GO-2024-3044: lorawan-stack Open Redirect vulnerability in go.thethings.network/lorawan-stack

identityserver

package

v3.12.3 Latest Latest Go to latest Published: May 6, 2021 License: Apache-2.0 Imports: 48 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/TheThingsNetwork/lorawan-stack

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateAPIKey(ctx context.Context, name string, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)
type Config
type IdentityServer
- func New(c *component.Component, config *Config) (is *IdentityServer, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAPIKey ¶ added in v3.10.6

func GenerateAPIKey(ctx context.Context, name string, rights ...ttnpb.Right) (key *ttnpb.APIKey, token string, err error)

GenerateAPIKey generates a new API key with the given name for the set of rights

Types ¶

type Config ¶

type Config struct {
	DatabaseURI      string `name:"database-uri" description:"Database connection URI"`
	UserRegistration struct {
		Enabled    bool `name:"enabled" description:"Enable user registration"`
		Invitation struct {
			Required bool          `name:"required" description:"Require invitations for new users"`
			TokenTTL time.Duration `name:"token-ttl" description:"TTL of user invitation tokens"`
		} `name:"invitation"`
		ContactInfoValidation struct {
			Required bool          `name:"required" description:"Require contact info validation for new users"`
			TokenTTL time.Duration `name:"token-ttl" description:"TTL of contact info validation tokens"`
		} `name:"contact-info-validation"`
		AdminApproval struct {
			Required bool `name:"required" description:"Require admin approval for new users"`
		} `name:"admin-approval"`
		PasswordRequirements struct {
			MinLength    int  `name:"min-length" description:"Minimum password length"`
			MaxLength    int  `name:"max-length" description:"Maximum password length"`
			MinUppercase int  `name:"min-uppercase" description:"Minimum number of uppercase letters"`
			MinDigits    int  `name:"min-digits" description:"Minimum number of digits"`
			MinSpecial   int  `name:"min-special" description:"Minimum number of special characters"`
			RejectUserID bool `name:"reject-user-id" description:"Reject passwords that contain user ID"`
			RejectCommon bool `name:"reject-common" description:"Reject common passwords"`
		} `name:"password-requirements"`
	} `name:"user-registration"`
	AuthCache struct {
		MembershipTTL time.Duration `name:"membership-ttl" description:"TTL of membership caches"`
	} `name:"auth-cache"`
	OAuth          oauth.Config `name:"oauth"`
	ProfilePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading profile pictures"`
		UseGravatar   bool   `name:"use-gravatar" description:"Use Gravatar fallback for users without profile picture"`
		Bucket        string `name:"bucket" description:"Bucket used for storing profile pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"profile-picture"`
	EndDevicePicture struct {
		DisableUpload bool   `name:"disable-upload" description:"Disable uploading end device pictures"`
		Bucket        string `name:"bucket" description:"Bucket used for storing end device pictures"`
		BucketURL     string `name:"bucket-url" description:"Base URL for public bucket access"`
	} `name:"end-device-picture"`
	UserRights struct {
		CreateApplications  bool `name:"create-applications" description:"Allow non-admin users to create applications in their user account"`
		CreateClients       bool `name:"create-clients" description:"Allow non-admin users to create OAuth clients in their user account"`
		CreateGateways      bool `name:"create-gateways" description:"Allow non-admin users to create gateways in their user account"`
		CreateOrganizations bool `name:"create-organizations" description:"Allow non-admin users to create organizations in their user account"`
	} `name:"user-rights"`
	AdminRights struct {
		All bool `name:"all" description:"Grant all rights to admins, including _KEYS and _ALL"`
	} `name:"admin-rights"`
	LoginTokens struct {
		Enabled  bool          `name:"enabled" description:"enable users requesting login tokens"`
		TokenTTL time.Duration `name:"token-ttl" description:"TTL of login tokens"`
	} `name:"login-tokens"`
	Email struct {
		email.Config `name:",squash"`
		SendGrid     sendgrid.Config      `name:"sendgrid"`
		SMTP         smtp.Config          `name:"smtp"`
		Templates    emailTemplatesConfig `name:"templates"`
	} `name:"email"`
	Gateways struct {
		EncryptionKeyID string `name:"encryption-key-id" description:"ID of the key used to encrypt gateway secrets at rest"`
	} `name:"gateways"`
	Delete struct {
		Restore time.Duration `name:"restore" description:"How long after soft-deletion an entity can be restored"`
	} `name:"delete"`
}

Config for the Identity Server

type IdentityServer ¶

type IdentityServer struct {
	*component.Component
	// contains filtered or unexported fields
}

IdentityServer implements the Identity Server component.

The Identity Server exposes the Registry and Access services for Applications, OAuth clients, Gateways, Organizations and Users.

func New ¶

func New(c *component.Component, config *Config) (is *IdentityServer, err error)

New returns new *IdentityServer.

func (*IdentityServer) ApplicationRights ¶

func (is *IdentityServer) ApplicationRights(ctx context.Context, appIDs ttnpb.ApplicationIdentifiers) (*ttnpb.Rights, error)

ApplicationRights returns the rights the caller has on the given application.

func (*IdentityServer) AuthInfo ¶ added in v3.12.0

func (is *IdentityServer) AuthInfo(ctx context.Context) (*ttnpb.AuthInfoResponse, error)

AuthInfo implements rights.AuthInfoFetcher.

func (*IdentityServer) ClientRights ¶

func (is *IdentityServer) ClientRights(ctx context.Context, cliIDs ttnpb.ClientIdentifiers) (*ttnpb.Rights, error)

ClientRights returns the rights the caller has on the given client.

func (*IdentityServer) Context ¶

func (is *IdentityServer) Context() context.Context

Context returns the context of the Identity Server.

func (*IdentityServer) GatewayRights ¶

func (is *IdentityServer) GatewayRights(ctx context.Context, gtwIDs ttnpb.GatewayIdentifiers) (*ttnpb.Rights, error)

GatewayRights returns the rights the caller has on the given gateway.

func (*IdentityServer) GetConfiguration ¶ added in v3.9.0

func (is *IdentityServer) GetConfiguration(ctx context.Context, _ *ttnpb.GetIsConfigurationRequest) (*ttnpb.GetIsConfigurationResponse, error)

GetConfiguration implements the RPC that returns the configuration of the Identity Server.

func (*IdentityServer) IsAdmin ¶

func (is *IdentityServer) IsAdmin(ctx context.Context) bool

IsAdmin returns whether the caller is an admin.

func (*IdentityServer) OrganizationRights ¶

func (is *IdentityServer) OrganizationRights(ctx context.Context, orgIDs ttnpb.OrganizationIdentifiers) (*ttnpb.Rights, error)

OrganizationRights returns the rights the caller has on the given organization.

func (*IdentityServer) RegisterHandlers ¶

func (is *IdentityServer) RegisterHandlers(s *runtime.ServeMux, conn *grpc.ClientConn)

RegisterHandlers registers gRPC handlers.

func (*IdentityServer) RegisterServices ¶

func (is *IdentityServer) RegisterServices(s *grpc.Server)

RegisterServices registers services provided by is at s.

func (*IdentityServer) RequireAdmin ¶

func (is *IdentityServer) RequireAdmin(ctx context.Context) error

RequireAdmin returns an error when the caller is not an admin.

func (*IdentityServer) RequireAuthenticated ¶

func (is *IdentityServer) RequireAuthenticated(ctx context.Context) error

RequireAuthenticated checks the request context for authentication presence and returns an error if there is none.

func (*IdentityServer) Roles ¶

func (is *IdentityServer) Roles() []ttnpb.ClusterRole

Roles returns the roles that the Identity Server fulfills.

func (*IdentityServer) SendAdminsEmail ¶ added in v3.9.0

func (is *IdentityServer) SendAdminsEmail(ctx context.Context, makeMessage func(emails.Data) email.MessageData) error

SendAdminsEmail sends an email to the admins of the network.

func (*IdentityServer) SendContactsEmail ¶

func (is *IdentityServer) SendContactsEmail(ctx context.Context, ids ttnpb.IDStringer, makeMessage func(emails.Data) email.MessageData) error

SendContactsEmail sends an email to the contacts of the given entity.

func (*IdentityServer) SendEmail ¶

func (is *IdentityServer) SendEmail(ctx context.Context, f func(emails.Data) email.MessageData) (err error)

SendEmail sends an email.

func (*IdentityServer) SendUserEmail ¶

func (is *IdentityServer) SendUserEmail(ctx context.Context, userIDs *ttnpb.UserIdentifiers, makeMessage func(emails.Data) email.MessageData) error

SendUserEmail sends an email to the given user.

func (*IdentityServer) SetRedisCache ¶

func (is *IdentityServer) SetRedisCache(redis *redis.Client)

SetRedisCache configures the given redis instance for caching.

func (*IdentityServer) UniversalRights ¶

func (is *IdentityServer) UniversalRights(ctx context.Context) *ttnpb.Rights

UniversalRights returns the universal rights (that apply to any entity or outside entity scope) contained in the request context. This is used to determine admin rights.

func (*IdentityServer) UserRights ¶

func (is *IdentityServer) UserRights(ctx context.Context, userIDs ttnpb.UserIdentifiers) (*ttnpb.Rights, error)

UserRights returns the rights the caller has on the given user.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
blacklist
emails
picture
store
migrations

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL