Documentation ¶
Index ¶
- Constants
- func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)
- func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
- func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
- func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
- type ChangeAuthTokenRequest
- type ORM
- type Session
- type SessionReaperConfig
- type SessionRequest
- type User
- type WebAuthn
- type WebAuthnConfiguration
- type WebAuthnSessionStore
- func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
- func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, ...) (*webauthn.Credential, error)
- func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (webauthn.SessionData, error)
- func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
- type WebAuthnUser
- func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
- func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
- func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
- func (u WebAuthnUser) WebAuthnDisplayName() string
- func (u WebAuthnUser) WebAuthnID() []byte
- func (u WebAuthnUser) WebAuthnIcon() string
- func (u WebAuthnUser) WebAuthnName() string
Constants ¶
const (
MaxBcryptPasswordLength = 50
)
https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length
Variables ¶
This section is empty.
Functions ¶
func AuthenticateUserByToken ¶
AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.
func BeginWebAuthnLogin ¶
func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
func FinishWebAuthnLogin ¶
func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
func NewSessionReaper ¶
func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
NewSessionReaper creates a reaper that cleans stale sessions from the store.
Types ¶
type ChangeAuthTokenRequest ¶
type ChangeAuthTokenRequest struct {
Password string `json:"password"`
}
Changeauth.TokenRequest is sent when updating a User's authentication token.
type ORM ¶
type ORM interface { FindUser() (User, error) AuthorizedUserWithSession(sessionID string) (User, error) DeleteUser() error DeleteUserSession(sessionID string) error CreateSession(sr SessionRequest) (string, error) ClearNonCurrentSessions(sessionID string) error CreateUser(user *User) error SetAuthToken(user *User, token *auth.Token) error CreateAndSetAuthToken(user *User) (*auth.Token, error) DeleteAuthToken(user *User) error SetPassword(user *User, newPassword string) error Sessions(offset, limit int) ([]Session, error) GetUserWebAuthn(email string) ([]WebAuthn, error) SaveWebAuthn(token *WebAuthn) error FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error) }
type Session ¶
type Session struct { ID string `json:"id"` LastUsed time.Time `json:"lastUsed"` CreatedAt time.Time `json:"createdAt"` }
Session holds the unique id for the authenticated session.
func NewSession ¶
func NewSession() Session
NewSession returns a session instance with ID set to a random ID and LastUsed to now.
type SessionReaperConfig ¶
type SessionRequest ¶
type SessionRequest struct { Email string `json:"email"` Password string `json:"password"` WebAuthnData string `json:"webauthndata"` WebAuthnConfig WebAuthnConfiguration SessionStore *WebAuthnSessionStore RequestContext *gin.Context }
SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.
type User ¶
type User struct { Email string HashedPassword string CreatedAt time.Time TokenKey null.String TokenSalt null.String TokenHashedSecret null.String UpdatedAt time.Time }
User holds the credentials for API user.
func (*User) GenerateAuthToken ¶
GenerateAuthToken randomly generates and sets the users Authentication Token.
type WebAuthnConfiguration ¶
type WebAuthnSessionStore ¶
type WebAuthnSessionStore struct {
// contains filtered or unexported fields
}
WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.
func NewWebAuthnSessionStore ¶
func NewWebAuthnSessionStore() *WebAuthnSessionStore
NewWebAuthnSessionStore returns a new session store.
func (*WebAuthnSessionStore) BeginWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
func (*WebAuthnSessionStore) FinishWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, config WebAuthnConfiguration) (*webauthn.Credential, error)
func (*WebAuthnSessionStore) GetWebauthnSession ¶
func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (webauthn.SessionData, error)
GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie.
func (*WebAuthnSessionStore) SaveWebauthnSession ¶
func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
SaveWebauthnSession marshals and saves the webauthn data to the provided key given the request and responsewriter
type WebAuthnUser ¶
type WebAuthnUser struct { Email string WACredentials []webauthn.Credential }
This struct implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct
func (WebAuthnUser) CredentialExcludeList ¶
func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys
func (*WebAuthnUser) LoadWebAuthnCredentials ¶
func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
func (WebAuthnUser) WebAuthnCredentials ¶
func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
WebAuthnCredentials returns credentials owned by the user
func (WebAuthnUser) WebAuthnDisplayName ¶
func (u WebAuthnUser) WebAuthnDisplayName() string
WebAuthnDisplayName returns the user's display name. In this case we just return the email
func (WebAuthnUser) WebAuthnID ¶
func (u WebAuthnUser) WebAuthnID() []byte
WebAuthnID returns the user's ID
func (WebAuthnUser) WebAuthnIcon ¶
func (u WebAuthnUser) WebAuthnIcon() string
WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.
func (WebAuthnUser) WebAuthnName ¶
func (u WebAuthnUser) WebAuthnName() string
WebAuthnName returns the user's email