sessions

package
v2.2.0-mercury-20230614 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2023 License: MIT Imports: 23 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	MaxBcryptPasswordLength = 50
)

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length

Variables

View Source 
var ErrUserSessionExpired = errors.New("session missing or expired, please login again")

ErrUserSessionExpired defines the error triggered when the user session has expired

Functions

func AddCredentialToUser 

func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error

func AuthenticateUserByToken 

func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)

AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.

func BeginWebAuthnLogin 

func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)

func FinishWebAuthnLogin 

func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error

func NewSessionReaper 

func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask

NewSessionReaper creates a reaper that cleans stale sessions from the store.

func ValidateAndHashPassword 

func ValidateAndHashPassword(plainPwd string) (string, error)

ValidateAndHashPassword is the single point of logic for user password validations

func ValidateEmail 

func ValidateEmail(email string) error

ValidateEmail is the single point of logic for user email validations

Types

type ChangeAuthTokenRequest 

type ChangeAuthTokenRequest struct {
	Password string `json:"password"`
}

Changeauth.TokenRequest is sent when updating a User's authentication token.

type ORM 

type ORM interface {
	FindUser(email string) (User, error)
	FindUserByAPIToken(apiToken string) (User, error)
	ListUsers() ([]User, error)
	AuthorizedUserWithSession(sessionID string) (User, error)
	DeleteUser(email string) error
	DeleteUserSession(sessionID string) error
	CreateSession(sr SessionRequest) (string, error)
	ClearNonCurrentSessions(sessionID string) error
	CreateUser(user *User) error
	UpdateRole(email, newRole string) (User, error)
	SetAuthToken(user *User, token *auth.Token) error
	CreateAndSetAuthToken(user *User) (*auth.Token, error)
	DeleteAuthToken(user *User) error
	SetPassword(user *User, newPassword string) error
	Sessions(offset, limit int) ([]Session, error)
	GetUserWebAuthn(email string) ([]WebAuthn, error)
	SaveWebAuthn(token *WebAuthn) error

	FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error)
}

func NewORM 

func NewORM(db *sqlx.DB, sd time.Duration, lggr logger.Logger, cfg pg.QConfig, auditLogger audit.AuditLogger) ORM

type Session 

type Session struct {
	ID        string    `json:"id"`
	Email     string    `json:"email"`
	LastUsed  time.Time `json:"lastUsed"`
	CreatedAt time.Time `json:"createdAt"`
}

Session holds the unique id for the authenticated session.

func NewSession 

func NewSession() Session

NewSession returns a session instance with ID set to a random ID and LastUsed to now.

type SessionReaperConfig 

type SessionReaperConfig interface {
	SessionTimeout() models.Duration
	SessionReaperExpiration() models.Duration
}

type SessionRequest 

type SessionRequest struct {
	Email          string `json:"email"`
	Password       string `json:"password"`
	WebAuthnData   string `json:"webauthndata"`
	WebAuthnConfig WebAuthnConfiguration
	SessionStore   *WebAuthnSessionStore
}

SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.

type User 

type User struct {
	Email             string
	HashedPassword    string
	Role              UserRole
	CreatedAt         time.Time
	TokenKey          null.String
	TokenSalt         null.String
	TokenHashedSecret null.String
	UpdatedAt         time.Time
}

User holds the credentials for API user.

func NewUser 

func NewUser(email string, plainPwd string, role UserRole) (User, error)

NewUser creates a new user by hashing the passed plainPwd with bcrypt.

func (*User) GenerateAuthToken 

func (u *User) GenerateAuthToken() (*auth.Token, error)

GenerateAuthToken randomly generates and sets the users Authentication Token.

func (*User) SetAuthToken 

func (u *User) SetAuthToken(token *auth.Token) error

SetAuthToken updates the user to use the given Authentication Token.

type UserRole 

type UserRole string
const (
	UserRoleAdmin UserRole = "admin"
	UserRoleEdit  UserRole = "edit"
	UserRoleRun   UserRole = "run"
	UserRoleView  UserRole = "view"
)

func GetUserRole 

func GetUserRole(role string) (UserRole, error)

GetUserRole is the single point of logic for mapping role string to UserRole

type WebAuthn 

type WebAuthn struct {
	Email         string
	PublicKeyData sqlxTypes.JSONText
}

WebAuthn holds the credentials for API user.

type WebAuthnConfiguration 

type WebAuthnConfiguration struct {
	RPID     string
	RPOrigin string
}

type WebAuthnSessionStore 

type WebAuthnSessionStore struct {
	// contains filtered or unexported fields
}

WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.

func NewWebAuthnSessionStore 

func NewWebAuthnSessionStore() *WebAuthnSessionStore

NewWebAuthnSessionStore returns a new session store.

func (*WebAuthnSessionStore) BeginWebAuthnRegistration 

func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)

func (*WebAuthnSessionStore) FinishWebAuthnRegistration 

func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, config WebAuthnConfiguration) (*webauthn.Credential, error)

func (*WebAuthnSessionStore) GetWebauthnSession 

func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)

GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie, which is removed.

func (*WebAuthnSessionStore) SaveWebauthnSession 

func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error

SaveWebauthnSession marshals and saves the webauthn data to the provided key given the request and responsewriter

type WebAuthnUser 

type WebAuthnUser struct {
	Email         string
	WACredentials []webauthn.Credential
}

WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct

func (WebAuthnUser) CredentialExcludeList 

func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor

CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys

func (*WebAuthnUser) LoadWebAuthnCredentials 

func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error

func (WebAuthnUser) WebAuthnCredentials 

func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user

func (WebAuthnUser) WebAuthnDisplayName 

func (u WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name. In this case we just return the email

func (WebAuthnUser) WebAuthnID 

func (u WebAuthnUser) WebAuthnID() []byte

WebAuthnID returns the user's ID

func (WebAuthnUser) WebAuthnIcon 

func (u WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.

func (WebAuthnUser) WebAuthnName 

func (u WebAuthnUser) WebAuthnName() string

WebAuthnName returns the user's email

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.