login

package
v0.8.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2021 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RouteInitBrowserFlow = "/self-service/login/browser"
	RouteInitAPIFlow     = "/self-service/login/api"

	RouteGetFlow = "/self-service/login/flows"

	RouteSubmitFlow = "/self-service/login"
)

Variables

View Source
var (
	ErrHookAbortFlow      = errors.New("aborted login hook execution")
	ErrAlreadyLoggedIn    = herodot.ErrBadRequest.WithID(text.ErrIDAlreadyLoggedIn).WithError("you are already logged in").WithReason("A valid session was detected and thus login is not possible. Did you forget to set `?refresh=true`?")
	ErrAddressNotVerified = herodot.ErrBadRequest.WithID(text.ErrIDAddressNotVerified).WithError("your email or phone address is not yet verified").WithReason("Your account's email or phone address are not verified yet. Please check your email or phone inbox or re-request verification.")

	// ErrSessionHasAALAlready is returned when one attempts to upgrade the AAL of an active session which already has that AAL.
	ErrSessionHasAALAlready = herodot.ErrUnauthorized.WithID(text.ErrIDSessionHasAALAlready).WithError("session has the requested authenticator assurance level already").WithReason("The session has the requested AAL already.")

	// ErrSessionRequiredForHigherAAL is returned when someone requests AAL2 or AAL3 even though no active session exists yet.
	ErrSessionRequiredForHigherAAL = herodot.ErrUnauthorized.WithID(text.ErrIDSessionRequiredForHigherAAL).WithError("aal2 and aal3 can only be requested if a session exists already").WithReason("You can not requested a higher AAL (AAL2/AAL3) without an active session.")
)

Functions

func CheckAAL

func CheckAAL(f *Flow, expected identity.AuthenticatorAssuranceLevel) error

func PostHookExecutorNames

func PostHookExecutorNames(e []PostHookExecutor) []string

Types

type APIFlowResponse

type APIFlowResponse struct {
	// The Session Token
	//
	// A session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization
	// Header:
	//
	// 		Authorization: bearer ${session-token}
	//
	// The session token is only issued for API flows, not for Browser flows!
	Token string `json:"session_token,omitempty"`

	// The Session
	//
	// The session contains information about the user, the session device, and so on.
	// This is only available for API flows, not for Browser flows!
	//
	// required: true
	Session *session.Session `json:"session"`
}

The Response for Login Flows via API

swagger:model successfulSelfServiceLoginWithoutBrowser

type ErrorHandler

type ErrorHandler struct {
	// contains filtered or unexported fields
}

func NewFlowErrorHandler

func NewFlowErrorHandler(d errorHandlerDependencies) *ErrorHandler

func (*ErrorHandler) PrepareReplacementForExpiredFlow

func (s *ErrorHandler) PrepareReplacementForExpiredFlow(w http.ResponseWriter, r *http.Request, f *Flow, err error) (*flow.ExpiredError, error)

func (*ErrorHandler) WriteFlowError

func (s *ErrorHandler) WriteFlowError(w http.ResponseWriter, r *http.Request, f *Flow, group node.Group, err error)

type ErrorHandlerProvider

type ErrorHandlerProvider interface{ LoginFlowErrorHandler() *ErrorHandler }

type Flow

type Flow struct {
	// ID represents the flow's unique ID. When performing the login flow, this
	// represents the id in the login UI's query parameter: http://<selfservice.flows.login.ui_url>/?flow=<flow_id>
	//
	// required: true
	ID  uuid.UUID `json:"id" faker:"-" db:"id" rw:"r"`
	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`

	// Type represents the flow's type which can be either "api" or "browser", depending on the flow interaction.
	//
	// required: true
	Type flow.Type `json:"type" db:"type" faker:"flow_type"`

	// ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,
	// a new flow has to be initiated.
	//
	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IssuedAt is the time (UTC) when the flow started.
	//
	// required: true
	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`

	// InternalContext stores internal context used by internals - for example MFA keys.
	InternalContext sqlxx.JSONRawMessage `db:"internal_context" json:"-" faker:"-"`

	// RequestURL is the initial URL that was requested from Ory Kratos. It can be used
	// to forward information contained in the URL's path or query for example.
	//
	// required: true
	RequestURL string `json:"request_url" db:"request_url"`

	// ReturnTo contains the requested return_to URL.
	ReturnTo string `json:"return_to,omitempty" db:"-"`

	// The active login method
	//
	// If set contains the login method used. If the flow is new, it is unset.
	Active identity.CredentialsType `json:"active,omitempty" db:"active_method"`

	// UI contains data which must be shown in the user interface.
	//
	// required: true
	UI *container.Container `json:"ui" db:"ui"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`

	// CSRFToken contains the anti-csrf token associated with this flow. Only set for browser flows.
	CSRFToken string `json:"-" db:"csrf_token"`

	// Refresh stores whether this login flow should enforce re-authentication.
	Refresh bool `json:"refresh" db:"forced"`

	// RequestedAAL stores if the flow was requested to update the authenticator assurance level.
	//
	// This value can be one of "aal1", "aal2", "aal3".
	RequestedAAL identity.AuthenticatorAssuranceLevel `json:"requested_aal" faker:"len=4" db:"requested_aal"`
}

Login Flow

This object represents a login flow. A login flow is initiated at the "Initiate Login API / Browser Flow" endpoint by a client.

Once a login flow is completed successfully, a session cookie or session token will be issued.

swagger:model selfServiceLoginFlow

func NewFlow

func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Request, flowType flow.Type) (*Flow, error)

func (*Flow) AppendTo

func (f *Flow) AppendTo(src *url.URL) *url.URL

func (*Flow) EnsureInternalContext

func (f *Flow) EnsureInternalContext()

func (Flow) GetID

func (f Flow) GetID() uuid.UUID

func (Flow) GetNID

func (f Flow) GetNID() uuid.UUID

func (*Flow) GetRequestURL

func (f *Flow) GetRequestURL() string

func (*Flow) GetType

func (f *Flow) GetType() flow.Type

func (*Flow) IsForced

func (f *Flow) IsForced() bool

func (Flow) MarshalJSON

func (f Flow) MarshalJSON() ([]byte, error)

func (Flow) TableName

func (f Flow) TableName(ctx context.Context) string

func (*Flow) Valid

func (f *Flow) Valid() error

func (Flow) WhereID

func (f Flow) WhereID(ctx context.Context, alias string) string

type FlowPersistenceProvider

type FlowPersistenceProvider interface {
	LoginFlowPersister() FlowPersister
}

type FlowPersister

type FlowPersister interface {
	UpdateLoginFlow(context.Context, *Flow) error
	CreateLoginFlow(context.Context, *Flow) error
	GetLoginFlow(context.Context, uuid.UUID) (*Flow, error)
	ForceLoginFlow(ctx context.Context, id uuid.UUID) error
}

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(d handlerDependencies) *Handler

func (*Handler) FromOldFlow

func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) (*Flow, error)

func (*Handler) NewLoginFlow

func (h *Handler) NewLoginFlow(w http.ResponseWriter, r *http.Request, ft flow.Type) (*Flow, error)

func (*Handler) RegisterAdminRoutes

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

func (*Handler) RegisterPublicRoutes

func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)

type HandlerProvider

type HandlerProvider interface {
	LoginHandler() *Handler
}

type HookExecutor

type HookExecutor struct {
	// contains filtered or unexported fields
}

func NewHookExecutor

func NewHookExecutor(d executorDependencies) *HookExecutor

func (*HookExecutor) PostLoginHook

func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a *Flow, i *identity.Identity, s *session.Session) error

func (*HookExecutor) PreLoginHook

func (e *HookExecutor) PreLoginHook(w http.ResponseWriter, r *http.Request, a *Flow) error

type HookExecutorProvider

type HookExecutorProvider interface {
	LoginHookExecutor() *HookExecutor
}

type HooksProvider

type HooksProvider interface {
	PreLoginHooks(ctx context.Context) []PreHookExecutor
	PostLoginHooks(ctx context.Context, credentialsType identity.CredentialsType) []PostHookExecutor
}

type PostHookExecutor

type PostHookExecutor interface {
	ExecuteLoginPostHook(w http.ResponseWriter, r *http.Request, a *Flow, s *session.Session) error
}

type PreHookExecutor

type PreHookExecutor interface {
	ExecuteLoginPreHook(w http.ResponseWriter, r *http.Request, a *Flow) error
}

type Strategies

type Strategies []Strategy

func (Strategies) MustStrategy

func (s Strategies) MustStrategy(id identity.CredentialsType) Strategy

func (Strategies) RegisterPublicRoutes

func (s Strategies) RegisterPublicRoutes(r *x.RouterPublic)

func (Strategies) Strategy

func (s Strategies) Strategy(id identity.CredentialsType) (Strategy, error)

type Strategy

type Strategy interface {
	ID() identity.CredentialsType
	NodeGroup() node.Group
	RegisterLoginRoutes(*x.RouterPublic)
	PopulateLoginMethod(r *http.Request, requestedAAL identity.AuthenticatorAssuranceLevel, sr *Flow) error
	Login(w http.ResponseWriter, r *http.Request, f *Flow, ss *session.Session) (i *identity.Identity, err error)
}

type StrategyProvider

type StrategyProvider interface {
	AllLoginStrategies() Strategies
	LoginStrategies(ctx context.Context) Strategies
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL