Documentation ¶
Index ¶
- Constants
- Variables
- type CompleteSelfServiceLoginFlowWithPasswordMethod
- type CompleteSelfServiceSettingsFlowWithPasswordMethod
- type CredentialsConfig
- type DefaultPasswordValidator
- type FlowMethod
- type RegistrationFormPayload
- type Strategy
- func (s *Strategy) CountActiveCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Flow) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Flow) error
- func (s *Strategy) PopulateSettingsMethod(r *http.Request, _ *identity.Identity, f *settings.Flow) error
- func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(public *x.RouterPublic)
- func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
- func (s *Strategy) SettingsStrategyID() string
- type ValidationProvider
- type Validator
Constants ¶
const (
RouteLogin = "/self-service/login/methods/password"
)
const (
RouteRegistration = "/self-service/registration/methods/password"
)
const (
RouteSettings = "/self-service/settings/methods/password"
)
Variables ¶
var ErrNetworkFailure = errors.New("unable to check if password has been leaked because an unexpected network error occurred")
var ErrUnexpectedStatusCode = errors.New("unexpected status code")
Functions ¶
This section is empty.
Types ¶
type CompleteSelfServiceLoginFlowWithPasswordMethod ¶
type CompleteSelfServiceLoginFlowWithPasswordMethod struct { // The user's password. Password string `form:"password" json:"password,omitempty"` // Identifier is the email or username of the user trying to log in. Identifier string `form:"identifier" json:"identifier,omitempty"` // Sending the anti-csrf token is only required for browser login flows. CSRFToken string `form:"csrf_token" json:"csrf_token"` }
CompleteSelfServiceLoginFlowWithPasswordMethod is used to decode the login form payload.
type CompleteSelfServiceSettingsFlowWithPasswordMethod ¶
type CompleteSelfServiceSettingsFlowWithPasswordMethod struct { // Password is the updated password // // type: string // required: true Password string `json:"password"` // CSRFToken is the anti-CSRF token // // type: string CSRFToken string `json:"csrf_token"` // Flow is flow ID. // // swagger:ignore Flow string `json:"flow"` }
func (*CompleteSelfServiceSettingsFlowWithPasswordMethod) GetFlowID ¶
func (p *CompleteSelfServiceSettingsFlowWithPasswordMethod) GetFlowID() uuid.UUID
func (*CompleteSelfServiceSettingsFlowWithPasswordMethod) SetFlowID ¶
func (p *CompleteSelfServiceSettingsFlowWithPasswordMethod) SetFlowID(rid uuid.UUID)
type CredentialsConfig ¶
type CredentialsConfig struct { // HashedPassword is a hash-representation of the password. HashedPassword string `json:"hashed_password"` }
CredentialsConfig is the struct that is being used as part of the identity credentials.
type DefaultPasswordValidator ¶
DefaultPasswordValidator implements Validator. It is based on best practices as defined in the following blog posts:
- https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/ - https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf
Additionally passwords are being checked against Troy Hunt's [haveibeenpwnd](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) service to check if the password has been breached in a previous data leak using k-anonymity.
func NewDefaultPasswordValidatorStrategy ¶
func NewDefaultPasswordValidatorStrategy() *DefaultPasswordValidator
func NewDefaultPasswordValidatorStrategyStrict ¶
func NewDefaultPasswordValidatorStrategyStrict() *DefaultPasswordValidator
func (*DefaultPasswordValidator) Validate ¶
func (s *DefaultPasswordValidator) Validate(identifier, password string) error
type FlowMethod ¶
FlowMethod contains the configuration for this selfservice strategy.
type RegistrationFormPayload ¶
type RegistrationFormPayload struct { Password string `json:"password"` Traits json.RawMessage `json:"traits"` CSRFToken string `json:"csrf_token"` }
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
func NewStrategy ¶
func NewStrategy( d registrationStrategyDependencies, c configuration.Provider, ) *Strategy
func (*Strategy) CountActiveCredentials ¶
func (s *Strategy) CountActiveCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)
func (*Strategy) ID ¶
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) PopulateLoginMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶
func (*Strategy) PopulateSettingsMethod ¶
func (*Strategy) RegisterLoginRoutes ¶
func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶
func (s *Strategy) RegisterRegistrationRoutes(public *x.RouterPublic)
func (*Strategy) RegisterSettingsRoutes ¶
func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)
func (*Strategy) SettingsStrategyID ¶
type ValidationProvider ¶
type ValidationProvider interface {
PasswordValidator() Validator
}
type Validator ¶
type Validator interface { // Validate returns nil if the password is passing the validation strategy and an error otherwise. If a validation error // occurs, a regular error will be returned. If some other type of error occurs (e.g. HTTP request failed), an error // of type *herodot.DefaultError will be returned. Validate(identifier, password string) error }
Validator implements a validation strategy for passwords. One example is that the password has to have at least 6 characters and at least one lower and one uppercase password.