code

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2024 License: Apache-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

View Source
const CodeLength = 6
View Source
const (
	RouteAdminCreateRecoveryCode = "/recovery/code"
)

Variables

View Source
var (
	ErrCodeNotFound          = herodot.ErrNotFound.WithReasonf("unknown code")
	ErrCodeAlreadyUsed       = herodot.ErrBadRequest.WithReasonf("The code was already used. Please request another code.")
	ErrCodeSubmittedTooOften = herodot.ErrBadRequest.WithReasonf("The request was submitted too often. Please request another code.")
)
View Source
var ErrUnknownAddress = herodot.ErrNotFound.WithReason("recovery requested for unknown address")

Functions

func GenerateCode

func GenerateCode() string

func MaskAddress added in v1.1.0

func MaskAddress(input string) string

MaskAddress masks an address by replacing the middle part with asterisks.

If the address contains an @, the part before the @ is masked by taking the first 2 characters and adding 4 * (if the part before the @ is less than 2 characters the full value is used). Otherwise, the first 3 characters and last two characters are taken and 4 * are added in between.

Examples: - foo@bar -> fo****@bar - foobar -> fo****ar - f@bar -> f@bar - fo@bar -> fo****@bar - +12345678910 -> +12****10

func SetDefaultFlowState added in v1.1.0

func SetDefaultFlowState(f flow.Flow, resend string)

Types

type Address added in v1.1.0

type Address struct {
	To  string
	Via identity.CodeChannel
}

func FindAllIdentifiers added in v1.3.0

func FindAllIdentifiers(i *identity.Identity) (result []Address)

func FindCodeAddressCandidates added in v1.3.0

func FindCodeAddressCandidates(i *identity.Identity, fallbackEnabled bool) (result []Address, found bool, _ error)

type CreateLoginCodeParams added in v1.1.0

type CreateLoginCodeParams struct {
	// Address is the email address or phone number the code should be sent to.
	// required: true
	Address string

	// AddressType is the type of the address (email or phone number).
	// required: true
	AddressType identity.CodeChannel

	// Code represents the recovery code
	// required: true
	RawCode string

	// ExpiresAt is the time (UTC) when the code expires.
	// required: true
	ExpiresIn time.Duration

	// FlowID is a helper struct field for gobuffalo.pop.
	// required: true
	FlowID uuid.UUID

	// IdentityID is the identity that this code is for
	// required: true
	IdentityID uuid.UUID
}

swagger:ignore

type CreateRecoveryCodeParams

type CreateRecoveryCodeParams struct {
	// Code represents the recovery code
	RawCode string

	// CodeType is the type of the code - either "admin" or "selfservice"
	CodeType RecoveryCodeType

	// ExpiresAt is the time (UTC) when the code expires.
	// required: true
	ExpiresIn time.Duration

	// RecoveryAddressID is a helper struct field for gobuffalo.pop.
	RecoveryAddress *identity.RecoveryAddress

	// FlowID is a helper struct field for gobuffalo.pop.
	FlowID uuid.UUID

	IdentityID uuid.UUID
}

type CreateRegistrationCodeParams added in v1.1.0

type CreateRegistrationCodeParams struct {
	// Address is the email address or phone number the code should be sent to.
	// required: true
	Address string

	// AddressType is the type of the address (email or phone number).
	// required: true
	AddressType identity.CodeChannel

	// Code represents the recovery code
	// required: true
	RawCode string

	// ExpiresAt is the time (UTC) when the code expires.
	// required: true
	ExpiresIn time.Duration

	// FlowID is a helper struct field for gobuffalo.pop.
	// required: true
	FlowID uuid.UUID
}

swagger:ignore

type CreateVerificationCodeParams

type CreateVerificationCodeParams struct {
	// Code represents the recovery code
	RawCode string

	// ExpiresIn is the lifetime of the code
	ExpiresIn time.Duration

	// VerifiableAddress is the address to be verified
	VerifiableAddress *identity.VerifiableAddress

	// FlowID is the id of the current verification flow
	FlowID uuid.UUID
}

type FlowMethod

type FlowMethod struct {
	*container.Container
}

FlowMethod contains the configuration for this selfservice strategy.

type LoginCode added in v1.1.0

type LoginCode struct {
	// ID represents the tokens's unique ID.
	//
	// required: true
	// type: string
	// format: uuid
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// Address represents the address that the code was sent to.
	// this can be an email address or a phone number.
	Address string `json:"-" db:"address"`

	// AddressType represents the type of the address
	// this can be an email address or a phone number.
	AddressType identity.CodeChannel `json:"-" db:"address_type"`

	// CodeHMAC represents the HMACed value of the verification code
	CodeHMAC string `json:"-" db:"code"`

	// UsedAt is the timestamp of when the code was used or null if it wasn't yet
	UsedAt sql.NullTime `json:"-" db:"used_at"`

	// ExpiresAt is the time (UTC) when the token expires.
	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IssuedAt is the time (UTC) when the token was issued.
	// required: true
	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`

	// FlowID is a helper struct field for gobuffalo.pop.
	FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_login_flow_id"`

	NID        uuid.UUID `json:"-"  faker:"-" db:"nid"`
	IdentityID uuid.UUID `json:"identity_id" faker:"-" db:"identity_id"`
}

swagger:ignore

func (*LoginCode) GetHMACCode added in v1.1.0

func (f *LoginCode) GetHMACCode() string

func (*LoginCode) GetID added in v1.1.0

func (f *LoginCode) GetID() uuid.UUID

func (LoginCode) TableName added in v1.1.0

func (LoginCode) TableName(ctx context.Context) string

func (*LoginCode) Validate added in v1.1.0

func (f *LoginCode) Validate() error

type LoginCodePersistenceProvider added in v1.1.0

type LoginCodePersistenceProvider interface {
	LoginCodePersister() LoginCodePersister
}

type LoginCodePersister added in v1.1.0

type LoginCodePersister interface {
	CreateLoginCode(context.Context, *CreateLoginCodeParams) (*LoginCode, error)
	UseLoginCode(ctx context.Context, flowID uuid.UUID, identityID uuid.UUID, code string) (*LoginCode, error)
	DeleteLoginCodesOfFlow(ctx context.Context, flowID uuid.UUID) error
	GetUsedLoginCode(ctx context.Context, flowID uuid.UUID) (*LoginCode, error)
}

type RecoveryCode

type RecoveryCode struct {
	// ID represents the code's unique ID.
	//
	// required: true
	// type: string
	// format: uuid
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// CodeHMAC represents the HMACed value of the recovery code
	CodeHMAC string `json:"-" db:"code"`

	// UsedAt is the timestamp of when the code was used or null if it wasn't yet
	UsedAt sql.NullTime `json:"-" db:"used_at"`

	// RecoveryAddress links this code to a recovery address.
	// required: true
	RecoveryAddress *identity.RecoveryAddress `json:"recovery_address" belongs_to:"identity_recovery_addresses" fk_id:"RecoveryAddressID"`

	// CodeType is the type of the code - either "admin" or "selfservice"
	CodeType RecoveryCodeType `json:"-" faker:"-" db:"code_type"`

	// ExpiresAt is the time (UTC) when the code expires.
	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IssuedAt is the time (UTC) when the code was issued.
	// required: true
	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
	// RecoveryAddressID is a helper struct field for gobuffalo.pop.
	RecoveryAddressID uuid.NullUUID `json:"-" faker:"-" db:"identity_recovery_address_id"`
	// FlowID is a helper struct field for gobuffalo.pop.
	FlowID     uuid.UUID `json:"-" faker:"-" db:"selfservice_recovery_flow_id"`
	NID        uuid.UUID `json:"-" faker:"-" db:"nid"`
	IdentityID uuid.UUID `json:"identity_id" faker:"-" db:"identity_id"`
}

func (*RecoveryCode) GetHMACCode added in v1.1.0

func (f *RecoveryCode) GetHMACCode() string

func (*RecoveryCode) GetID added in v1.1.0

func (f *RecoveryCode) GetID() uuid.UUID

func (RecoveryCode) TableName

func (RecoveryCode) TableName(ctx context.Context) string

func (*RecoveryCode) Validate added in v1.1.0

func (f *RecoveryCode) Validate() error

type RecoveryCodePersistenceProvider

type RecoveryCodePersistenceProvider interface {
	RecoveryCodePersister() RecoveryCodePersister
}

