Documentation ¶
Index ¶
- Constants
- Variables
- func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error
- func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)
- func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
- func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
- func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
- func ValidateAndHashPassword(plainPwd string) (string, error)
- func ValidateEmail(email string) error
- type ChangeAuthTokenRequest
- type ORM
- type Session
- type SessionReaperConfig
- type SessionRequest
- type User
- type UserRole
- type WebAuthn
- type WebAuthnConfiguration
- type WebAuthnSessionStore
- func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
- func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, ...) (*webauthn.Credential, error)
- func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)
- func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
- type WebAuthnUser
- func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
- func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
- func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
- func (u WebAuthnUser) WebAuthnDisplayName() string
- func (u WebAuthnUser) WebAuthnID() []byte
- func (u WebAuthnUser) WebAuthnIcon() string
- func (u WebAuthnUser) WebAuthnName() string
Constants ¶
const (
MaxBcryptPasswordLength = 50
)
https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length
Variables ¶
var ( ErrUserSessionExpired = errors.New("user session missing or expired, please login again") ErrEmptySessionID = errors.New("session ID cannot be empty") )
ErrUserSessionExpired defines the error triggered when the user session has expired
Functions ¶
func AddCredentialToUser ¶
func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error
func AuthenticateUserByToken ¶
AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.
func BeginWebAuthnLogin ¶
func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
func FinishWebAuthnLogin ¶
func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
func NewSessionReaper ¶
func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
NewSessionReaper creates a reaper that cleans stale sessions from the store.
func ValidateAndHashPassword ¶
ValidateAndHashPassword is the single point of logic for user password validations
func ValidateEmail ¶
ValidateEmail is the single point of logic for user email validations
Types ¶
type ChangeAuthTokenRequest ¶
type ChangeAuthTokenRequest struct {
Password string `json:"password"`
}
Changeauth.TokenRequest is sent when updating a User's authentication token.
type ORM ¶
type ORM interface { FindUser(email string) (User, error) FindUserByAPIToken(apiToken string) (User, error) ListUsers() ([]User, error) AuthorizedUserWithSession(sessionID string) (User, error) DeleteUser(email string) error DeleteUserSession(sessionID string) error CreateSession(sr SessionRequest) (string, error) ClearNonCurrentSessions(sessionID string) error CreateUser(user *User) error UpdateRole(email, newRole string) (User, error) SetAuthToken(user *User, token *auth.Token) error CreateAndSetAuthToken(user *User) (*auth.Token, error) DeleteAuthToken(user *User) error SetPassword(user *User, newPassword string) error Sessions(offset, limit int) ([]Session, error) GetUserWebAuthn(email string) ([]WebAuthn, error) SaveWebAuthn(token *WebAuthn) error FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error) }
type Session ¶
type Session struct { ID string `json:"id"` Email string `json:"email"` LastUsed time.Time `json:"lastUsed"` CreatedAt time.Time `json:"createdAt"` }
Session holds the unique id for the authenticated session.
func NewSession ¶
func NewSession() Session
NewSession returns a session instance with ID set to a random ID and LastUsed to now.
type SessionReaperConfig ¶
type SessionRequest ¶
type SessionRequest struct { Email string `json:"email"` Password string `json:"password"` WebAuthnData string `json:"webauthndata"` WebAuthnConfig WebAuthnConfiguration SessionStore *WebAuthnSessionStore }
SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.
type User ¶
type User struct { Email string HashedPassword string Role UserRole CreatedAt time.Time TokenKey null.String TokenSalt null.String TokenHashedSecret null.String UpdatedAt time.Time }
User holds the credentials for API user.
func (*User) GenerateAuthToken ¶
GenerateAuthToken randomly generates and sets the users Authentication Token.
type UserRole ¶
type UserRole string
func GetUserRole ¶
GetUserRole is the single point of logic for mapping role string to UserRole
type WebAuthnConfiguration ¶
type WebAuthnSessionStore ¶
type WebAuthnSessionStore struct {
// contains filtered or unexported fields
}
WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.
func NewWebAuthnSessionStore ¶
func NewWebAuthnSessionStore() *WebAuthnSessionStore
NewWebAuthnSessionStore returns a new session store.
func (*WebAuthnSessionStore) BeginWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
func (*WebAuthnSessionStore) FinishWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, config WebAuthnConfiguration) (*webauthn.Credential, error)
func (*WebAuthnSessionStore) GetWebauthnSession ¶
func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)
GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie, which is removed.
func (*WebAuthnSessionStore) SaveWebauthnSession ¶
func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
SaveWebauthnSession marshals and saves the webauthn data to the provided key given the request and responsewriter
type WebAuthnUser ¶
type WebAuthnUser struct { Email string WACredentials []webauthn.Credential }
WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct
func (WebAuthnUser) CredentialExcludeList ¶
func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys
func (*WebAuthnUser) LoadWebAuthnCredentials ¶
func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
func (WebAuthnUser) WebAuthnCredentials ¶
func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
WebAuthnCredentials returns credentials owned by the user
func (WebAuthnUser) WebAuthnDisplayName ¶
func (u WebAuthnUser) WebAuthnDisplayName() string
WebAuthnDisplayName returns the user's display name. In this case we just return the email
func (WebAuthnUser) WebAuthnID ¶
func (u WebAuthnUser) WebAuthnID() []byte
WebAuthnID returns the user's ID
func (WebAuthnUser) WebAuthnIcon ¶
func (u WebAuthnUser) WebAuthnIcon() string
WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.
func (WebAuthnUser) WebAuthnName ¶
func (u WebAuthnUser) WebAuthnName() string
WebAuthnName returns the user's email