README
¶
This server provides the primary end points for the myirma web interface.
Although this server permits the user to delete his account, and change email address associations, for security reasons, deletion of account logs and email addresses is delayed. Deleting an email address marks it as to be deleted, but only does so after 30 days to stop someone who has stolen a phone from making it impossible to disable the IRMA account. Similarly, when deleting an account, logs remain stored and accessible through email login for 30 days, to stop attackers from erasing their tracks.
This server exposes the following endpoints:
-- SESSION STATUS --
POST /checksession
Arguments: none
Description: Check session status, fetching any pending errors from operations following IRMA sessions
Returns: - `expired` if user is not logged in
- `ok` if user is logged in
- error text if an error occurred during IRMA session processing
-- IRMA LOGIN --
POST /login/irma
Arguments: none
Description: Start IRMA login session. After session, checksession needs to be called to check for errors
Returns: session pointer
-- EMAIL LOGIN --
POST /login/email
Arguments: Emailaddress as request body
Description: Send login email
Returns: success with 204, or 403 if user not registered
POST /login/token/candidates
Arguments: token as request body
Description: Get account candidates for loging in with email address token
Returns: list of account candidates with json structure:
[{username: "username", last_active: "unix timestamp (utc) of last activity on account"},...]
POST /login/token
Arguments: Login request as json:
{token: "login token", username: "username of specific account to login to"}
Description: Login using a token into a specific user account
Returns: success with 204, or error otherwise
-- LOGOUT --
POST /logout
Arguments: none
Description: Log out of current session
Returns: success with 204, should not error
-- USER DATA --
GET /user
Arguments: none
Description: Returns user account information for currently logged in user
Returns: structure as json:
{ username: "username",
emails: [{email: "emailaddress",
delete_in_progress: "email address is currently waiting to be deleted"}, ...],
delete_in_progress: "account is currently disabled and waiting to be deleted" }
GET /user/logs/{offset}
Arguments: none outside url
Description: Retrieve log entries
Returns: 11 of user"s logs, starting from log entry with index {offset}. Logs are ordered
chronologically, newest first.
-- EMAIL MANAGEMENT --
POST /email/add
Arguments: none
Description: Starts session in which user can disclose the email address to be added.
After session, checksession needs to be called to check for potential errors
Returns: session pointer
POST /email/remove
Arguments: none
Description: emailaddress to remove as request body
Returns: 204 on success, errors otherwise
POST /verify
Arguments: token as request body
Description: Verifies the user's email address entered during registration of the IRMA app. A link
containing a token is sent to this email address. The frontend invokes this endpoint to
verify the token.
Returns: 204 on success, errors otherwise
-- ACCOUNT REMOVAL --
POST /user/delete
Arguments: none
Description: Start deletion process for currently logged in user
Returns: 204 on success, errors otherwise (also if user deletion already in progress)
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct {
// IRMA server configuration. If not given, this will be populated using information here
*server.Configuration `mapstructure:",squash"`
CORSAllowedOrigins []string `json:"cors_allowed_origins" mapstructure:"cors_allowed_origins"`
// Path to static content to serve (for testing)
StaticPath string `json:"static_path" mapstructure:"static_path"`
StaticPrefix string `json:"static_prefix" mapstructure:"static_prefix"`
// Database configuration (ignored when database is provided)
DBType DBType `json:"db_type" mapstructure:"db_type"`
DBConnStr string `json:"db_str" mapstructure:"db_str"`
DBConnMaxIdle int `json:"db_max_idle" mapstructure:"db_max_idle"`
DBConnMaxOpen int `json:"db_max_open" mapstructure:"db_max_open"`
DBConnMaxIdleTime int `json:"db_max_idle_time" mapstructure:"db_max_idle_time"`
DBConnMaxOpenTime int `json:"db_max_open_time" mapstructure:"db_max_open_time"`
// DeleteDelay is the delay in days before a user or email address deletion becomes effective.
DeleteDelay int `json:"delete_delay" mapstructure:"delete_delay"`
// Provide a prepared database (useful for testing)
DB db `json:"-"`
// Session lifetime in seconds
SessionLifetime int `json:"session_lifetime" mapstructure:"session_lifetime"`
// Keyshare attributes to use for login
EmailAttributes []irma.AttributeTypeIdentifier `json:"email_attributes" mapstructure:"email_attributes"`
// Configuration for email sending during login (email address use will be disabled if not present)
keyshare.EmailConfiguration `mapstructure:",squash"`
LoginURL map[string]string `json:"login_url" mapstructure:"login_url"`
LoginEmailFiles map[string]string `json:"login_email_files" mapstructure:"login_email_files"`
LoginEmailSubjects map[string]string `json:"login_email_subjects" mapstructure:"login_email_subjects"`
DeleteEmailFiles map[string]string `json:"delete_email_files" mapstructure:"delete_email_files"`
DeleteEmailSubjects map[string]string `json:"delete_email_subjects" mapstructure:"delete_email_subjects"`
DeleteAccountFiles map[string]string `json:"delete_account_files" mapstructure:"delete_account_files"`
DeleteAccountSubjects map[string]string `json:"delete_account_subjects" mapstructure:"delete_account_subjects"`
// contains filtered or unexported fields
}
Configuration contains configuration for the irmaserver library and irmad.
Source Files
Click to show internal directories.
Click to hide internal directories.