sessions

package
v1.10.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2021 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxBcryptPasswordLength = 50
)

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length

Variables

This section is empty.

Functions

func AuthenticateUserByToken 

func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)

AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.

func BeginWebAuthnLogin 

func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)

func BeginWebAuthnRegistration 

func BeginWebAuthnRegistration(user User, uwas []WebAuthn, sessionStore *WebAuthnSessionStore, ctx *gin.Context, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)

func FinishWebAuthnLogin 

func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error

func FinishWebAuthnRegistration 

func FinishWebAuthnRegistration(user User, uwas []WebAuthn, sessionStore *WebAuthnSessionStore, ctx *gin.Context, config WebAuthnConfiguration) (*webauthn.Credential, error)

func NewSessionReaper 

func NewSessionReaper(db *sql.DB, config SessionReaperConfig) utils.SleeperTask

NewSessionReaper creates a reaper that cleans stale sessions from the store.

Types

type ChangeAuthTokenRequest 

type ChangeAuthTokenRequest struct {
	Password string `json:"password"`
}

Changeauth.TokenRequest is sent when updating a User's authentication token.

type ORM 

type ORM interface {
	FindUser() (User, error)
	AuthorizedUserWithSession(sessionID string) (User, error)
	DeleteUser() error
	DeleteUserSession(sessionID string) error
	CreateSession(sr SessionRequest) (string, error)
	ClearNonCurrentSessions(sessionID string) error
	CreateUser(user *User) error
	SetAuthToken(user *User, token *auth.Token) error
	DeleteAuthToken(user *User) error
	SetPassword(user *User, newPassword string) error
	Sessions(offset, limit int) ([]Session, error)
	GetUserWebAuthn(email string) ([]WebAuthn, error)
	SaveWebAuthn(token *WebAuthn) error

	FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error)
}

func NewORM 

func NewORM(db *sqlx.DB, sessionDuration time.Duration) ORM

type Session 

type Session struct {
	ID        string    `json:"id" gorm:"primary_key"`
	LastUsed  time.Time `json:"lastUsed" gorm:"index"`
	CreatedAt time.Time `json:"createdAt" gorm:"index"`
}

Session holds the unique id for the authenticated session.

func NewSession 

func NewSession() Session

NewSession returns a session instance with ID set to a random ID and LastUsed to to now.

type SessionReaperConfig 

type SessionReaperConfig interface {
	SessionTimeout() models.Duration
	ReaperExpiration() models.Duration
}

type SessionRequest 

type SessionRequest struct {
	Email          string `json:"email"`
	Password       string `json:"password"`
	WebAuthnData   string `json:"webauthndata"`
	WebAuthnConfig WebAuthnConfiguration
	SessionStore   *WebAuthnSessionStore
	RequestContext *gin.Context
}

SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.

type User 

type User struct {
	Email             string `gorm:"primary_key"`
	HashedPassword    string
	CreatedAt         time.Time `gorm:"index"`
	TokenKey          null.String
	TokenSalt         null.String
	TokenHashedSecret null.String
	UpdatedAt         time.Time
}

User holds the credentials for API user.

func NewUser 

func NewUser(email, plainPwd string) (User, error)

NewUser creates a new user by hashing the passed plainPwd with bcrypt.

func (*User) GenerateAuthToken 

func (u *User) GenerateAuthToken() (*auth.Token, error)

GenerateAuthToken randomly generates and sets the users Authentication Token.

func (*User) SetAuthToken 

func (u *User) SetAuthToken(token *auth.Token) error

SetAuthToken updates the user to use the given Authentication Token.

type WebAuthn 

type WebAuthn struct {
	Email         string
	PublicKeyData sqlxTypes.JSONText
}

User holds the credentials for API user.

type WebAuthnConfiguration 

type WebAuthnConfiguration struct {
	RPID     string
	RPOrigin string
}

type WebAuthnSessionStore 

type WebAuthnSessionStore struct {
	InProgressRegistrations map[string]string
}

WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.

func NewWebAuthnSessionStore 

func NewWebAuthnSessionStore(keyPairs ...[]byte) *WebAuthnSessionStore

NewWebAuthnSessionStore returns a new session store.

func (*WebAuthnSessionStore) GetWebauthnSession 

func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (webauthn.SessionData, error)

GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie.

func (*WebAuthnSessionStore) SaveWebauthnSession 

func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error

SaveWebauthnSession marhsals and saves the webauthn data to the provided key given the request and responsewriter

func (*WebAuthnSessionStore) Set 

func (store *WebAuthnSessionStore) Set(key string, value interface{}) error

Set stores a value to the session with the provided key.

type WebAuthnUser 

type WebAuthnUser struct {
	Email         string
	WACredentials []webauthn.Credential
}

This struct implements the required duo-labs/webauthn/ 'User' interface kept seperate from our internal 'User' struct

func (WebAuthnUser) CredentialExcludeList 

func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor

CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys

func (*WebAuthnUser) LoadWebAuthnCredentials 

func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error

func (WebAuthnUser) WebAuthnCredentials 

func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential

WebAuthnCredentials returns credentials owned by the user

func (WebAuthnUser) WebAuthnDisplayName 

func (u WebAuthnUser) WebAuthnDisplayName() string

WebAuthnDisplayName returns the user's display name. In this case we just return the email

func (WebAuthnUser) WebAuthnID 

func (u WebAuthnUser) WebAuthnID() []byte

WebAuthnID returns the user's ID

func (WebAuthnUser) WebAuthnIcon 

func (u WebAuthnUser) WebAuthnIcon() string

WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.

func (WebAuthnUser) WebAuthnName 

func (u WebAuthnUser) WebAuthnName() string

WebAuthnName returns the user's email

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.