan() time.Duration

func (*ViperProvider) SelfServiceLoginReturnTo ¶

func (p *ViperProvider) SelfServiceLoginReturnTo(strategy string) *url.URL

func (*ViperProvider) SelfServiceLogoutRedirectURL ¶

func (p *ViperProvider) SelfServiceLogoutRedirectURL() *url.URL

func (*ViperProvider) SelfServicePrivilegedSessionMaxAge ¶

func (p *ViperProvider) SelfServicePrivilegedSessionMaxAge() time.Duration

func (*ViperProvider) SelfServiceRegistrationAfterHooks ¶

func (p *ViperProvider) SelfServiceRegistrationAfterHooks(strategy string) []SelfServiceHook

func (*ViperProvider) SelfServiceRegistrationBeforeHooks ¶

func (p *ViperProvider) SelfServiceRegistrationBeforeHooks() []SelfServiceHook

func (*ViperProvider) SelfServiceRegistrationRequestLifespan ¶

func (p *ViperProvider) SelfServiceRegistrationRequestLifespan() time.Duration

func (*ViperProvider) SelfServiceRegistrationReturnTo ¶

func (p *ViperProvider) SelfServiceRegistrationReturnTo(strategy string) *url.URL

func (*ViperProvider) SelfServiceSettingsAfterHooks ¶

func (p *ViperProvider) SelfServiceSettingsAfterHooks(strategy string) []SelfServiceHook

func (*ViperProvider) SelfServiceSettingsRequestLifespan ¶

func (p *ViperProvider) SelfServiceSettingsRequestLifespan() time.Duration

func (*ViperProvider) SelfServiceSettingsReturnTo ¶

func (p *ViperProvider) SelfServiceSettingsReturnTo(strategy string, defaultReturnTo *url.URL) *url.URL

func (*ViperProvider) SelfServiceStrategy ¶

func (p *ViperProvider) SelfServiceStrategy(strategy string) *SelfServiceStrategy

func (*ViperProvider) SelfServiceVerificationLinkLifespan ¶

func (p *ViperProvider) SelfServiceVerificationLinkLifespan() time.Duration

func (*ViperProvider) SelfServiceVerificationRequestLifespan ¶

func (p *ViperProvider) SelfServiceVerificationRequestLifespan() time.Duration

SelfServiceVerificationRequestLifespan defines the lifespan of a verification request (the ui interaction). This does not specify the lifespan of a verification code!

func (*ViperProvider) SelfServiceVerificationReturnTo ¶

func (p *ViperProvider) SelfServiceVerificationReturnTo() *url.URL

func (*ViperProvider) SessionLifespan ¶

func (p *ViperProvider) SessionLifespan() time.Duration

func (*ViperProvider) SessionSameSiteMode ¶

func (p *ViperProvider) SessionSameSiteMode() http.SameSite

func (*ViperProvider) SessionSecrets ¶

func (p *ViperProvider) SessionSecrets() [][]byte

func (*ViperProvider) SettingsURL ¶

func (p *ViperProvider) SettingsURL() *url.URL

func (*ViperProvider) TracingJaegerConfig ¶

func (p *ViperProvider) TracingJaegerConfig() *tracing.JaegerConfig

func (*ViperProvider) TracingProvider ¶

func (p *ViperProvider) TracingProvider() string

func (*ViperProvider) TracingServiceName ¶

func (p *ViperProvider) TracingServiceName() string

func (*ViperProvider) VerificationURL ¶

func (p *ViperProvider) VerificationURL() *url.URL

func (*ViperProvider) WhitelistedReturnToDomains ¶

func (p *ViperProvider) WhitelistedReturnToDomains() (us []url.URL)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL