handlers

package
v3.7.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2017 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// WarningHeaderMiscCode is the code for "Miscellaneous warning", which may be displayed to human users
	WarningHeaderMiscCode = "199"
	// WarningHeaderOpenShiftSource is the name of the agent adding the warning header
	WarningHeaderOpenShiftSource = "Origin"
)

Variables

View Source
var Allow = &fixedAuthenticator{true}

Allow implements Password, Assertion, and Client authentication to allow all requests

View Source
var Deny = &fixedAuthenticator{false}

Deny implements Password, Assertion, and Client authentication to deny all requests

Functions

func NewGrantCheck

func NewGrantCheck(check GrantChecker, handler GrantHandler, errorHandler GrantErrorHandler) osinserver.AuthorizeHandler

NewGrantCheck returns a new GrantCheck

Types

type AccessAuthenticator

type AccessAuthenticator struct {
	// contains filtered or unexported fields
}

AccessAuthenticator implements osinserver.AccessHandler to ensure non-token requests are authenticated

func NewAccessAuthenticator

func NewAccessAuthenticator(password authenticator.Password, assertion authenticator.Assertion, client authenticator.Client) *AccessAuthenticator

NewAccessAuthenticator returns a new AccessAuthenticator

func NewDenyAccessAuthenticator

func NewDenyAccessAuthenticator() *AccessAuthenticator

NewDenyAccessAuthenticator returns an AccessAuthenticator which rejects all non-token access requests

func (*AccessAuthenticator) HandleAccess

HandleAccess implements osinserver.AccessHandler

type AuthenticationChallenger

type AuthenticationChallenger interface {
	// AuthenticationChallenge take a request and return whatever challenge headers are appropriate.  If none are appropriate, it should return an empty map, not nil.
	AuthenticationChallenge(req *http.Request) (header http.Header, err error)
}

AuthenticationChallenger reacts to unauthenticated requests with challenges

type AuthenticationErrorHandler

type AuthenticationErrorHandler interface {
	// AuthenticationError reacts to authentication errors, returns true if the response was written,
	// and returns any unhandled error (which should be the original error in most cases)
	AuthenticationError(error, http.ResponseWriter, *http.Request) (handled bool, err error)
}

AuthenticationErrorHandler reacts to authentication errors

type AuthenticationErrorHandlers

type AuthenticationErrorHandlers []AuthenticationErrorHandler

AuthenticationErrorHandlers combines multiple AuthenticationErrorHandler objects into a chain. Each handler is called in turn. If any handler writes the response, the chain is aborted. Otherwise, the next handler is called with the error returned from the previous handler.

func (AuthenticationErrorHandlers) AuthenticationError

func (all AuthenticationErrorHandlers) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

type AuthenticationHandler

type AuthenticationHandler interface {
	// AuthenticationNeeded reacts to unauthenticated requests, and returns true if the response was written,
	AuthenticationNeeded(client api.Client, w http.ResponseWriter, req *http.Request) (handled bool, err error)
}

AuthenticationHandler reacts to unauthenticated requests

func NewUnionAuthenticationHandler

func NewUnionAuthenticationHandler(passedChallengers map[string]AuthenticationChallenger, passedRedirectors *AuthenticationRedirectors, errorHandler AuthenticationErrorHandler, selectionHandler AuthenticationSelectionHandler, requestContextMapper request.RequestContextMapper) AuthenticationHandler

NewUnionAuthenticationHandler returns an oauth.AuthenticationHandler that muxes multiple challenge handlers and redirect handlers

type AuthenticationRedirector

type AuthenticationRedirector interface {
	// AuthenticationRedirect is expected to write a redirect to the ResponseWriter or to return an error.
	AuthenticationRedirect(w http.ResponseWriter, req *http.Request) (err error)
}

AuthenticationRedirector reacts to unauthenticated requests with redirects

type AuthenticationRedirectors

type AuthenticationRedirectors struct {
	// contains filtered or unexported fields
}

AuthenticationRedirectors is a collection that provides a list of acceptable authentication mechanisms

func (*AuthenticationRedirectors) Add

func (ar *AuthenticationRedirectors) Add(name string, redirector AuthenticationRedirector)

Add a name and a matching redirection routine to the list The entries added here will be retained in FIFO ordering.

func (*AuthenticationRedirectors) Count

func (ar *AuthenticationRedirectors) Count() int

Get a count of the AuthenticationRedirectors

func (*AuthenticationRedirectors) Get

Get the AuthenticationRedirector associated with a name. Also returns a boolean indicating whether the name matched

func (*AuthenticationRedirectors) GetNames

func (ar *AuthenticationRedirectors) GetNames() []string

Get the ordered list of names

type AuthenticationSelectionHandler

type AuthenticationSelectionHandler interface {
	// SelectAuthentication will choose which identity provider to use for login or handle the request
	// If the request is being handled, such as rendering a login provider selection page, then handled will
	// be true and selected will be nil.  If the request is not handled then a provider may be selected,
	// if a provider could not be selected then selected will be nil.
	SelectAuthentication([]ProviderInfo, http.ResponseWriter, *http.Request) (selected *ProviderInfo, handled bool, err error)
}

AuthenticationSelectionHandler is responsible for selecting which identity provider to use for login

type AuthenticationSuccessHandler

type AuthenticationSuccessHandler interface {
	// AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written,
	// and returns false if the response was not written.
	AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)
}

AuthenticationSuccessHandler reacts to a user authenticating

type AuthenticationSuccessHandlers

type AuthenticationSuccessHandlers []AuthenticationSuccessHandler

AuthenticationSuccessHandlers combines multiple AuthenticationSuccessHandler objects into a chain. On success, each handler is called. If any handler writes the response or returns an error, the chain is aborted.

func (AuthenticationSuccessHandlers) AuthenticationSucceeded

func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

type AuthorizeAuthenticator

type AuthorizeAuthenticator struct {
	// contains filtered or unexported fields
}

AuthorizeAuthenticator implements osinserver.AuthorizeHandler to ensure requests are authenticated

func NewAuthorizeAuthenticator

func NewAuthorizeAuthenticator(request authenticator.Request, handler AuthenticationHandler, errorHandler AuthenticationErrorHandler) *AuthorizeAuthenticator

NewAuthorizeAuthenticator returns a new Authenticator

func (*AuthorizeAuthenticator) HandleAuthorize

func (h *AuthorizeAuthenticator) HandleAuthorize(ar *osin.AuthorizeRequest, resp *osin.Response, w http.ResponseWriter) (bool, error)

HandleAuthorize implements osinserver.AuthorizeHandler to ensure the AuthorizeRequest is authenticated. If the request is authenticated, UserData and Authorized are set and false is returned. If the request is not authenticated, the auth handler is called and the request is not authorized

type EmptyAuth

type EmptyAuth struct{}

func (EmptyAuth) AuthenticationNeeded

func (EmptyAuth) AuthenticationNeeded(client authapi.Client, w http.ResponseWriter, req *http.Request) (bool, error)

type EmptyError

type EmptyError struct{}

func (EmptyError) AuthenticationError

func (EmptyError) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

func (EmptyError) GrantError

func (EmptyError) GrantError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

type EmptySuccess

type EmptySuccess struct{}

func (EmptySuccess) AuthenticationSucceeded

func (EmptySuccess) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

type GrantCheck

type GrantCheck struct {
	// contains filtered or unexported fields
}

GrantCheck implements osinserver.AuthorizeHandler to ensure requested scopes have been authorized

func (*GrantCheck) HandleAuthorize

func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, resp *osin.Response, w http.ResponseWriter) (bool, error)

HandleAuthorize implements osinserver.AuthorizeHandler to ensure the requested scopes have been authorized. The AuthorizeRequest.Authorized field must already be set to true for the grant check to occur. If the requested scopes are authorized, the AuthorizeRequest is unchanged. If the requested scopes are not authorized, or an error occurs, AuthorizeRequest.Authorized is set to false. If the response is written, true is returned. If the response is not written, false is returned.

type GrantChecker

type GrantChecker interface {
	// HasAuthorizedClient returns true if the user has authorized the client for the requested grant
	HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error)
}

GrantChecker is responsible for determining if a user has authorized a client for a requested grant

type GrantErrorHandler

type GrantErrorHandler interface {
	// GrantError reacts to grant errors, returns true if the response was written,
	// and returns any unhandled error (which could be the original error)
	GrantError(error, http.ResponseWriter, *http.Request) (handled bool, err error)
}

GrantErrorHandler reacts to grant errors

type GrantHandler

type GrantHandler interface {
	// GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written
	// granted is true if authorization was granted
	// handled is true if the response was already written
	GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (granted, handled bool, err error)
}

GrantHandler handles errors during the grant process, or the client requests an unauthorized grant

func NewAutoGrant

func NewAutoGrant() GrantHandler

NewAutoGrant returns a grant handler that automatically approves client authorizations

func NewEmptyGrant

func NewEmptyGrant() GrantHandler

NewEmptyGrant returns a no-op grant handler

func NewPerClientGrant

func NewPerClientGrant(prompt GrantHandler, defaultMethod oauthapi.GrantHandlerType) GrantHandler

NewPerClientGrant returns a grant handler that determines what to do based on the grant method in the client

func NewRedirectGrant

func NewRedirectGrant(subpath string) GrantHandler

NewRedirectGrant returns a grant handler that redirects to the given subpath when a grant is needed. The following query parameters are added to the URL:

then - original request URL
client_id - requesting client's ID
scopes - grant scope requested
redirect_uri - original authorize request redirect_uri

type ProviderInfo

type ProviderInfo struct {
	// Name is unique and corresponds to the name of the identity provider in the oauth configuration
	Name string
	// URL to login using this identity provider
	URL string
}

ProviderInfo represents display information for an oauth identity provider. This is used by the selection provider template to render links to login using different identity providers.

type TokenMaxAgeSeconds added in v3.7.0

type TokenMaxAgeSeconds interface {
	// GetTokenMaxAgeSeconds returns the max age of the token in seconds.
	// 0 means no expiration.
	// nil means to use the default expiration.
	GetTokenMaxAgeSeconds() *int32
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL