password

package
v0.0.0-...-81cd3a7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2020 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RouteLogin = "/self-service/login/methods/password"
)
View Source
const (
	RouteRegistration = "/self-service/registration/methods/password"
)
View Source
const (
	RouteSettings = "/self-service/settings/methods/password"
)

Variables

View Source
var ErrNetworkFailure = errors.New("unable to check if password has been leaked because an unexpected network error occurred")
View Source
var ErrUnexpectedStatusCode = errors.New("unexpected status code")

Functions

This section is empty.

Types

type CompleteSelfServiceLoginFlowWithPasswordMethod

type CompleteSelfServiceLoginFlowWithPasswordMethod struct {
	// The user's password.
	Password string `form:"password" json:"password,omitempty"`

	// Identifier is the email or username of the user trying to log in.
	Identifier string `form:"identifier" json:"identifier,omitempty"`

	// Sending the anti-csrf token is only required for browser login flows.
	CSRFToken string `form:"csrf_token" json:"csrf_token"`
}

CompleteSelfServiceLoginFlowWithPasswordMethod is used to decode the login form payload.

type CompleteSelfServiceSettingsFlowWithPasswordMethod

type CompleteSelfServiceSettingsFlowWithPasswordMethod struct {
	// Password is the updated password
	//
	// type: string
	// required: true
	Password string `json:"password"`

	// CSRFToken is the anti-CSRF token
	//
	// type: string
	CSRFToken string `json:"csrf_token"`

	// Flow is flow ID.
	//
	// swagger:ignore
	Flow string `json:"flow"`
}

func (*CompleteSelfServiceSettingsFlowWithPasswordMethod) GetFlowID

func (*CompleteSelfServiceSettingsFlowWithPasswordMethod) SetFlowID

type CredentialsConfig

type CredentialsConfig struct {
	// HashedPassword is a hash-representation of the password.
	HashedPassword string `json:"hashed_password"`
}

CredentialsConfig is the struct that is being used as part of the identity credentials.

type DefaultPasswordValidator

type DefaultPasswordValidator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

DefaultPasswordValidator implements Validator. It is based on best practices as defined in the following blog posts:

- https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/ - https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf

Additionally passwords are being checked against Troy Hunt's [haveibeenpwnd](https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange) service to check if the password has been breached in a previous data leak using k-anonymity.

func NewDefaultPasswordValidatorStrategy

func NewDefaultPasswordValidatorStrategy() *DefaultPasswordValidator

func NewDefaultPasswordValidatorStrategyStrict

func NewDefaultPasswordValidatorStrategyStrict() *DefaultPasswordValidator

func (*DefaultPasswordValidator) Validate

func (s *DefaultPasswordValidator) Validate(identifier, password string) error

type FlowMethod

type FlowMethod struct {
	*form.HTMLForm
}

FlowMethod contains the configuration for this selfservice strategy.

type RegistrationFormPayload

type RegistrationFormPayload struct {
	Password  string          `json:"password"`
	Traits    json.RawMessage `json:"traits"`
	CSRFToken string          `json:"csrf_token"`
}

type Strategy

type Strategy struct {
	// contains filtered or unexported fields
}

func NewStrategy

func NewStrategy(
	d registrationStrategyDependencies,
	c configuration.Provider,
) *Strategy

func (*Strategy) CountActiveCredentials

func (s *Strategy) CountActiveCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error)

func (*Strategy) ID

func (*Strategy) PopulateLoginMethod

func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Flow) error

func (*Strategy) PopulateRegistrationMethod

func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Flow) error

func (*Strategy) PopulateSettingsMethod

func (s *Strategy) PopulateSettingsMethod(r *http.Request, _ *identity.Identity, f *settings.Flow) error

func (*Strategy) RegisterLoginRoutes

func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)

func (*Strategy) RegisterRegistrationRoutes

func (s *Strategy) RegisterRegistrationRoutes(public *x.RouterPublic)

func (*Strategy) RegisterSettingsRoutes

func (s *Strategy) RegisterSettingsRoutes(router *x.RouterPublic)

func (*Strategy) SettingsStrategyID

func (s *Strategy) SettingsStrategyID() string

type ValidationProvider

type ValidationProvider interface {
	PasswordValidator() Validator
}

type Validator

type Validator interface {
	// Validate returns nil if the password is passing the validation strategy and an error otherwise. If a validation error
	// occurs, a regular error will be returned. If some other type of error occurs (e.g. HTTP request failed), an error
	// of type *herodot.DefaultError will be returned.
	Validate(identifier, password string) error
}

Validator implements a validation strategy for passwords. One example is that the password has to have at least 6 characters and at least one lower and one uppercase password.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL