Documentation ¶
Index ¶
- Variables
- type Auth
- func (a *Auth) ClearCSRFCookie(r *http.Request, c *http.Cookie) *http.Cookie
- func (a *Auth) ClearCookie(r *http.Request) *http.Cookie
- func (a *Auth) CookieDomain(r *http.Request) string
- func (a *Auth) CookieExpiry() time.Time
- func (a *Auth) CookieSignature(r *http.Request, email, expires string) string
- func (a *Auth) CsrfCookieDomain(r *http.Request) string
- func (a *Auth) CurrentUrl(r *http.Request) string
- func (a *Auth) FindCSRFCookie(r *http.Request, state string) (c *http.Cookie, err error)
- func (a *Auth) GetRedirectURI(r *http.Request) string
- func (a *Auth) MakeCSRFCookie(r *http.Request, nonce string) *http.Cookie
- func (a *Auth) MakeCookie(r *http.Request, user string) *http.Cookie
- func (a *Auth) MakeState(returnUrl string, p provider.Provider, nonce string) string
- func (a *Auth) MatchCookieDomains(domain string) (bool, string)
- func (a *Auth) Nonce() (string, error)
- func (a *Auth) RedirectBase(r *http.Request) string
- func (a *Auth) RedirectUri(r *http.Request) string
- func (a *Auth) UseAuthDomain(r *http.Request) (bool, string)
- func (a *Auth) ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)
- func (a *Auth) ValidateCookie(r *http.Request, c *http.Cookie) (string, error)
- func (a *Auth) ValidateLoginRedirect(r *http.Request, redirect string) (*url.URL, error)
- func (a *Auth) ValidateRedirect(r *http.Request, redirect string) (*url.URL, error)
- func (a *Auth) ValidateState(state string) error
- func (a *Auth) ValidateUser(user string) bool
Constants ¶
This section is empty.
Variables ¶
var ( ErrCookieInvalidFormat = errors.New("invalid cookie format") ErrCookieMacDecode = errors.New("unable to decode cookie mac") ErrCookieMacGenerate = errors.New("unable to generate mac") // InvalidSignature signifies one of: // 1. mac signature was badly computed // 2. mac signature was modified // 3. signature format was changed between versions // 4. secret was rotated ErrCookieInvalidSignature = errors.New("invalid mac signature") ErrCookieExpiryParse = errors.New("unable to parse cookie expiry") ErrCookieExpired = errors.New("cookie has expired") ErrRedirectScheme = errors.New("invalid redirect: scheme mismatch") ErrRedirectHost = errors.New("invalid redirect: host mismatch") ErrRedirectParse = errors.New("unable to parse redirect") ErrRedirectUrl = errors.New("invalid redirect URL scheme") ErrRedirectHostExpected = errors.New("redirect host does not match any expected hosts (should match cookie domain when using auth host)") ErrRedirectHostRequested = errors.New("redirect host does not match request host (must match when not using auth host)") ErrCsrfInvalidValue = errors.New("invalid CSRF cookie value") ErrCsrfStateMatch = errors.New("state of CSRF cookie does not match") ErrCsrfStateFormat = errors.New("invalid CSRF state format") ErrCsrfStateValue = errors.New("invalid CSRF state value") )
Functions ¶
This section is empty.
Types ¶
type Auth ¶
type Auth struct {
// contains filtered or unexported fields
}
Request Validation
func (*Auth) ClearCSRFCookie ¶
ClearCSRFCookie makes an expired csrf cookie to clear csrf cookie
func (*Auth) ClearCookie ¶
ClearCookie clears the auth cookie
func (*Auth) CookieSignature ¶
Create cookie hmac
func (*Auth) CsrfCookieDomain ¶
Cookie domain
func (*Auth) FindCSRFCookie ¶
FindCSRFCookie extracts the CSRF cookie from the request based on state.
func (*Auth) MakeCSRFCookie ¶
MakeCSRFCookie makes a csrf cookie (used during login only)
Note, CSRF cookies live shorter than auth cookies, a fixed 1h. That's because some CSRF cookies may belong to auth flows that don't complete and thus may not get cleared by ClearCookie.
func (*Auth) MakeCookie ¶
MakeCookie creates an auth cookie
func (*Auth) MatchCookieDomains ¶
Return matching cookie domain if exists
func (*Auth) RedirectBase ¶
Get the request base from forwarded request
func (*Auth) RedirectUri ¶
Get oauth redirect uri
func (*Auth) UseAuthDomain ¶
Should we use auth host + what it is
func (*Auth) ValidateCSRFCookie ¶
func (a *Auth) ValidateCSRFCookie(c *http.Cookie, state string) (valid bool, provider string, redirect string, err error)
ValidateCSRFCookie validates the csrf cookie against state
func (*Auth) ValidateCookie ¶
ValidateCookie verifies that a cookie matches the expected format of: Cookie = hash(secret, cookie domain, user, expires)|expires|user
func (*Auth) ValidateLoginRedirect ¶
func (*Auth) ValidateRedirect ¶
ValidateRedirect validates that the given redirect is valid and permitted for the given request
func (*Auth) ValidateState ¶
ValidateState checks whether the state is of right length.
func (*Auth) ValidateUser ¶
ValidateUser checks if the given user matches either a whitelisted user, as defined by the "whitelist" config parameter. Or is part of a permitted domain, as defined by the "domains" config parameter