identity

package
v0.4.2-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 8, 2020 License: Apache-2.0 Imports: 36 Imported by: 1

Documentation

Overview

nolint:deadcode,unused

nolint:deadcode,unused

Index

Constants

View Source 
const (
	VerifiableAddressTypeEmail VerifiableAddressType = "email"

	VerifiableAddressStatusPending   VerifiableAddressStatus = "pending"
	VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed"
)
View Source 
const IdentitiesPath = "/identities"

Variables

View Source 
var ErrProtectedFieldModified = herodot.ErrForbidden.
	WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)

Functions

func CredentialsEqual 

func CredentialsEqual(a, b map[CredentialsType]Credentials) bool

func ManagerAllowWriteProtectedTraits 

func ManagerAllowWriteProtectedTraits(options *managerOptions)

func ManagerExposeValidationErrors 

func ManagerExposeValidationErrors(options *managerOptions)

func TestPool 

func TestPool(p PrivilegedPool) func(t *testing.T)

Types

type ActiveCredentialsCounter 

type ActiveCredentialsCounter interface {
	ID() CredentialsType
	CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
}

swagger:ignore

type ActiveCredentialsCounterStrategyProvider 

type ActiveCredentialsCounterStrategyProvider interface {
	ActiveCredentialsCounterStrategies() []ActiveCredentialsCounter
}

swagger:ignore

type Configuration 

type Configuration interface {
	SelfAdminURL() *url.URL
	DefaultIdentityTraitsSchemaURL() *url.URL
}

type CredentialIdentifier 

type CredentialIdentifier struct {
	ID         uuid.UUID `db:"id"`
	Identifier string    `db:"identifier"`
	// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
}

swagger:ignore

func (CredentialIdentifier) TableName 

func (c CredentialIdentifier) TableName() string

type CredentialIdentifierCollection 

type CredentialIdentifierCollection []CredentialIdentifier

swagger:ignore

func (CredentialIdentifierCollection) TableName 

func (c CredentialIdentifierCollection) TableName() string

type Credentials 

type Credentials struct {
	ID uuid.UUID `json:"-" db:"id"`

	CredentialTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`

	// Type discriminates between different types of credentials.
	Type CredentialsType `json:"type" db:"-"`

	// Identifiers represents a list of unique identifiers this credential type matches.
	Identifiers []string `json:"identifiers" db:"-"`

	// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, or the email
	// for passwordless authentication.
	Config sqlxx.JSONRawMessage `json:"config" db:"config"`

	IdentityID                     uuid.UUID                      `json:"-" faker:"-" db:"identity_id"`
	CredentialIdentifierCollection CredentialIdentifierCollection `json:"-" faker:"-" has_many:"identity_credential_identifiers" fk_id:"identity_credential_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
}

Credentials represents a specific credential type

swagger:model identityCredentials

func (Credentials) TableName 

func (c Credentials) TableName() string

type CredentialsCollection 

type CredentialsCollection []Credentials

swagger:ignore

func (CredentialsCollection) TableName 

func (c CredentialsCollection) TableName() string

type CredentialsType 

type CredentialsType string

CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on. 

const (
	CredentialsTypePassword CredentialsType = "password"
	CredentialsTypeOIDC     CredentialsType = "oidc"
)

func (CredentialsType) String 

func (c CredentialsType) String() string

type CredentialsTypeTable 

type CredentialsTypeTable struct {
	ID   uuid.UUID       `json:"-" db:"id"`
	Name CredentialsType `json:"-" db:"name"`
}

swagger:ignore

func (CredentialsTypeTable) TableName 

func (c CredentialsTypeTable) TableName() string

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler(
	c Configuration,
	r handlerDependencies,
) *Handler

func (*Handler) RegisterAdminRoutes 

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

type HandlerProvider 

type HandlerProvider interface {
	IdentityHandler() *Handler
}

type Identity 

type Identity struct {

	// ID is a unique identifier chosen by you. It can be a URN (e.g. "arn:aws:iam::123456789012"),
	// a stringified integer (e.g. "123456789012"), a uuid (e.g. "9f425a8d-7efc-4768-8f23-7647a74fdf13"). It is up to you
	// to pick a format you'd like. It is discouraged to use a personally identifiable value here, like the username
	// or the email, as this field is immutable.
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	Credentials map[CredentialsType]Credentials `json:"-" faker:"-" db:"-"`

	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id" faker:"-" db:"schema_id"`

	// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.
	//
	// format: url
	SchemaURL string `json:"schema_url" faker:"-" db:"-"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits Traits `json:"traits" faker:"-" db:"traits"`

	// VerifiableAddresses contains all the addresses that can be verified by the user.
	VerifiableAddresses []VerifiableAddress `json:"verifiable_addresses,omitempty" faker:"-" has_many:"identity_verifiable_addresses" fk_id:"identity_id"`

	// RecoveryAddresses contains all the addresses that can be used to recover an identity.
	RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id"`

	// CredentialsCollection is a helper struct field for gobuffalo.pop.
	CredentialsCollection CredentialsCollection `json:"-" faker:"-" has_many:"identity_credentials" fk_id:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
	// contains filtered or unexported fields
}

Identity represents an ORY Kratos identity

An identity can be a real human, a service, an IoT device - everything that can be described as an "actor" in a system.

