authschemes

package

v0.0.0-...-87f5de6 Latest Latest Go to latest Published: Jul 7, 2020 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/theparanoids/ashirt

Documentation ¶

Index ¶

type AShirtAuthBridge
- func MakeAuthBridge(db *database.Connection, sessionStore *session.Store, authSchemeName string) AShirtAuthBridge
type AuthScheme
type UserAuthData
type UserProfile
- func (up UserProfile) ToCreateUserInput() services.CreateUserInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AShirtAuthBridge ¶

type AShirtAuthBridge struct {
	// contains filtered or unexported fields
}

AShirtAuthBridge provides a set of functionality that bridges the identity resolution (the AuthScheme) and persistent user/session management

func MakeAuthBridge ¶

func MakeAuthBridge(db *database.Connection, sessionStore *session.Store, authSchemeName string) AShirtAuthBridge

MakeAuthBridge constructs returns a set of functions to interact with the underlying AShirt authentication scheme

func (AShirtAuthBridge) CreateNewAuthForUser ¶

func (ah AShirtAuthBridge) CreateNewAuthForUser(data UserAuthData) error

CreateNewAuthForUser adds a new entry to the auth_scheme_data table for the given UserAuthData.

Returns nil if no error was occurred, BadInputErr if the user account already exists, or DatabaseErr if any other issue occurs

func (AShirtAuthBridge) CreateNewUser ¶

func (ah AShirtAuthBridge) CreateNewUser(profile UserProfile) (services.CreateUserOutput, error)

CreateNewUser allows new users to be registered into the system, if they do not already exist. Note that slug must be unique

func (AShirtAuthBridge) DeleteSession ¶

func (ah AShirtAuthBridge) DeleteSession(w http.ResponseWriter, r *http.Request) error

DeleteSession removes a user's session. Useful in situtations where authentication fails, and we want to treat the user as not-logged-in

func (AShirtAuthBridge) FindUserAuth ¶

func (ah AShirtAuthBridge) FindUserAuth(userKey string) (UserAuthData, error)

FindUserAuth retrieves the row (codified by UserAuthData) corresponding to the provided userKey(e.g. username, email, etc) and the auth scheme name provided from the caller.

Returns a fully populated UserAuthData object, or an error if no such row exists

func (AShirtAuthBridge) FindUserAuthsByUserSlug ¶

func (ah AShirtAuthBridge) FindUserAuthsByUserSlug(slug string) ([]UserAuthData, error)

FindUserAuthByUserSlug retrieves the row (codified by UserAuthData) corresponding to the provided user slug and the auth scheme name provided from the caller.

Returns a fully populated UserAuthData object, or nil if no such row exists

func (AShirtAuthBridge) GetDatabase ¶

func (ah AShirtAuthBridge) GetDatabase() *database.Connection

GetDatabase provides raw access to the database. In general, this should not be used by authschemes, but is provided in situations where unique-access to the database is required.

func (AShirtAuthBridge) GetUserIDFromSlug ¶

func (ah AShirtAuthBridge) GetUserIDFromSlug(userSlug string) (int64, error)

GetUserIDFromSlug retrieves a userid from the provided user slug.

func (AShirtAuthBridge) LoginUser ¶

func (ah AShirtAuthBridge) LoginUser(w http.ResponseWriter, r *http.Request, userID int64, authSchemeSessionData interface{}) error

LoginUser denotes that a user shall be logged in. In addition to the required userID, a user can also provide custom authscheme specific session data

func (AShirtAuthBridge) OneTimeVerification ¶

func (ah AShirtAuthBridge) OneTimeVerification(ctx context.Context, userKey string, expirationInMinutes int64) (int64, error)

OneTimeVerification looks for a matching record in the auth_scheme_data table with the following conditions: user_key matches && created_at less than <expirationInMinutes> minutes If this record exists, then the record is deleted. If there is no error _either_ for the lookup OR the deletion, then (userID for the user, nil) is returned. At this point, the user has been validated and ApproveUser can be called.

If an error occurs, _either_ the record does not exist, or some database issue prevented deletion, and in either event, the user cannot be approved. In this case (0, <error>) will be returned

func (AShirtAuthBridge) ReadAuthSchemeSession ¶

func (ah AShirtAuthBridge) ReadAuthSchemeSession(r *http.Request) interface{}

ReadAuthSchemeSession retrieves previously saved session data set by SetAuthSchemeSession

func (AShirtAuthBridge) SetAuthSchemeSession ¶

func (ah AShirtAuthBridge) SetAuthSchemeSession(w http.ResponseWriter, r *http.Request, data interface{}) error

SetAuthSchemeSession sets authscheme specific session data to the current user session. Session data should be a struct and registered with `gob.Register` in an init function of the authscheme

func (AShirtAuthBridge) UpdateAuthForUser ¶

func (ah AShirtAuthBridge) UpdateAuthForUser(userKey string, encryptedPassword []byte, forceReset bool) error

UpdateAuthForUser updates a user's authentication password, and can flag whether the user needs to change their password on the next login.

type AuthScheme ¶

type AuthScheme interface {
	BindRoutes(*mux.Router, AShirtAuthBridge)
	Name() string
	FriendlyName() string
}

AuthScheme provides a small interface into interacting with the AShirt backend authentication. The interface consists of two methods:

Name() string: This method shall return a string that identifies the authentication scheme being used. It shall be distinct from any other authentication system being used within this project.

FriendlyName() string: This method shall return a friendly version of the authentication that endusers will understand. It should, but is not strictly required, that the value be different from any other scheme. Likewise, it should be a "friendlier" version of Name(), though it need not be.

BindRoutes(router, authBridge): BindRoutes exposes a _namespaced_ router that the authentication system can use to register custom endpoints. Each router is prefixed with /auth/{name} (as determined by the Name() method)

type UserAuthData ¶

type UserAuthData struct {
	UserID             int64  `db:"user_id"`
	UserKey            string `db:"user_key"`
	EncryptedPassword  []byte `db:"encrypted_password"`
	NeedsPasswordReset bool   `db:"must_reset_password"`
}

type UserProfile ¶

type UserProfile struct {
	FirstName string
	LastName  string
	Slug      string
	Email     string
}

UserProfile containes the necessary information to create a new user

func (UserProfile) ToCreateUserInput ¶

func (up UserProfile) ToCreateUserInput() services.CreateUserInput

ToCreateUserInput converts the given UserProfile into a more useful services.CreateUserInput

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
localauth
constants
oktaauth
recoveryauth
constants

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL