Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateCode() string
- func MaskAddress(input string) string
- func SetDefaultFlowState(f flow.Flow, resend string)
- type Address
- type CreateLoginCodeParams
- type CreateRecoveryCodeParams
- type CreateRegistrationCodeParams
- type CreateVerificationCodeParams
- type FlowMethod
- type LoginCode
- type LoginCodePersistenceProvider
- type LoginCodePersister
- type RecoveryCode
- type RecoveryCodePersistenceProvider
- type RecoveryCodePersister
- type RecoveryCodeType
- type RegistrationCode
- type RegistrationCodePersistenceProvider
- type RegistrationCodePersister
- type RetryOption
- type Sender
- func (s *Sender) SendCode(ctx context.Context, f flow.Flow, id *identity.Identity, addresses ...Address) error
- func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via identity.VerifiableAddressType, ...) error
- func (s *Sender) SendRecoveryCodeTo(ctx context.Context, i *identity.Identity, codeString string, ...) error
- func (s *Sender) SendVerificationCode(ctx context.Context, f *verification.Flow, via string, to string) error
- func (s *Sender) SendVerificationCodeTo(ctx context.Context, f *verification.Flow, i *identity.Identity, ...) error
- type SenderProvider
- type Strategy
- func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod
- func (s *Strategy) CountActiveFirstFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)
- func (s *Strategy) CountActiveMultiFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)
- func (s *Strategy) HandleLoginError(r *http.Request, f *login.Flow, body *updateLoginFlowWithCodeMethod, err error) error
- func (s *Strategy) HandleRecoveryError(w http.ResponseWriter, r *http.Request, flow *recovery.Flow, ...) error
- func (s *Strategy) HandleRegistrationError(ctx context.Context, r *http.Request, f *registration.Flow, ...) error
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, sess *session.Session) (_ *identity.Identity, err error)
- func (s *Strategy) NewCodeUINodes(r *http.Request, f flow.Flow, data any) error
- func (s *Strategy) NodeGroup() node.UiNodeGroup
- func (s *Strategy) PopulateLoginMethodFirstFactor(r *http.Request, f *login.Flow) error
- func (s *Strategy) PopulateLoginMethodFirstFactorRefresh(r *http.Request, f *login.Flow) error
- func (s *Strategy) PopulateLoginMethodIdentifierFirstCredentials(r *http.Request, f *login.Flow, opts ...login.FormHydratorModifier) error
- func (s *Strategy) PopulateLoginMethodIdentifierFirstIdentification(r *http.Request, f *login.Flow) error
- func (s *Strategy) PopulateLoginMethodSecondFactor(r *http.Request, f *login.Flow) error
- func (s *Strategy) PopulateLoginMethodSecondFactorRefresh(r *http.Request, f *login.Flow) error
- func (s *Strategy) PopulateMethod(r *http.Request, f flow.Flow) error
- func (s *Strategy) PopulateRecoveryMethod(r *http.Request, f *recovery.Flow) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, rf *registration.Flow) error
- func (s *Strategy) PopulateVerificationMethod(r *http.Request, f *verification.Flow) error
- func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.Flow) (err error)
- func (s *Strategy) RecoveryStrategyID() string
- func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, ...) (err error)
- func (s *Strategy) RegisterAdminRecoveryRoutes(admin *x.RouterAdmin)
- func (s *Strategy) RegisterAdminVerificationRoutes(admin *x.RouterAdmin)
- func (s *Strategy) RegisterLoginRoutes(*x.RouterPublic)
- func (s *Strategy) RegisterPublicRecoveryRoutes(public *x.RouterPublic)
- func (s *Strategy) RegisterPublicVerificationRoutes(public *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(*x.RouterPublic)
- func (s *Strategy) SendVerificationEmail(ctx context.Context, f *verification.Flow, i *identity.Identity, ...) (err error)
- func (s *Strategy) VerificationStrategyID() string
- func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verification.Flow) (err error)
- type VerificationCode
- type VerificationCodePersistenceProvider
- type VerificationCodePersister
Constants ¶
View Source
const CodeLength = 6
View Source
const (
RouteAdminCreateRecoveryCode = "/recovery/code"
)
Variables ¶
View Source
var ( ErrCodeNotFound = herodot.ErrNotFound.WithReasonf("unknown code") ErrCodeAlreadyUsed = herodot.ErrBadRequest.WithReasonf("The code was already used. Please request another code.") ErrCodeSubmittedTooOften = herodot.ErrBadRequest.WithReasonf("The request was submitted too often. Please request another code.") )
View Source
var ErrUnknownAddress = herodot.ErrNotFound.WithReason("recovery requested for unknown address")
Functions ¶
func GenerateCode ¶
func GenerateCode() string
func MaskAddress ¶ added in v1.1.0
MaskAddress masks an address by replacing the middle part with asterisks.
