Documentation
¶
Index ¶
- Variables
- func Auth(mech, device string, creds map[string]string) error
- func Clean()
- func HasAccess(role string) bool
- func Invalidate(sessId string) error
- func IsAuth() bool
- func RecoverService(toEndpoint, fromService string) error
- func RecoverSession(sessId string) error
- func SetCurrentService(name string)
- func SignOut(user *User)
- type Cacher
- type MockScope
- func (s *MockScope) Auth(mech, device string, creds map[string]string) error
- func (s *MockScope) AuthUser() *User
- func (s *MockScope) Authorised() bool
- func (s *MockScope) Clean() Scope
- func (s *MockScope) HasAccess(role string) bool
- func (s *MockScope) HasTriedAuth() bool
- func (s *MockScope) IsAuth() bool
- func (s *MockScope) MockUser(id string, roles []string)
- func (s *MockScope) RecoverService(toEndpoint, fromService string) error
- func (s *MockScope) RecoverSession(sessId string) error
- func (s *MockScope) RpcScope(scoper multiclient.Scoper) Scope
- func (s *MockScope) SetAuthorised(authorised bool)
- func (s *MockScope) SignOut(user *User) error
- type Scope
- type User
Constants ¶
This section is empty.
Variables ¶
var (
BadCredentialsError error = errors.New("Bad credentials")
)
var RoleGlobOptions = &glob.Options{ Separator: '.', MatchAtStart: true, MatchAtEnd: true, }
Options which should be used whenever construting a role glob
Functions ¶
func Invalidate ¶
Invalidate wraps `Invalidate` against our default memcache-based `Cacher`
func RecoverService ¶
RecoverService wraps defaultScope.RecoverService
func RecoverSession ¶
RecoverSession wraps defaultScope.RecoverSession
func SetCurrentService ¶
func SetCurrentService(name string)
SetCurrentService defines the current service, as used for service-to-service auth This defines who _we_ are, and thus which rules we'll load that define which other services will be allowed via HasAccess to call us with assumed role auth TODO delete when removing s2s rules
Types ¶
type MockScope ¶
type MockScope struct {
MockUid string
MockRoles []string
// contains filtered or unexported fields
}
func (*MockScope) Authorised ¶
func (*MockScope) HasTriedAuth ¶
func (*MockScope) RecoverService ¶
func (*MockScope) RecoverSession ¶
func (*MockScope) SetAuthorised ¶
type Scope ¶
type Scope interface {
RpcScope(scoper multiclient.Scoper) Scope
Clean() Scope
RecoverSession(sessId string) error
RecoverService(toEndpoint, fromService string) error
Auth(mech, device string, creds map[string]string) error
IsAuth() bool
AuthUser() *User
HasAccess(role string) bool
SignOut(user *User) error
HasTriedAuth() bool
Authorised() bool
SetAuthorised(authorised bool)
}
Scope represents some session witin which we may know about a user who has somehow identified themselves to us, or some service that has identified itself to us (and we trust)
type User ¶
type User struct {
SessId, Mech, Device, Id string
CreatedTs, ExpiryTs, RenewTs time.Time
Roles []string
Token, Sig, Data []byte
}
func FromSessionToken ¶
FromSessionToken turns a raw session and token pair into a full user object that we can query/validate
func (*User) Application ¶
Application returns the user's application (derived from the authentication mechanism). This is only available for H2-generated tokens; H1 tokens return an empty string.
func (*User) CanAutoRenew ¶
CanAutoRenew tests if the token can be auto-renewed at this time (by the login service)
Source Files