authentication

package
v0.0.0-...-bc01b9c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2024 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MilMoveUserType is the type of user for a Service Member
	MilMoveUserType string = "milmove"
	// TOOOfficeUserType is the type of user for an Office user
	TOOOfficeUserType string = "TOO office"
	// TIOOfficeUserType is the type of user for an Office user
	TIOOfficeUserType string = "TIO office"
	// ServicesCounselorOfficeUserType is the type of user for an Office User
	ServicesCounselorOfficeUserType string = "Services Counselor office"
	// PrimeSimulatorOfficeUserType is the type of user for an Office user
	PrimeSimulatorOfficeUserType string = "Prime Simulator office"
	// QaeOfficeUserType is a type of user for an Office user
	QaeOfficeUserType string = "QAE office"
	// CustomerServiceRepresentativeOfficeUserType is the Customer Service Representative type of user for an Office user
	CustomerServiceRepresentativeOfficeUserType string = "CSR office"
	// MultiRoleOfficeUserType has all the Office user roles
	MultiRoleOfficeUserType string = "Multi role office"
	// AdminUserType is the type of user for an admin user
	AdminUserType string = "admin"
	// HQOfficeUserType is a type of user for a HQ user
	HQOfficeUserType string = "HQ office"
	// GSROfficeUserType is a type of user for a GSR user
	GSROfficeUserType string = "GSR office"
)

Variables

View Source 
var AllRolesPermissions = []RolePermissions{TOO, TIO, ServicesCounselor, QAE, CustomerServiceRepresentative, HQ, GSR}
View Source 
var CustomerServiceRepresentative = RolePermissions{
	RoleType: roles.RoleTypeCustomerServiceRepresentative,
	Permissions: []string{
		"read.paymentRequest",
		"view.closeoutOffice",
		"read.shipmentsPaymentSITBalance",
	},
}
View Source 
var GSR = RolePermissions{
	RoleType: roles.RoleTypeGSR,
	Permissions: []string{
		"create.reportViolation",
		"create.evaluationReport",
		"read.paymentRequest",
		"update.evaluationReport",
		"delete.evaluationReport",
		"view.closeoutOffice",
		"read.shipmentsPaymentSITBalance",
	},
}
View Source 
var HQ = RolePermissions{
	RoleType: roles.RoleTypeHQ,
	Permissions: []string{
		"read.paymentRequest",
		"read.shipmentsPaymentSITBalance",
		"read.paymentServiceItemStatus",
		"view.closeoutOffice",
	},
}
View Source 
var QAE = RolePermissions{
	RoleType: roles.RoleTypeQae,
	Permissions: []string{
		"create.reportViolation",
		"create.evaluationReport",
		"read.paymentRequest",
		"update.evaluationReport",
		"delete.evaluationReport",
		"view.closeoutOffice",
		"read.shipmentsPaymentSITBalance",
	},
}
View Source 
var ServicesCounselor = RolePermissions{
	RoleType: roles.RoleTypeServicesCounselor,
	Permissions: []string{
		"create.shipmentDiversionRequest",
		"create.reweighRequest",
		"create.supportingDocuments",
		"update.financialReviewFlag",
		"update.shipment",
		"update.orders",
		"update.allowances",
		"update.billableWeight",
		"update.MTOServiceItem",
		"update.customer",
		"update.closeoutOffice",
		"view.closeoutOffice",
	},
}
View Source 
var TIO = RolePermissions{
	RoleType: roles.RoleTypeTIO,
	Permissions: []string{
		"create.serviceItem",
		"create.supportingDocuments",
		"read.paymentRequest",
		"read.shipmentsPaymentSITBalance",
		"update.financialReviewFlag",
		"update.orders",
		"update.billableWeight",
		"update.maxBillableWeight",
		"update.paymentRequest",
		"update.paymentServiceItemStatus",
		"update.MTOPage",
		"update.customer",
	},
}
View Source 
var TOO = RolePermissions{
	RoleType: roles.RoleTypeTOO,
	Permissions: []string{
		"create.serviceItem",
		"create.shipmentDiversionRequest",
		"create.reweighRequest",
		"create.shipmentCancellation",
		"create.SITExtension",
		"create.supportingDocuments",
		"read.paymentRequest",
		"read.shipmentsPaymentSITBalance",
		"read.paymentServiceItemStatus",
		"update.move",
		"update.shipment",
		"update.financialReviewFlag",
		"update.orders",
		"update.allowances",
		"update.billableWeight",
		"update.SITExtension",
		"update.MTOServiceItem",
		"update.excessWeightRisk",
		"update.customer",
		"view.closeoutOffice",
		"update.closeoutOffice",
		"update.MTOPage",
		"create.TXOShipment",
	},
}