If the address contains an @, the part before the @ is masked by taking the first 2 characters and adding 4 * (if the part before the @ is less than 2 characters the full value is used). Otherwise, the first 3 characters and last two characters are taken and 4 * are added in between.
Examples: - foo@bar -> fo****@bar - foobar -> fo****ar - f@bar -> f@bar - fo@bar -> fo****@bar - +12345678910 -> +12****10
func SetDefaultFlowState ¶ added in v1.1.0
Types ¶
type Address ¶ added in v1.1.0
type Address struct {
To string
Via identity.CodeChannel
}
func FindAllIdentifiers ¶ added in v1.3.0
type CreateLoginCodeParams ¶ added in v1.1.0
type CreateLoginCodeParams struct {
// Address is the email address or phone number the code should be sent to.
// required: true
Address string
// AddressType is the type of the address (email or phone number).
// required: true
AddressType identity.CodeChannel
// Code represents the recovery code
// required: true
RawCode string
// ExpiresAt is the time (UTC) when the code expires.
// required: true
ExpiresIn time.Duration
// FlowID is a helper struct field for gobuffalo.pop.
// required: true
FlowID uuid.UUID
// IdentityID is the identity that this code is for
// required: true
IdentityID uuid.UUID
}
swagger:ignore
type CreateRecoveryCodeParams ¶
type CreateRecoveryCodeParams struct {
// Code represents the recovery code
RawCode string
// CodeType is the type of the code - either "admin" or "selfservice"
CodeType RecoveryCodeType
// ExpiresAt is the time (UTC) when the code expires.
// required: true
ExpiresIn time.Duration
// RecoveryAddressID is a helper struct field for gobuffalo.pop.
RecoveryAddress *identity.RecoveryAddress
// FlowID is a helper struct field for gobuffalo.pop.
FlowID uuid.UUID
IdentityID uuid.UUID
}
type CreateRegistrationCodeParams ¶ added in v1.1.0
type CreateRegistrationCodeParams struct {
// Address is the email address or phone number the code should be sent to.
// required: true
Address string
// AddressType is the type of the address (email or phone number).
// required: true
AddressType identity.CodeChannel
// Code represents the recovery code
// required: true
RawCode string
// ExpiresAt is the time (UTC) when the code expires.
// required: true
ExpiresIn time.Duration
// FlowID is a helper struct field for gobuffalo.pop.
// required: true
FlowID uuid.UUID
}
swagger:ignore
type CreateVerificationCodeParams ¶
type CreateVerificationCodeParams struct {
// Code represents the recovery code
RawCode string
// ExpiresIn is the lifetime of the code
ExpiresIn time.Duration
// VerifiableAddress is the address to be verified
VerifiableAddress *identity.VerifiableAddress
// FlowID is the id of the current verification flow
FlowID uuid.UUID
}
type FlowMethod ¶
FlowMethod contains the configuration for this selfservice strategy.
type LoginCode ¶ added in v1.1.0
type LoginCode struct {
// ID represents the tokens's unique ID.
//
// required: true
// type: string
// format: uuid
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// Address represents the address that the code was sent to.
// this can be an email address or a phone number.
Address string `json:"-" db:"address"`
// AddressType represents the type of the address
// this can be an email address or a phone number.
AddressType identity.CodeChannel `json:"-" db:"address_type"`
// CodeHMAC represents the HMACed value of the verification code
CodeHMAC string `json:"-" db:"code"`
// UsedAt is the timestamp of when the code was used or null if it wasn't yet
UsedAt sql.NullTime `json:"-" db:"used_at"`
// ExpiresAt is the time (UTC) when the token expires.
// required: true
ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
// IssuedAt is the time (UTC) when the token was issued.
// required: true
IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
// FlowID is a helper struct field for gobuffalo.pop.
FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_login_flow_id"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
IdentityID uuid.UUID `json:"identity_id" faker:"-" db:"identity_id"`
}
swagger:ignore
func (*LoginCode) GetHMACCode ¶ added in v1.1.0
type LoginCodePersistenceProvider ¶ added in v1.1.0
type LoginCodePersistenceProvider interface {
LoginCodePersister() LoginCodePersister
}
type LoginCodePersister ¶ added in v1.1.0
type LoginCodePersister interface {
CreateLoginCode(context.Context, *CreateLoginCodeParams) (*LoginCode, error)
UseLoginCode(ctx context.Context, flowID uuid.UUID, identityID uuid.UUID, code string) (*LoginCode, error)
DeleteLoginCodesOfFlow(ctx context.Context, flowID uuid.UUID) error
GetUsedLoginCode(ctx context.Context, flowID uuid.UUID) (*LoginCode, error)
}
type RecoveryCode ¶
type RecoveryCode struct {
// ID represents the code's unique ID.
//
// required: true
// type: string
// format: uuid
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// CodeHMAC represents the HMACed value of the recovery code
CodeHMAC string `json:"-" db:"code"`
// UsedAt is the timestamp of when the code was used or null if it wasn't yet
UsedAt sql.NullTime `json:"-" db:"used_at"`
// RecoveryAddress links this code to a recovery address.
// required: true
RecoveryAddress *identity.RecoveryAddress `json:"recovery_address" belongs_to:"identity_recovery_addresses" fk_id:"RecoveryAddressID"`
// CodeType is the type of the code - either "admin" or "selfservice"
CodeType RecoveryCodeType `json:"-" faker:"-" db:"code_type"`
// ExpiresAt is the time (UTC) when the code expires.
// required: true
ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
// IssuedAt is the time (UTC) when the code was issued.
// required: true
IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
// RecoveryAddressID is a helper struct field for gobuffalo.pop.
RecoveryAddressID uuid.NullUUID `json:"-" faker:"-" db:"identity_recovery_address_id"`
// FlowID is a helper struct field for gobuffalo.pop.
FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_recovery_flow_id"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
IdentityID uuid.UUID `json:"identity_id" faker:"-" db:"identity_id"`
}
func (*RecoveryCode) GetHMACCode ¶ added in v1.1.0
func (f *RecoveryCode) GetHMACCode() string
func (*RecoveryCode) GetID ¶ added in v1.1.0
func (f *RecoveryCode) GetID() uuid.UUID
func (*RecoveryCode) Validate ¶ added in v1.1.0
func (f *RecoveryCode) Validate() error
type RecoveryCodePersistenceProvider ¶
type RecoveryCodePersistenceProvider interface {
RecoveryCodePersister() RecoveryCodePersister
}
type RecoveryCodePersister ¶
type RecoveryCodeType ¶
type RecoveryCodeType int
const ( RecoveryCodeTypeAdmin RecoveryCodeType = iota + 1 RecoveryCodeTypeSelfService )
type RegistrationCode ¶ added in v1.1.0
type RegistrationCode struct {
// ID represents the tokens's unique ID.
//
// required: true
// type: string
// format: uuid
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// Address represents the address that the code was sent to.
// this can be an email address or a phone number.
Address string `json:"-" db:"address"`
// AddressType represents the type of the address
// this can be an email address or a phone number.
AddressType identity.CodeChannel `json:"-" db:"address_type"`
// CodeHMAC represents the HMACed value of the verification code
CodeHMAC string `json:"-" db:"code"`
// UsedAt is the timestamp of when the code was used or null if it wasn't yet
UsedAt sql.NullTime `json:"-" db:"used_at"`
// ExpiresAt is the time (UTC) when the token expires.
// required: true
ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
// IssuedAt is the time (UTC) when the token was issued.
// required: true
IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
// FlowID is a helper struct field for gobuffalo.pop.
FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_registration_flow_id"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
swagger:ignore
func (*RegistrationCode) GetHMACCode ¶ added in v1.1.0
func (f *RegistrationCode) GetHMACCode() string
func (*RegistrationCode) GetID ¶ added in v1.1.0
func (f *RegistrationCode) GetID() uuid.UUID
func (RegistrationCode) TableName ¶ added in v1.1.0
func (RegistrationCode) TableName(context.Context) string
func (*RegistrationCode) Validate ¶ added in v1.1.0
func (f *RegistrationCode) Validate() error
type RegistrationCodePersistenceProvider ¶ added in v1.1.0
type RegistrationCodePersistenceProvider interface {
RegistrationCodePersister() RegistrationCodePersister
}
type RegistrationCodePersister ¶ added in v1.1.0
type RegistrationCodePersister interface {
CreateRegistrationCode(context.Context, *CreateRegistrationCodeParams) (*RegistrationCode, error)
UseRegistrationCode(ctx context.Context, flowID uuid.UUID, code string, addresses ...string) (*RegistrationCode, error)
DeleteRegistrationCodesOfFlow(ctx context.Context, flowID uuid.UUID) error
GetUsedRegistrationCode(ctx context.Context, flowID uuid.UUID) (*RegistrationCode, error)
}
type RetryOption ¶ added in v1.1.0
type RetryOption func(*retry)
func RetryWithError ¶ added in v1.1.0
func RetryWithError(err error) RetryOption
func RetryWithMessage ¶ added in v1.1.0
func RetryWithMessage(msg *text.Message) RetryOption
type Sender ¶
type Sender struct {
// contains filtered or unexported fields
}
func (*Sender) SendRecoveryCode ¶
func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via identity.VerifiableAddressType, to string) error
SendRecoveryCode sends a recovery code to the specified address
If the address does not exist in the store and dispatching invalid emails is enabled (CourierEnableInvalidDispatch is true), an email is still being sent to prevent account enumeration attacks. In that case, this function returns the ErrUnknownAddress error.
func (*Sender) SendRecoveryCodeTo ¶
func (*Sender) SendVerificationCode ¶
func (s *Sender) SendVerificationCode(ctx context.Context, f *verification.Flow, via string, to string) error
SendVerificationCode sends a verification code & link to the specified address
If the address does not exist in the store and dispatching invalid emails is enabled (CourierEnableInvalidDispatch is true), an email is still being sent to prevent account enumeration attacks. In that case, this function returns the ErrUnknownAddress error.
func (*Sender) SendVerificationCodeTo ¶
func (s *Sender) SendVerificationCodeTo(ctx context.Context, f *verification.Flow, i *identity.Identity, codeString string, code *VerificationCode) error
type SenderProvider ¶
type SenderProvider interface {
CodeSender() *Sender
}
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
func NewStrategy ¶
func (*Strategy) CompletedAuthenticationMethod ¶ added in v1.1.0
func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod
func (*Strategy) CountActiveFirstFactorCredentials ¶ added in v1.3.0
func (s *Strategy) CountActiveFirstFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)
func (*Strategy) CountActiveMultiFactorCredentials ¶ added in v1.3.0
func (s *Strategy) CountActiveMultiFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)
func (*Strategy) HandleLoginError ¶ added in v1.1.0
func (*Strategy) HandleRecoveryError ¶
func (*Strategy) HandleRegistrationError ¶ added in v1.1.0
func (*Strategy) ID ¶ added in v1.1.0
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) NewCodeUINodes ¶ added in v1.1.0
NewCodeUINodes creates a fresh UI for the code flow. this is used with the `recovery`, `verification`, `registration` and `login` flows.