type RecoveryCodePersister

type RecoveryCodePersister interface {
	CreateRecoveryCode(ctx context.Context, dto *CreateRecoveryCodeParams) (*RecoveryCode, error)
	UseRecoveryCode(ctx context.Context, fID uuid.UUID, code string) (*RecoveryCode, error)
	DeleteRecoveryCodesOfFlow(ctx context.Context, fID uuid.UUID) error
}

type RecoveryCodeType

type RecoveryCodeType int
const (
	RecoveryCodeTypeAdmin RecoveryCodeType = iota + 1
	RecoveryCodeTypeSelfService
)

type RegistrationCode added in v1.1.0

type RegistrationCode struct {
	// ID represents the tokens's unique ID.
	//
	// required: true
	// type: string
	// format: uuid
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// Address represents the address that the code was sent to.
	// this can be an email address or a phone number.
	Address string `json:"-" db:"address"`

	// AddressType represents the type of the address
	// this can be an email address or a phone number.
	AddressType identity.CodeChannel `json:"-" db:"address_type"`

	// CodeHMAC represents the HMACed value of the verification code
	CodeHMAC string `json:"-" db:"code"`

	// UsedAt is the timestamp of when the code was used or null if it wasn't yet
	UsedAt sql.NullTime `json:"-" db:"used_at"`

	// ExpiresAt is the time (UTC) when the token expires.
	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IssuedAt is the time (UTC) when the token was issued.
	// required: true
	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`

	// FlowID is a helper struct field for gobuffalo.pop.
	FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_registration_flow_id"`

	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

swagger:ignore

func (*RegistrationCode) GetHMACCode added in v1.1.0

func (f *RegistrationCode) GetHMACCode() string

func (*RegistrationCode) GetID added in v1.1.0

func (f *RegistrationCode) GetID() uuid.UUID

func (RegistrationCode) TableName added in v1.1.0

func (*RegistrationCode) Validate added in v1.1.0

func (f *RegistrationCode) Validate() error

type RegistrationCodePersistenceProvider added in v1.1.0

type RegistrationCodePersistenceProvider interface {
	RegistrationCodePersister() RegistrationCodePersister
}

type RegistrationCodePersister added in v1.1.0

type RegistrationCodePersister interface {
	CreateRegistrationCode(context.Context, *CreateRegistrationCodeParams) (*RegistrationCode, error)
	UseRegistrationCode(ctx context.Context, flowID uuid.UUID, code string, addresses ...string) (*RegistrationCode, error)
	DeleteRegistrationCodesOfFlow(ctx context.Context, flowID uuid.UUID) error
	GetUsedRegistrationCode(ctx context.Context, flowID uuid.UUID) (*RegistrationCode, error)
}

type RetryOption added in v1.1.0

type RetryOption func(*retry)

func RetryWithError added in v1.1.0

func RetryWithError(err error) RetryOption

func RetryWithMessage added in v1.1.0

func RetryWithMessage(msg *text.Message) RetryOption

type Sender

type Sender struct {
	// contains filtered or unexported fields
}

func NewSender

func NewSender(deps senderDependencies) *Sender

func (*Sender) SendCode added in v1.1.0

func (s *Sender) SendCode(ctx context.Context, f flow.Flow, id *identity.Identity, addresses ...Address) error

func (*Sender) SendRecoveryCode

func (s *Sender) SendRecoveryCode(ctx context.Context, f *recovery.Flow, via identity.VerifiableAddressType, to string) error

SendRecoveryCode sends a recovery code to the specified address

If the address does not exist in the store and dispatching invalid emails is enabled (CourierEnableInvalidDispatch is true), an email is still being sent to prevent account enumeration attacks. In that case, this function returns the ErrUnknownAddress error.

func (*Sender) SendRecoveryCodeTo

func (s *Sender) SendRecoveryCodeTo(ctx context.Context, i *identity.Identity, codeString string, code *RecoveryCode, f *recovery.Flow) error

func (*Sender) SendVerificationCode

func (s *Sender) SendVerificationCode(ctx context.Context, f *verification.Flow, via string, to string) error

SendVerificationCode sends a verification code & link to the specified address

If the address does not exist in the store and dispatching invalid emails is enabled (CourierEnableInvalidDispatch is true), an email is still being sent to prevent account enumeration attacks. In that case, this function returns the ErrUnknownAddress error.

func (*Sender) SendVerificationCodeTo

func (s *Sender) SendVerificationCodeTo(ctx context.Context, f *verification.Flow, i *identity.Identity, codeString string, code *VerificationCode) error

type SenderProvider

type SenderProvider interface {
	CodeSender() *Sender
}

type Strategy

type Strategy struct {
	// contains filtered or unexported fields
}

func NewStrategy

func NewStrategy(deps any) *Strategy

func (*Strategy) CompletedAuthenticationMethod added in v1.1.0

func (s *Strategy) CompletedAuthenticationMethod(ctx context.Context) session.AuthenticationMethod

func (*Strategy) CountActiveFirstFactorCredentials added in v1.3.0

func (s *Strategy) CountActiveFirstFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)

func (*Strategy) CountActiveMultiFactorCredentials added in v1.3.0

func (s *Strategy) CountActiveMultiFactorCredentials(ctx context.Context, cc map[identity.CredentialsType]identity.Credentials) (int, error)

func (*Strategy) HandleLoginError added in v1.1.0

func (s *Strategy) HandleLoginError(r *http.Request, f *login.Flow, body *updateLoginFlowWithCodeMethod, err error) error

func (*Strategy) HandleRecoveryError

func (s *Strategy) HandleRecoveryError(w http.ResponseWriter, r *http.Request, flow *recovery.Flow, body *recoverySubmitPayload, err error) error

func (*Strategy) HandleRegistrationError added in v1.1.0

func (s *Strategy) HandleRegistrationError(ctx context.Context, r *http.Request, f *registration.Flow, body *updateRegistrationFlowWithCodeMethod, err error) error

func (*Strategy) ID added in v1.1.0

func (*Strategy) Login added in v1.1.0

func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow, sess *session.Session) (_ *identity.Identity, err error)

func (*Strategy) NewCodeUINodes added in v1.1.0

func (s *Strategy) NewCodeUINodes(r *http.Request, f flow.Flow, data any) error

NewCodeUINodes creates a fresh UI for the code flow. this is used with the `recovery`, `verification`, `registration` and `login` flows.

func (*Strategy) NodeGroup added in v1.1.0

func (s *Strategy) NodeGroup() node.UiNodeGroup

func (*Strategy) PopulateLoginMethodFirstFactor added in v1.3.0

func (s *Strategy) PopulateLoginMethodFirstFactor(r *http.Request, f *login.Flow) error

func (*Strategy) PopulateLoginMethodFirstFactorRefresh added in v1.3.0

func (s *Strategy) PopulateLoginMethodFirstFactorRefresh(r *http.Request, f *login.Flow) error

func (*Strategy) PopulateLoginMethodIdentifierFirstCredentials added in v1.3.0

func (s *Strategy) PopulateLoginMethodIdentifierFirstCredentials(r *http.Request, f *login.Flow, opts ...login.FormHydratorModifier) error

func (*Strategy) PopulateLoginMethodIdentifierFirstIdentification added in v1.3.0

func (s *Strategy) PopulateLoginMethodIdentifierFirstIdentification(r *http.Request, f *login.Flow) error

func (*Strategy) PopulateLoginMethodSecondFactor added in v1.3.0

func (s *Strategy) PopulateLoginMethodSecondFactor(r *http.Request, f *login.Flow) error

func (*Strategy) PopulateLoginMethodSecondFactorRefresh added in v1.3.0

func (s *Strategy) PopulateLoginMethodSecondFactorRefresh(r *http.Request, f *login.Flow) error

func (*Strategy) PopulateMethod added in v1.1.0

func (s *Strategy) PopulateMethod(r *http.Request, f flow.Flow) error

func (*Strategy) PopulateRecoveryMethod

func (s *Strategy) PopulateRecoveryMethod(r *http.Request, f *recovery.Flow) error

func (*Strategy) PopulateRegistrationMethod added in v1.1.0

func (s *Strategy) PopulateRegistrationMethod(r *http.Request, rf *registration.Flow) error

func (*Strategy) PopulateVerificationMethod

func (s *Strategy) PopulateVerificationMethod(r *http.Request, f *verification.Flow) error

PopulateVerificationMethod set's the appropriate UI nodes on this flow

If the flow's state is `sent_email`, the `code` input and the success notification is set Otherwise, the default email input is added. If the flow is a browser flow, the CSRF token is added to the UI.

func (*Strategy) Recover

func (s *Strategy) Recover(w http.ResponseWriter, r *http.Request, f *recovery.Flow) (err error)

func (*Strategy) RecoveryStrategyID

func (s *Strategy) RecoveryStrategyID() string

func (*Strategy) Register added in v1.1.0

func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registration.Flow, i *identity.Identity) (err error)

func (*Strategy) RegisterAdminRecoveryRoutes

func (s *Strategy) RegisterAdminRecoveryRoutes(admin *x.RouterAdmin)

func (*Strategy) RegisterAdminVerificationRoutes

func (s *Strategy) RegisterAdminVerificationRoutes(admin *x.RouterAdmin)

func (*Strategy) RegisterLoginRoutes added in v1.1.0

func (s *Strategy) RegisterLoginRoutes(*x.RouterPublic)

func (*Strategy) RegisterPublicRecoveryRoutes

func (s *Strategy) RegisterPublicRecoveryRoutes(public *x.RouterPublic)

func (*Strategy) RegisterPublicVerificationRoutes

func (s *Strategy) RegisterPublicVerificationRoutes(public *x.RouterPublic)

func (*Strategy) RegisterRegistrationRoutes added in v1.1.0

func (s *Strategy) RegisterRegistrationRoutes(*x.RouterPublic)

func (*Strategy) SendVerificationEmail

func (s *Strategy) SendVerificationEmail(ctx context.Context, f *verification.Flow, i *identity.Identity, a *identity.VerifiableAddress) (err error)

func (*Strategy) VerificationStrategyID

func (s *Strategy) VerificationStrategyID() string

func (*Strategy) Verify

func (s *Strategy) Verify(w http.ResponseWriter, r *http.Request, f *verification.Flow) (err error)

type VerificationCode

type VerificationCode struct {
	// ID represents the code's unique ID.
	//
	// required: true
	// type: string
	// format: uuid
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// CodeHMAC represents the HMACed value of the verification code
	CodeHMAC string `json:"-" db:"code_hmac"`

	// UsedAt is the timestamp of when the code was used or null if it wasn't yet
	UsedAt sql.NullTime `json:"-" db:"used_at"`

	// VerifiableAddress links this code to a verification address.
	// required: true
	VerifiableAddress *identity.VerifiableAddress `json:"verification_address" belongs_to:"identity_verifiable_addresses"`

	// ExpiresAt is the time (UTC) when the code expires.
	// required: true
	ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"`

	// IssuedAt is the time (UTC) when the code was issued.
	// required: true
	IssuedAt time.Time `json:"issued_at" faker:"time_type" db:"issued_at"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
	// VerifiableAddressID is a helper struct field for gobuffalo.pop.
	VerifiableAddressID uuid.NullUUID `json:"-" faker:"-" db:"identity_verifiable_address_id"`
	// FlowID is a helper struct field for gobuffalo.pop.
	FlowID uuid.UUID `json:"-" faker:"-" db:"selfservice_verification_flow_id"`
	NID    uuid.UUID `json:"-" faker:"-" db:"nid"`
}

func (*VerificationCode) GetHMACCode added in v1.1.0

func (f *VerificationCode) GetHMACCode() string

func (*VerificationCode) GetID added in v1.1.0

func (f *VerificationCode) GetID() uuid.UUID

func (VerificationCode) TableName

func (*VerificationCode) Validate

func (f *VerificationCode) Validate() error

Validate validates the state of the verification code

- If the code is expired, `flow.ExpiredError` is returned - If the code was already used `ErrCodeAlreadyUsed` is returnd - Otherwise, `nil` is returned

type VerificationCodePersistenceProvider

type VerificationCodePersistenceProvider interface {
	VerificationCodePersister() VerificationCodePersister
}

type VerificationCodePersister

type VerificationCodePersister interface {
	CreateVerificationCode(context.Context, *CreateVerificationCodeParams) (*VerificationCode, error)
	UseVerificationCode(context.Context, uuid.UUID, string) (*VerificationCode, error)
	DeleteVerificationCodesOfFlow(context.Context, uuid.UUID) error
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL