auth

package
v0.0.0-...-fc9d343 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2024 License: Apache-2.0 Imports: 21 Imported by: 26

Documentation

Overview

Package auth defines how Evergreen users authenticate to various authentication back ends.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LoadUserManager 

func LoadUserManager(settings *evergreen.Settings) (gimlet.UserManager, evergreen.UserManagerInfo, error)

LoadUserManager is used to check the configuration for authentication and create a UserManager depending on what type of authentication is used.

func NewGithubUserManager 

func NewGithubUserManager(g *evergreen.GithubAuthConfig, loginDomain string) (gimlet.UserManager, error)

NewGithubUserManager initializes a GithubUserManager with a Salt as randomly generated string used in Github authentication

func NewLDAPUserManager 

func NewLDAPUserManager(conf *evergreen.LDAPConfig) (gimlet.UserManager, error)

NewLDAPUserManager creates a user manager for an LDAP server.

func NewOktaUserManager 

func NewOktaUserManager(conf *evergreen.OktaConfig, evgURL, loginDomain string) (gimlet.UserManager, error)

func NewOnlyAPIUserManager 

func NewOnlyAPIUserManager() (gimlet.UserManager, error)

NewOnlyAPIUserManager creates a user manager for special users that can only make API requests. Users cannot be created and must come from the database.

func SetLoginToken 

func SetLoginToken(token, domain string, w http.ResponseWriter)

SetLoginToken sets the token in the session cookie for authentication.

Types

type GithubUserManager 

type GithubUserManager struct {
	ClientId               string
	ClientSecret           string
	AuthorizedUsers        []string
	AuthorizedOrganization string
	Salt                   string
	LoginDomain            string
}

func (*GithubUserManager) ClearUser 

func (*GithubUserManager) ClearUser(u gimlet.User, all bool) error

func (*GithubUserManager) CreateUserToken 

func (*GithubUserManager) CreateUserToken(string, string) (string, error)

CreateUserToken is not implemented in GithubUserManager

func (*GithubUserManager) GetGroupsForUser 

func (*GithubUserManager) GetGroupsForUser(string) ([]string, error)

func (*GithubUserManager) GetLoginCallbackHandler 

func (gum *GithubUserManager) GetLoginCallbackHandler() http.HandlerFunc

GetLoginCallbackHandler returns the function that is called when GitHub redirects the user back to Evergreen.

func (*GithubUserManager) GetLoginHandler 

func (gum *GithubUserManager) GetLoginHandler(callbackUri string) http.HandlerFunc

GetLoginHandler returns the function that starts oauth by redirecting the user to authenticate with Github

func (*GithubUserManager) GetOrCreateUser 

func (*GithubUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)

func (*GithubUserManager) GetUserByID 

func (*GithubUserManager) GetUserByID(id string) (gimlet.User, error)

func (*GithubUserManager) GetUserByToken 

func (gum *GithubUserManager) GetUserByToken(ctx context.Context, token string) (gimlet.User, error)

GetUserByToken sends the token to Github and gets back a user and optionally an organization. If there are Authorized Users, it checks the authorized usernames against the GitHub user's login If there is no match and there is an organization it checks the user's organizations against the UserManager's Authorized organization string.

func (*GithubUserManager) IsRedirect 

func (*GithubUserManager) IsRedirect() bool

func (*GithubUserManager) ReauthorizeUser 

func (*GithubUserManager) ReauthorizeUser(gimlet.User) error

type NaiveUserManager 

type NaiveUserManager struct {
	// contains filtered or unexported fields
}

NaiveUserManager implements the UserManager interface and has a list of AuthUsers{UserName, DisplayName, Password, Email string} which is stored in the settings configuration file. Note: This use of the UserManager is recommended for dev/test purposes only and users who need high security authentication mechanisms should rely on a different authentication mechanism.

func NewNaiveUserManager 

func NewNaiveUserManager(naiveAuthConfig *evergreen.NaiveAuthConfig) (*NaiveUserManager, error)

func (*NaiveUserManager) ClearUser 

func (*NaiveUserManager) ClearUser(_ gimlet.User, _ bool) error

func (*NaiveUserManager) CreateUserToken 

func (b *NaiveUserManager) CreateUserToken(username, password string) (string, error)

CreateUserToken finds the user with the same username and password in its list of users and creates a token that is a combination of the index of the list the user is at, the email address and a hash of the username and password and returns that token.

func (*NaiveUserManager) GetGroupsForUser 

func (*NaiveUserManager) GetGroupsForUser(string) ([]string, error)

func (*NaiveUserManager) GetLoginCallbackHandler 

func (*NaiveUserManager) GetLoginCallbackHandler() http.HandlerFunc

func (*NaiveUserManager) GetLoginHandler 

func (*NaiveUserManager) GetLoginHandler(string) http.HandlerFunc

func (*NaiveUserManager) GetOrCreateUser 

func (*NaiveUserManager) GetOrCreateUser(u gimlet.User) (gimlet.User, error)

func (*NaiveUserManager) GetUserByID 

func (*NaiveUserManager) GetUserByID(id string) (gimlet.User, error)

func (*NaiveUserManager) GetUserByToken 

func (b *NaiveUserManager) GetUserByToken(_ context.Context, token string) (gimlet.User, error)

GetUserByToken does a find by creating a temporary token from the index of the user on the list, the email of the user and a hash of the username and password, checking it against the token string and returning a User if there is a match.

func (*NaiveUserManager) IsRedirect 

func (*NaiveUserManager) IsRedirect() bool

func (*NaiveUserManager) ReauthorizeUser 

func (*NaiveUserManager) ReauthorizeUser(gimlet.User) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.