func (*Strategy) NodeGroup ¶ added in v1.1.0
func (s *Strategy) NodeGroup() node.UiNodeGroup
func (*Strategy) PopulateLoginMethodFirstFactor ¶ added in v1.3.0
func (*Strategy) PopulateLoginMethodFirstFactorRefresh ¶ added in v1.3.0
func (*Strategy) PopulateLoginMethodIdentifierFirstCredentials ¶ added in v1.3.0
func (*Strategy) PopulateLoginMethodIdentifierFirstIdentification ¶ added in v1.3.0
func (*Strategy) PopulateLoginMethodSecondFactor ¶ added in v1.3.0
func (*Strategy) PopulateLoginMethodSecondFactorRefresh ¶ added in v1.3.0
func (*Strategy) PopulateMethod ¶ added in v1.1.0
func (*Strategy) PopulateRecoveryMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶ added in v1.1.0
func (*Strategy) PopulateVerificationMethod ¶
PopulateVerificationMethod set's the appropriate UI nodes on this flow
If the flow's state is `sent_email`, the `code` input and the success notification is set Otherwise, the default email input is added. If the flow is a browser flow, the CSRF token is added to the UI.
func (*Strategy) RecoveryStrategyID ¶
func (*Strategy) Register ¶ added in v1.1.0
func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error)
func (*Strategy) RegisterAdminRecoveryRoutes ¶
func (s *Strategy) RegisterAdminRecoveryRoutes(admin *x.RouterAdmin)
func (*Strategy) RegisterAdminVerificationRoutes ¶
func (s *Strategy) RegisterAdminVerificationRoutes(admin *x.RouterAdmin)
func (*Strategy) RegisterLoginRoutes ¶ added in v1.1.0
func (s *Strategy) RegisterLoginRoutes(*x.RouterPublic)
func (*Strategy) RegisterPublicRecoveryRoutes ¶
func (s *Strategy) RegisterPublicRecoveryRoutes(public *x.RouterPublic)
func (*Strategy) RegisterPublicVerificationRoutes ¶
func (s *Strategy) RegisterPublicVerificationRoutes(public *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶ added in v1.1.0
func (s *Strategy) RegisterRegistrationRoutes(*x.RouterPublic)
func (*Strategy) SendVerificationEmail ¶
func (s *Strategy) SendVerificationEmail(ctx context.Context, f *verification.Flow, i *identity.Identity, a *identity.VerifiableAddress) (err error)
func (*Strategy) VerificationStrategyID ¶
func (*Strategy) Verify ¶
func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verification.Flow) (err error)
type VerificationCode ¶
type VerificationCode struct {
// ID represents the code's unique ID.
//
// required: true
// type: string
// format: uuid
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// CodeHMAC represents the HMACed value of the verification code
CodeHMAC string `json:"-" db:"code_hmac"`
// UsedAt is the timestamp of when the code was used or null if it wasn't yet
UsedAt sql.NullTime `json:"-" db:"used_at"`
// VerifiableAddress links this code to a verification address.
// required: true
VerifiableAddress *identity.VerifiableAddress `json:"verification_address" belongs_to:"identity_verifiable_addresses"`
// ExpiresAt is the time (UTC) when the code expires.
// required: true
ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`
// IssuedAt is the time (UTC) when the code was issued.
// required: true
IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
// VerifiableAddressID is a helper struct field for gobuffalo.pop.
VerifiableAddressID uuid.NullUUID `json:"-" faker:"-" db:"identity_verifiable_address_id"`
// FlowID is a helper struct field for gobuffalo.pop.
FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_verification_flow_id"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
func (*VerificationCode) GetHMACCode ¶ added in v1.1.0
func (f *VerificationCode) GetHMACCode() string
func (*VerificationCode) GetID ¶ added in v1.1.0
func (f *VerificationCode) GetID() uuid.UUID
func (*VerificationCode) Validate ¶
func (f *VerificationCode) Validate() error
Validate validates the state of the verification code
- If the code is expired, `flow.ExpiredError` is returned - If the code was already used `ErrCodeAlreadyUsed` is returnd - Otherwise, `nil` is returned
type VerificationCodePersistenceProvider ¶
type VerificationCodePersistenceProvider interface {
VerificationCodePersister() VerificationCodePersister
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.