Functions

func AddAuditUserIDToRequestContextMiddleware 

func AddAuditUserIDToRequestContextMiddleware(appCtx appcontext.AppContext) func(next http.Handler) http.Handler

func AdminAuthMiddleware 

func AdminAuthMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler

AdminAuthMiddleware is middleware for admin authentication

func ClientCertFromContext 

func ClientCertFromContext(ctx context.Context) *models.ClientCert

ClientCertFromContext gets the reference to the ClientCert stored in the request.Context()

func ClientCertFromRequestContext 

func ClientCertFromRequestContext(r *http.Request) *models.ClientCert

ClientCertFromRequestContext gets the reference to the ClientCert stored in the request.Context()

func ClientCertMiddleware 

func ClientCertMiddleware(appCtx appcontext.AppContext) func(next http.Handler) http.Handler

ClientCertMiddleware enforces that the incoming request includes a known client certificate, and stores the fetched permissions in the session

func CustomerAPIAuthMiddleware 

func CustomerAPIAuthMiddleware(_ appcontext.AppContext, api APIWithContext) func(next http.Handler) http.Handler

CustomerAPIAuthMiddleware checks to see if the request matches one of the routes that should be allowed through with less strict authentication requirements. If it is on the allow list, it will allow the request to continue. If it is not, it will check to see if the user is a service member. Ideally, we will get rid of the allow list eventually and the service member check can be rolled into the UserAuthMiddleware.

func DevlocalClientCertMiddleware 

func DevlocalClientCertMiddleware(appCtx appcontext.AppContext) func(next http.Handler) http.Handler

DevlocalClientCertMiddleware fakes the client cert as always devlocal. This will only be used if devlocal auth is enabled

func InitAuth 

func InitAuth(v *viper.Viper, logger *zap.Logger, _ auth.ApplicationServername) (*okta.Provider, error)

InitAuth initializes the Okta provider

func IsLoggedInMiddleware 

func IsLoggedInMiddleware(_ *zap.Logger) http.HandlerFunc

IsLoggedInMiddleware handles requests to is_logged_in endpoint by returning true if someone is logged in

func PPTASAuthorizationMiddleware 

func PPTASAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler

PPTASAuthorizationMiddleware is the PPTAS authorization middleware

func PermissionsMiddleware 

func PermissionsMiddleware(appCtx appcontext.AppContext, api APIWithContext) func(next http.Handler) http.Handler

func PrimeAuthorizationMiddleware 

func PrimeAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler

PrimeAuthorizationMiddleware is the prime authorization middleware

func PrimeSimulatorAuthorizationMiddleware 

func PrimeSimulatorAuthorizationMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler

PrimeSimulatorAuthorizationMiddleware ensures only users with the prime simulator role can access the simulator

func SetClientCertInRequestContext 

func SetClientCertInRequestContext(r *http.Request, clientCert *models.ClientCert) context.Context

SetClientCertInRequestContext returns a copy of the request's Context() with the client certificate data

func StateCookieName 

func StateCookieName(session *auth.Session) string

StateCookieName returns the okta.mil state cookie name

func UserAuthMiddleware 

func UserAuthMiddleware(_ *zap.Logger) func(next http.Handler) http.Handler

UserAuthMiddleware enforces that the incoming request is tied to a user session

Types

type APIWithContext 

type APIWithContext interface {
	Context() *middleware.Context
}

type AssignUserHandler 

type AssignUserHandler devlocalAuthHandler

AssignUserHandler logs a user in directly

func NewAssignUserHandler 

func NewAssignUserHandler(ac Context, hc handlers.HandlerConfig) AssignUserHandler

NewAssignUserHandler creates a new AssignUserHandler

func (AssignUserHandler) ServeHTTP 

func (h AssignUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

AssignUserHandler logs in a user locally using a user id or email

type AuthorizationResult 

type AuthorizationResult byte

used by authorizeKnownUser and authorizeUnknownUser

func AuthorizeKnownUser 

func AuthorizeKnownUser(ctx context.Context, appCtx appcontext.AppContext, userIdentity *models.UserIdentity, sessionManager auth.SessionManager) AuthorizationResult

func (AuthorizationResult) String 

func (ar AuthorizationResult) String() string

type CallbackHandler 

type CallbackHandler struct {
	Context
	handlers.HandlerConfig

	HTTPClient HTTPClient
	// contains filtered or unexported fields
}

CallbackHandler processes a callback from okta.mil

func NewCallbackHandler 

func NewCallbackHandler(ac Context, hc handlers.HandlerConfig, sender notifications.NotificationSender) CallbackHandler

NewCallbackHandler creates a new CallbackHandler

func (CallbackHandler) ServeHTTP 

func (h CallbackHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

AuthorizationCallbackHandler handles the callback from the Okta.mil authorization flow

type Context 

type Context struct {
	// contains filtered or unexported fields
}

Context is the common handler type for auth handlers

func NewAuthContext 

func NewAuthContext(_ *zap.Logger, oktaProvider okta.Provider, callbackProtocol string, callbackPort int) Context

NewAuthContext creates an Context

type CreateAndLoginUserHandler 

type CreateAndLoginUserHandler devlocalAuthHandler

CreateAndLoginUserHandler creates and then logs in a new user

func NewCreateAndLoginUserHandler 

func NewCreateAndLoginUserHandler(ac Context, hc handlers.HandlerConfig) CreateAndLoginUserHandler

NewCreateAndLoginUserHandler creates a new CreateAndLoginUserHandler

func (CreateAndLoginUserHandler) ServeHTTP 

func (h CreateAndLoginUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

CreateAndLoginUserHandler creates a user and logs them in

type CreateUserHandler 

type CreateUserHandler devlocalAuthHandler

CreateUserHandler creates a new user

func NewCreateUserHandler 

func NewCreateUserHandler(ac Context, hc handlers.HandlerConfig) CreateUserHandler

NewCreateUserHandler creates a new CreateUserHandler

func (CreateUserHandler) ServeHTTP 

func (h CreateUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

CreateUserHandler creates a user, primarily used in automated testing

type Exchange 

type Exchange struct {
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
	AccessToken      string `json:"access_token,omitempty"`
	TokenType        string `json:"token_type,omitempty"`
	ExpiresIn        int    `json:"expires_in,omitempty"`
	Scope            string `json:"scope,omitempty"`
	IDToken          string `json:"id_token,omitempty"`
}

type FeatureFlag 

type FeatureFlag struct {
	Name   string
	Active bool
}

FeatureFlag holds the name of a feature flag and if it is enabled

type HTTPClient 

type HTTPClient interface {
	Do(req *http.Request) (*http.Response, error)
}

type LogoutHandler 

type LogoutHandler struct {
	Context
	handlers.HandlerConfig
}

LogoutHandler handles logging the user out of okta.mil

func NewLogoutHandler 

func NewLogoutHandler(ac Context, hc handlers.HandlerConfig) LogoutHandler

NewLogoutHandler creates a new LogoutHandler

func (LogoutHandler) ServeHTTP 

func (h LogoutHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

logic for the /auth/logout endpoint

type LogoutOktaRedirectHandler 

type LogoutOktaRedirectHandler struct {
	Context
	handlers.HandlerConfig
}

LogoutOktaRedirectHandler handles logging the user out of okta.mil and then redirecting the user BACK to the sign in page this will be used for customers that are required to authenticate with CAC first

func NewLogoutOktaRedirectHandler 

func NewLogoutOktaRedirectHandler(ac Context, hc handlers.HandlerConfig) LogoutOktaRedirectHandler

NewLogoutOktaRedirectHandler creates a new NewLogoutOktaRedirectHandler

func (LogoutOktaRedirectHandler) ServeHTTP 

func (h LogoutOktaRedirectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

logic for the /auth/logoutOktaRedirect endpoint

type MockHTTPClient 

type MockHTTPClient struct {
	Response *http.Response
	Err      error
}

func (*MockHTTPClient) Do 

func (m *MockHTTPClient) Do(_ *http.Request) (*http.Response, error)

type RedirectHandler 

type RedirectHandler struct {
	Context
	handlers.HandlerConfig
	UseSecureCookie bool
}

RedirectHandler handles redirection

func NewRedirectHandler 

func NewRedirectHandler(ac Context, hc handlers.HandlerConfig, useSecureCookie bool) RedirectHandler

func (RedirectHandler) ServeHTTP 

func (h RedirectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

RedirectHandler constructs the okta.mil authentication URL and redirects to it This will be called when logging in

type RolePermissions 

type RolePermissions struct {
	RoleType    roles.RoleType
	Permissions []string
}

type UserListHandler 

type UserListHandler struct {
	Context
	handlers.HandlerConfig
}

UserListHandler handles redirection

func NewUserListHandler 

func NewUserListHandler(ac Context, hc handlers.HandlerConfig) UserListHandler

NewUserListHandler returns a new UserListHandler

func (UserListHandler) ServeHTTP 

func (h UserListHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

UserListHandler lists users in the local database for local login

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.