auth

package
v0.0.0-...-bc01b9c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2024 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const GorillaCSRFToken = "_gorilla_csrf"

GorillaCSRFToken is the name of the base CSRF token RA Summary: gosec - G101 - Password Management: Hardcoded Password RA: This line was flagged because it detected use of the word "token" RA: This line is used to identify the name of the token. GorillaCSRFToken is the name of the base CSRF token. RA: This variable does not store an application token. RA Developer Status: Mitigated RA Validator Status: Mitigated RA Validator: jneuner@mitre.org RA Modified Severity: CAT III #nosec G101

View Source 
const MaskedGorillaCSRFToken = "masked_gorilla_csrf"

MaskedGorillaCSRFToken is the masked CSRF token used to send back in the 'X-CSRF-Token' request header

View Source 
const SessionExpiryInMinutes = 15

SessionExpiryInMinutes is the number of minutes before a fallow session is harvested

Variables

This section is empty.

Functions

func DeleteCSRFCookies 

func DeleteCSRFCookies(w http.ResponseWriter)

DeleteCSRFCookies deletes the base and masked CSRF cookies

func DeleteCookie 

func DeleteCookie(w http.ResponseWriter, name string)

DeleteCookie sends a delete request for the named cookie

func GetExpiryTimeFromMinutes 

func GetExpiryTimeFromMinutes(min int64) time.Time

GetExpiryTimeFromMinutes returns 'min' minutes from now

func MaskedCSRFMiddleware 

func MaskedCSRFMiddleware(useSecureCookie bool) func(next http.Handler) http.Handler

MaskedCSRFMiddleware handles setting the CSRF Token cookie

func SessionCookieMiddleware 

func SessionCookieMiddleware(globalLogger *zap.Logger, appnames ApplicationServername, sessionManagers AppSessionManagers) func(next http.Handler) http.Handler

SessionCookieMiddleware handle serializing and de-serializing the session between the user_session cookie and the request context

func SessionIDFromContext 

func SessionIDFromContext(ctx context.Context) string

func SessionIDMiddleware 

func SessionIDMiddleware(appnames ApplicationServername, sessionManagers AppSessionManagers) func(next http.Handler) http.Handler

func SetSessionInContext 

func SetSessionInContext(ctx context.Context, session *Session) context.Context

SetSessionInContext modifies the context to add the session data.

func SetSessionInRequestContext 

func SetSessionInRequestContext(r *http.Request, session *Session) context.Context

SetSessionInRequestContext modifies the request's Context() to add the session data

func WriteMaskedCSRFCookie 

func WriteMaskedCSRFCookie(w http.ResponseWriter, csrfToken string, useSecureCookie bool)

WriteMaskedCSRFCookie update the masked_gorilla_csrf cookie value

Types

type AppSessionManagers 

type AppSessionManagers struct {
	Mil    SessionManager
	Office SessionManager
	Admin  SessionManager
}

func SetupSessionManagers 

func SetupSessionManagers(redisPool *redis.Pool, useSecureCookie bool, idleTimeout time.Duration, lifetime time.Duration) AppSessionManagers

SetupSessionManagers configures the session manager for each app: mil, admin, and office. It's necessary to have separate session managers to allow users to be signed in on multiple apps at the same time.

func (AppSessionManagers) SessionManagerForApplication 

func (a AppSessionManagers) SessionManagerForApplication(app Application) SessionManager

sessionManagerForSession returns the appropriate session manager for the session

type Application 

type Application string

Application describes the application name 

const (
	// OfficeApp indicates office.move.mil
	OfficeApp Application = "office"
	// MilApp indicates my.move.mil (DNS still points to my.move.mil and not mil.move.mil)
	MilApp Application = "mil"
	// AdminApp indicates admin.move.mil
	AdminApp Application = "admin"
)

func ApplicationName 

func ApplicationName(hostname string, appnames ApplicationServername) (Application, error)

ApplicationName returns the application name given the hostname

func (Application) IsAdminApp 

func (a Application) IsAdminApp() bool

IsAdminApp returns true if the application is the admin app

func (Application) IsMilApp 

func (a Application) IsMilApp() bool

IsMilApp returns true if the application is the mil app

func (Application) IsOfficeApp 

func (a Application) IsOfficeApp() bool

IsOfficeApp returns true if the application is the office app

type ApplicationServername 

type ApplicationServername struct {
	MilServername    string
	OfficeServername string
	AdminServername  string
	OrdersServername string
	PrimeServername  string
	PPTASServerName  string
}

ApplicationServername is a collection of all the servernames for the application

type OktaSessionInfo 

type OktaSessionInfo struct {
	Login                 string
	Email                 string
	FirstName             string
	LastName              string
	Edipi                 string
	Sub                   string
	SignedInWithSmartCard bool
}

type ScsSessionManagerWrapper 

type ScsSessionManagerWrapper struct {
	ScsSessionManager *scs.SessionManager
}

func (ScsSessionManagerWrapper) Commit 

func (s ScsSessionManagerWrapper) Commit(ctx context.Context) (string, time.Time, error)

func (ScsSessionManagerWrapper) Destroy 

func (s ScsSessionManagerWrapper) Destroy(ctx context.Context) error

func (ScsSessionManagerWrapper) Get 

func (s ScsSessionManagerWrapper) Get(ctx context.Context, key string) interface{}

func (ScsSessionManagerWrapper) Load 

func (s ScsSessionManagerWrapper) Load(ctx context.Context, token string) (context.Context, error)

func (ScsSessionManagerWrapper) LoadAndSave 

func (s ScsSessionManagerWrapper) LoadAndSave(next http.Handler) http.Handler

func (ScsSessionManagerWrapper) Put 

func (s ScsSessionManagerWrapper) Put(ctx context.Context, key string, val interface{})

func (ScsSessionManagerWrapper) RenewToken 

func (s ScsSessionManagerWrapper) RenewToken(ctx context.Context) error

func (ScsSessionManagerWrapper) SessionCookie 

func (s ScsSessionManagerWrapper) SessionCookie() scs.SessionCookie

func (ScsSessionManagerWrapper) Store 

func (s ScsSessionManagerWrapper) Store() scs.Store

type Session 

type Session struct {
	ApplicationName Application
	Hostname        string
	IDToken         string
	UserID          uuid.UUID
	Email           string
	FirstName       string
	Middle          string
	LastName        string
	ServiceMemberID uuid.UUID
	OfficeUserID    uuid.UUID
	AdminUserID     uuid.UUID
	AdminUserRole   string
	Roles           roles.Roles
	Permissions     []string
	AccessToken     string
	ClientID        string
	OktaSessionInfo OktaSessionInfo
}

Session stores information about the currently logged in session

func SessionFromContext 

func SessionFromContext(ctx context.Context) *Session

SessionFromContext gets the reference to the Session stored in the request.Context()

func SessionFromRequestContext 

func SessionFromRequestContext(r *http.Request) *Session

SessionFromRequestContext gets the reference to the Session stored in the request.Context()

func (*Session) IsAdminApp 

func (s *Session) IsAdminApp() bool

IsAdminApp returns true iff the request is for the admin.move.mil host

func (*Session) IsAdminUser 

func (s *Session) IsAdminUser() bool

IsAdminUser checks whether the authenticated user is an AdminUser

func (*Session) IsMilApp 

func (s *Session) IsMilApp() bool

IsMilApp returns true iff the request is for the my.move.mil host

func (*Session) IsOfficeApp 

func (s *Session) IsOfficeApp() bool

IsOfficeApp returns true iff the request is for the office.move.mil host

func (*Session) IsOfficeUser 

func (s *Session) IsOfficeUser() bool

IsOfficeUser checks whether the authenticated user is an OfficeUser

func (*Session) IsProgramAdmin 

func (s *Session) IsProgramAdmin() bool

IsProgramAdmin checks whether the authenticated admin user is a program admin

func (*Session) IsServiceMember 

func (s *Session) IsServiceMember() bool

IsServiceMember checks whether the authenticated user is a ServiceMember

func (*Session) IsSystemAdmin 

func (s *Session) IsSystemAdmin() bool

IsSystemAdmin checks whether the authenticated admin user is a system admin

type SessionManager 

type SessionManager interface {
	Get(context.Context, string) interface{}
	Put(context.Context, string, interface{})
	Destroy(context.Context) error
	RenewToken(context.Context) error
	Commit(context.Context) (string, time.Time, error)
	Load(context.Context, string) (context.Context, error)
	LoadAndSave(http.Handler) http.Handler
	Store() scs.Store
	SessionCookie() scs.SessionCookie
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.