swagger:model identity

func NewIdentity 

func NewIdentity(traitsSchemaID string) *Identity

func (*Identity) CopyWithoutCredentials 

func (i *Identity) CopyWithoutCredentials() *Identity

func (*Identity) GetCredentials 

func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)

func (*Identity) ParseCredentials 

func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)

func (*Identity) SetCredentials 

func (i *Identity) SetCredentials(t CredentialsType, c Credentials)

func (*Identity) SetSecurityAnswers 

func (i *Identity) SetSecurityAnswers(answers map[string]string)

func (Identity) TableName 

func (i Identity) TableName() string

type ManagementProvider 

type ManagementProvider interface {
	IdentityManager() *Manager
}

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(r managerDependencies, c configuration.Provider) *Manager

func (*Manager) Create 

func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error

func (*Manager) RefreshVerifyAddress 

func (m *Manager) RefreshVerifyAddress(ctx context.Context, address *VerifiableAddress) error

func (*Manager) Update 

func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) error

func (*Manager) UpdateTraits 

func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) error

type ManagerOption 

type ManagerOption func(*managerOptions)

type Pool 

type Pool interface {
	ListIdentities(ctx context.Context, limit, offset int) ([]Identity, error)

	// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend
	// connectivity is broken.
	GetIdentity(context.Context, uuid.UUID) (*Identity, error)

	// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindVerifiableAddressByValue(ctx context.Context, via VerifiableAddressType, address string) (*VerifiableAddress, error)

	// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindRecoveryAddressByValue(ctx context.Context, via RecoveryAddressType, address string) (*RecoveryAddress, error)
}

type PoolProvider 

type PoolProvider interface {
	IdentityPool() Pool
}

type PrivilegedPool 

type PrivilegedPool interface {
	Pool

	// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.
	FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)

	// Delete removes an identity by its id. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	DeleteIdentity(context.Context, uuid.UUID) error

	// VerifyAddress verifies an address by the given code.
	VerifyAddress(ctx context.Context, code string) error

	// UpdateVerifiableAddress
	UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error

	// Create creates an identity. It is capable of setting credentials without encoding. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	CreateIdentity(context.Context, *Identity) error

	// UpdateIdentity updates an identity including its confidential / privileged / protected data.
	UpdateIdentity(context.Context, *Identity) error

	// GetClassified returns the identity including it's raw credentials. This should only be used internally.
	GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)
}

type PrivilegedPoolProvider 

type PrivilegedPoolProvider interface {
	PrivilegedIdentityPool() PrivilegedPool
}

type RecoveryAddress 

type RecoveryAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Via RecoveryAddressType `json:"via" db:"via"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
}

swagger:model recoveryIdentityAddress

func NewRecoveryEmailAddress 

func NewRecoveryEmailAddress(
	value string,
	identity uuid.UUID,
) *RecoveryAddress

func (RecoveryAddress) TableName 

func (a RecoveryAddress) TableName() string

type RecoveryAddressStatus 

type RecoveryAddressStatus string

RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type RecoveryAddressType 

type RecoveryAddressType string

RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema. 

const (
	RecoveryAddressTypeEmail RecoveryAddressType = "email"
)

func (RecoveryAddressType) HTMLFormInputType 

func (v RecoveryAddressType) HTMLFormInputType() string

type Registry 

type Registry interface {
	IdentityPool() Pool
}

type SchemaExtensionCredentials 

type SchemaExtensionCredentials struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionCredentials 

func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials

func (*SchemaExtensionCredentials) Finish 

func (r *SchemaExtensionCredentials) Finish() error

func (*SchemaExtensionCredentials) Run 

func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionRecovery 

type SchemaExtensionRecovery struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionRecovery 

func NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery

func (*SchemaExtensionRecovery) Finish 

func (r *SchemaExtensionRecovery) Finish() error

func (*SchemaExtensionRecovery) Run 

func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionVerification 

type SchemaExtensionVerification struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionVerification 

func NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification

func (*SchemaExtensionVerification) Finish 

func (r *SchemaExtensionVerification) Finish() error

func (*SchemaExtensionVerification) Run 

func (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type Traits 

type Traits json.RawMessage

func (Traits) MarshalJSON 

func (t Traits) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*Traits) Scan 

func (t *Traits) Scan(value interface{}) error

func (*Traits) String 

func (t *Traits) String() string

func (*Traits) UnmarshalJSON 

func (t *Traits) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (Traits) Value 

func (t Traits) Value() (driver.Value, error)

type ValidationProvider 

type ValidationProvider interface {
	IdentityValidator() *Validator
}

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator 

func NewValidator(d validatorDependencies, c configuration.Provider) *Validator

func (*Validator) Validate 

func (v *Validator) Validate(i *Identity) error

func (*Validator) ValidateWithRunner 

func (v *Validator) ValidateWithRunner(i *Identity, runners ...schema.Extension) error

type VerifiableAddress 

type VerifiableAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Verified bool `json:"verified" db:"verified"`

	// required: true
	Via VerifiableAddressType `json:"via" db:"via"`

	VerifiedAt *time.Time `json:"verified_at" faker:"-" db:"verified_at"`

	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
	// Code is the verification code, never to be shared as JSON
	Code   string                  `json:"-" db:"code"`
	Status VerifiableAddressStatus `json:"-" db:"status"`
}

swagger:model verifiableIdentityAddress

func NewVerifiableEmailAddress 

func NewVerifiableEmailAddress(
	value string,
	identity uuid.UUID,
	expiresIn time.Duration,
) (*VerifiableAddress, error)

func (VerifiableAddress) TableName 

func (a VerifiableAddress) TableName() string

type VerifiableAddressStatus 

type VerifiableAddressStatus string

VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type VerifiableAddressType 

type VerifiableAddressType string

VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.

func (VerifiableAddressType) HTMLFormInputType 

func (v VerifiableAddressType) HTMLFormInputType() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.