GO-2024-2637: Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel

GO-2024-2664: ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel

GO-2024-2665: ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass in github.com/zitadel/zitadel

GO-2024-2788: ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

GO-2024-2804: Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel

authz

package

v1.87.5 Latest Latest Go to latest Published: Dec 20, 2022 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zitadel/zitadel

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CheckOrgFeatures(ctx context.Context, t *TokenVerifier, orgID string, ...) error
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, ...) (ctxSetter func(context.Context) context.Context, err error)
func ExistsPerm(existingPermissions []string, perm string) bool
func GetAllPermissionCtxIDs(perms []string) []string
func GetAllPermissionsFromCtx(ctx context.Context) []string
func GetExplicitPermissionCtxIDs(perms []string, searchPerm string) []string
func GetRequestPermissionsFromCtx(ctx context.Context) []string
func HasGlobalExplicitPermission(perms []string, permToCheck string) bool
func HasGlobalPermission(perms []string) bool
func NewMockContext(orgID, userID string) context.Context
func NewMockContextWithPermissions(orgID, userID string, permissions []string) context.Context
func SetCtxData(ctx context.Context, ctxData CtxData) context.Context
func SplitPermission(perm string) (string, string)
type Config
type CtxData
- func GetCtxData(ctx context.Context) CtxData
- func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ CtxData, err error)
- func (ctxData CtxData) IsZero() bool
type Grant
type Grants
type MemberType
type Membership
type Memberships
type MethodMapping
type Option
type RoleMapping
type TokenVerifier
- func Start(authZRepo authZRepo) (v *TokenVerifier)
- func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool)
- func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) (err error)
- func (v *TokenVerifier) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (_ string, _ []string, err error)
- func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings MethodMapping)
- func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error)
- func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error)

Constants ¶

View Source

const (
	BearerPrefix = "Bearer "
)

Variables ¶

This section is empty.

Functions ¶

func CheckOrgFeatures ¶

func CheckOrgFeatures(ctx context.Context, t *TokenVerifier, orgID string, requiredFeatures ...string) error

func CheckUserAuthorization ¶

func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier *TokenVerifier, authConfig Config, requiredAuthOption Option, method string) (ctxSetter func(context.Context) context.Context, err error)

func ExistsPerm ¶

func ExistsPerm(existingPermissions []string, perm string) bool

func GetAllPermissionCtxIDs ¶

func GetAllPermissionCtxIDs(perms []string) []string

func GetAllPermissionsFromCtx ¶

func GetAllPermissionsFromCtx(ctx context.Context) []string

func GetExplicitPermissionCtxIDs ¶

func GetExplicitPermissionCtxIDs(perms []string, searchPerm string) []string

func GetRequestPermissionsFromCtx ¶

func GetRequestPermissionsFromCtx(ctx context.Context) []string

func HasGlobalExplicitPermission ¶

func HasGlobalExplicitPermission(perms []string, permToCheck string) bool

func HasGlobalPermission ¶

func HasGlobalPermission(perms []string) bool

func NewMockContext ¶

func NewMockContext(orgID, userID string) context.Context

func NewMockContextWithPermissions ¶

func NewMockContextWithPermissions(orgID, userID string, permissions []string) context.Context

func SetCtxData ¶

func SetCtxData(ctx context.Context, ctxData CtxData) context.Context

func SplitPermission ¶

func SplitPermission(perm string) (string, string)

Types ¶

type Config ¶

type Config struct {
	RolePermissionMappings []RoleMapping
}

type CtxData ¶

type CtxData struct {
	UserID            string
	OrgID             string
	ProjectID         string
	AgentID           string
	PreferredLanguage string
	ResourceOwner     string
}

func GetCtxData ¶

func GetCtxData(ctx context.Context) CtxData

func VerifyTokenAndCreateCtxData ¶

func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *TokenVerifier, method string) (_ CtxData, err error)

func (CtxData) IsZero ¶

func (ctxData CtxData) IsZero() bool

type Grant ¶

type Grant struct {
	OrgID string
	Roles []string
}

type Grants ¶

type Grants []*Grant

type MemberType ¶

type MemberType int32

const (
	MemberTypeUnspecified MemberType = iota
	MemberTypeOrganisation
	MemberTypeProject
	MemberTypeProjectGrant
	MemberTypeIam
)

type Membership ¶

type Membership struct {
	MemberType  MemberType
	AggregateID string
	//ObjectID differs from aggregate id if obejct is sub of an aggregate
	ObjectID string

	Roles []string
}

type Memberships ¶

type Memberships []*Membership

type MethodMapping ¶

type MethodMapping map[string]Option

type Option ¶

type Option struct {
	Permission string
	CheckParam string
	Feature    string
}

type RoleMapping ¶

type RoleMapping struct {
	Role        string
	Permissions []string
}

type TokenVerifier ¶

type TokenVerifier struct {
	// contains filtered or unexported fields
}

func Start ¶

func Start(authZRepo authZRepo) (v *TokenVerifier)

func (*TokenVerifier) CheckAuthMethod ¶

func (v *TokenVerifier) CheckAuthMethod(method string) (Option, bool)

func (*TokenVerifier) ExistsOrg ¶

func (v *TokenVerifier) ExistsOrg(ctx context.Context, orgID string) (err error)

func (*TokenVerifier) ProjectIDAndOriginsByClientID ¶

func (v *TokenVerifier) ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (_ string, _ []string, err error)

func (*TokenVerifier) RegisterServer ¶

func (v *TokenVerifier) RegisterServer(appName, methodPrefix string, mappings MethodMapping)

func (*TokenVerifier) SearchMyMemberships ¶

func (v *TokenVerifier) SearchMyMemberships(ctx context.Context) (_ []*Membership, err error)

func (*TokenVerifier) VerifyAccessToken ¶

func (v *TokenVerifier) VerifyAccessToken(ctx context.Context, token string, method string) (userID, clientID, agentID, prefLang, resourceOwner string, err error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL