sessions

package
v2.5.1-mercury-20230912 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2023 License: MIT Imports: 23 Imported by: 1

Documentation

Index

Constants

View Source
const (
	MaxBcryptPasswordLength = 50
)

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length

Variables

View Source
var (
	ErrUserSessionExpired = errors.New("user session missing or expired, please login again")
	ErrEmptySessionID     = errors.New("session ID cannot be empty")
)

ErrUserSessionExpired defines the error triggered when the user session has expired

Functions

func AddCredentialToUser

func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error

func AuthenticateUserByToken

func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)

AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.

func BeginWebAuthnLogin

func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)

func FinishWebAuthnLogin

func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error

func NewSessionReaper

func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask

NewSessionReaper creates a reaper that cleans stale sessions from the store.

func ValidateAndHashPassword

func ValidateAndHashPassword(plainPwd string) (string, error)

ValidateAndHashPassword is the single point of logic for user password validations

func ValidateEmail

func ValidateEmail(email string) error

ValidateEmail is the single point of logic for user email validations

Types

type ChangeAuthTokenRequest

type ChangeAuthTokenRequest struct {
	Password string `json:"password"`
}

Changeauth.TokenRequest is sent when updating a User's authentication token.

type ORM

type ORM interface {
	FindUser(email string) (User, error)
	FindUserByAPIToken(apiToken string) (User, error)
	ListUsers() ([]User, error)
	AuthorizedUserWithSession(sessionID string) (User, error)
	DeleteUser(email string) error
	DeleteUserSession(sessionID string) error
	CreateSession(sr SessionRequest) (string, error)
	ClearNonCurrentSessions(sessionID string) error
	CreateUser(user *User) error
	UpdateRole(email, newRole string) (User, error)
	SetAuthToken(user *User, token *auth.Token) error
	CreateAndSetAuthToken(user *User) (*auth.Token, error)
	DeleteAuthToken(user *User) error
	SetPassword(user *User, newPassword string) error
	Sessions(offset, limit int) ([]Session, error)
	GetUserWebAuthn(email string) ([]WebAuthn, error)
	SaveWebAuthn(token *WebAuthn) error

	FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error)
}

func NewORM

func NewORM(db *sqlx.DB, sd time.Duration, lggr logger.Logger, cfg pg.QConfig, auditLogger audit.AuditLogger) ORM

type Session

type Session struct {
	ID        string    `json:"id"`
	Email     string    `json:"email"`
	LastUsed  time.Time `json:"lastUsed"`
	CreatedAt time.Time `json:"createdAt"`
}

Session holds the unique id for the authenticated session.

func NewSession

func NewSession() Session

NewSession returns a session instance with ID set to a random ID and LastUsed to now.

type SessionReaperConfig

type SessionReaperConfig interface {
	SessionTimeout() models.Duration
	SessionReaperExpiration() models.Duration
}

type SessionRequest

type SessionRequest struct {
	Email          string `json:"email"`
	Password       string `json:"password"`
	WebAuthnData   string `json:"webauthndata"`
	WebAuthnConfig WebAuthnConfiguration
	SessionStore   *WebAuthnSessionStore
}

SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.

type User

type User struct {
	Email             string
	HashedPassword    string
	Role              UserRole
	CreatedAt         time.Time
	TokenKey          null.String
	TokenSalt         null.String
	TokenHashedSecret null.String
	UpdatedAt         time.Time
}

User holds the credentials for API user.

func NewUser

func NewUser(email string, plainPwd string, role UserRole) (User, error)

NewUser creates a new user by hashing the passed plainPwd with bcrypt.

func (*User) GenerateAuthToken

func (u *User) GenerateAuthToken() (*auth.Token, error)

GenerateAuthToken randomly generates and sets the users Authentication Token.

func (*User) SetAuthToken

func (u *User) SetAuthToken(token *auth.Token) error

SetAuthToken updates the user to use the given Authentication Token.

type UserRole

type UserRole string
const (
	UserRoleAdmin UserRole = "admin"
	UserRoleEdit  UserRole = "edit"
	UserRoleRun   UserRole = "run"
	UserRoleView  UserRole = "view"
)

func GetUserRole

func GetUserRole(role string) (UserRole, error)

GetUserRole is the single point of logic for mapping role string to UserRole

type WebAuthn

type WebAuthn struct {
	Email         string
	PublicKeyData sqlxTypes.JSONText
}

WebAuthn holds the credentials for API user.

type WebAuthnConfiguration

type WebAuthnConfiguration struct {
	RPID     string
	RPOrigin string
}

type WebAuthnSessionStore

type WebAuthnSessionStore struct {
	// contains filtered or unexported fields
}

WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.

func NewWebAuthnSessionStore

func NewWebAuthnSessionStore() *WebAuthnSessionStore

NewWebAuthnSessionStore returns a new session store.

func (*WebAuthnSessionStore) BeginWebAuthnRegistration

func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)

func (*WebAuthnSessionStore) FinishWebAuthnRegistration

func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, config WebAuthnConfiguration) (*webauthn.Credential, error)

func (*WebAuthnSessionStore) GetWebauthnSession

func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)

GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie, which is removed.

func (*WebAuthnSessionStore) SaveWebauthnSession

func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error

SaveWebauthnSession marshals and saves the webauthn data to the provided key given the request and responsewriter

type WebAuthnUser

type WebAuthnUser struct {
	Email         string
	WACredentials []webauthn.Credential
}

WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct

func (WebAuthnUser) CredentialExcludeList

func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor

CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys

func (*WebAuthnUser) LoadWebAuthnCredentials

func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error

func (WebAuthnUser) WebAuthnCredentials

func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user

func (WebAuthnUser) WebAuthnDisplayName

func (u WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name. In this case we just return the email

func (WebAuthnUser) WebAuthnID

func (u WebAuthnUser) WebAuthnID() []byte

WebAuthnID returns the user's ID

func (WebAuthnUser) WebAuthnIcon

func (u WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.

func (WebAuthnUser) WebAuthnName

func (u WebAuthnUser) WebAuthnName() string

WebAuthnName returns the user's email

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL