gitea: code.gitea.io/gitea/modules/auth/sso Index | Files

package sso

import "code.gitea.io/gitea/modules/auth/sso"

Index

Package Files

basic.go interface.go oauth2.go reverseproxy.go session.go sso.go user.go

func CheckOAuthAccessToken Uses

func CheckOAuthAccessToken(accessToken string) int64

CheckOAuthAccessToken returns uid of user from oauth token

func Free Uses

func Free()

Free should be called exactly once when the application is terminating to allow SSO plugins to release necessary resources

func Init Uses

func Init()

Init should be called exactly once when the application starts to allow SSO plugins to allocate necessary resources

func Register Uses

func Register(method SingleSignOn)

Register adds the specified instance to the list of available SSO methods

func SessionUser Uses

func SessionUser(sess SessionStore) *models.User

SessionUser returns the user object corresponding to the "uid" session variable.

func SignedInUser Uses

func SignedInUser(req *http.Request, w http.ResponseWriter, ds DataStore, sess SessionStore) (*models.User, bool)

SignedInUser returns the user object of signed user. It returns a bool value to indicate whether user uses basic auth or not.

type Basic Uses

type Basic struct {
}

Basic implements the SingleSignOn interface and authenticates requests (API requests only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization" header.

func (*Basic) Free Uses

func (b *Basic) Free() error

Free does nothing as the Basic implementation does not have to release any resources

func (*Basic) Init Uses

func (b *Basic) Init() error

Init does nothing as the Basic implementation does not need to allocate any resources

func (*Basic) IsEnabled Uses

func (b *Basic) IsEnabled() bool

IsEnabled returns true as this plugin is enabled by default and its not possible to disable it from settings.

func (*Basic) VerifyAuthData Uses

func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User

VerifyAuthData extracts and validates Basic data (username and password/token) from the "Authorization" header of the request and returns the corresponding user object for that name/token on successful validation. Returns nil if header is empty or validation fails.

type DataStore Uses

type DataStore interface {
    GetData() map[string]interface{}
}

DataStore represents a data store

type OAuth2 Uses

type OAuth2 struct {
}

OAuth2 implements the SingleSignOn interface and authenticates requests (API requests only) by looking for an OAuth token in query parameters or the "Authorization" header.

func (*OAuth2) Free Uses

func (o *OAuth2) Free() error

Free does nothing as the OAuth2 implementation does not have to release any resources

func (*OAuth2) Init Uses

func (o *OAuth2) Init() error

Init does nothing as the OAuth2 implementation does not need to allocate any resources

func (*OAuth2) IsEnabled Uses

func (o *OAuth2) IsEnabled() bool

IsEnabled returns true as this plugin is enabled by default and its not possible to disable it from settings.

func (*OAuth2) VerifyAuthData Uses

func (o *OAuth2) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User

VerifyAuthData extracts the user ID from the OAuth token in the query parameters or the "Authorization" header and returns the corresponding user object for that ID. If verification is successful returns an existing user object. Returns nil if verification fails.

type ReverseProxy Uses

type ReverseProxy struct {
}

ReverseProxy implements the SingleSignOn interface, but actually relies on a reverse proxy for authentication of users. On successful authentication the proxy is expected to populate the username in the "setting.ReverseProxyAuthUser" header. Optionally it can also populate the email of the user in the "setting.ReverseProxyAuthEmail" header.

func (*ReverseProxy) Free Uses

func (r *ReverseProxy) Free() error

Free does nothing as the ReverseProxy implementation does not have to release resources

func (*ReverseProxy) Init Uses

func (r *ReverseProxy) Init() error

Init does nothing as the ReverseProxy implementation does not need initialization

func (*ReverseProxy) IsEnabled Uses

func (r *ReverseProxy) IsEnabled() bool

IsEnabled checks if EnableReverseProxyAuth setting is true

func (*ReverseProxy) VerifyAuthData Uses

func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User

VerifyAuthData extracts the username from the "setting.ReverseProxyAuthUser" header of the request and returns the corresponding user object for that name. Verification of header data is not performed as it should have already been done by the revese proxy. If a username is available in the "setting.ReverseProxyAuthUser" header an existing user object is returned (populated with username or email found in header). Returns nil if header is empty.

type Session Uses

type Session struct {
}

Session checks if there is a user uid stored in the session and returns the user object for that uid.

func (*Session) Free Uses

func (s *Session) Free() error

Free does nothing as the Session implementation does not have to release any resources

func (*Session) Init Uses

func (s *Session) Init() error

Init does nothing as the Session implementation does not need to allocate any resources

func (*Session) IsEnabled Uses

func (s *Session) IsEnabled() bool

IsEnabled returns true as this plugin is enabled by default and its not possible to disable it from settings.

func (*Session) VerifyAuthData Uses

func (s *Session) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User

VerifyAuthData checks if there is a user uid stored in the session and returns the user object for that uid. Returns nil if there is no user uid stored in the session.

type SessionStore Uses

type SessionStore interface {
    Get(interface{}) interface{}
    Set(interface{}, interface{}) error
    Delete(interface{}) error
}

SessionStore represents a session store

type SingleSignOn Uses

type SingleSignOn interface {
    // Init should be called exactly once before using any of the other methods,
    // in order to allow the plugin to allocate necessary resources
    Init() error

    // Free should be called exactly once before application closes, in order to
    // give chance to the plugin to free any allocated resources
    Free() error

    // IsEnabled checks if the current SSO method has been enabled in settings.
    IsEnabled() bool

    // VerifyAuthData tries to verify the SSO authentication data contained in the request.
    // If verification is successful returns either an existing user object (with id > 0)
    // or a new user object (with id = 0) populated with the information that was found
    // in the authentication data (username or email).
    // Returns nil if verification fails.
    VerifyAuthData(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User
}

SingleSignOn represents a SSO authentication method (plugin) for HTTP requests.

func Methods Uses

func Methods() []SingleSignOn

Methods returns the instances of all registered SSO methods

Package sso imports 12 packages (graph) and is imported by 16 packages. Updated 2021-01-22. Refresh now. Tools for package owners.