auth

package
v0.0.0-...-495e01f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AccessTokenScopeCategoryActivityPub = iota
	AccessTokenScopeCategoryAdmin
	AccessTokenScopeCategoryMisc // WARN: this is now just a placeholder, don't remove it which will change the following values
	AccessTokenScopeCategoryNotification
	AccessTokenScopeCategoryOrganization
	AccessTokenScopeCategoryPackage
	AccessTokenScopeCategoryIssue
	AccessTokenScopeCategoryRepository
	AccessTokenScopeCategoryUser
)

Variables

View Source 
var AllAccessTokenScopeCategories = []AccessTokenScopeCategory{
	AccessTokenScopeCategoryActivityPub,
	AccessTokenScopeCategoryAdmin,
	AccessTokenScopeCategoryMisc,
	AccessTokenScopeCategoryNotification,
	AccessTokenScopeCategoryOrganization,
	AccessTokenScopeCategoryPackage,
	AccessTokenScopeCategoryIssue,
	AccessTokenScopeCategoryRepository,
	AccessTokenScopeCategoryUser,
}

AllAccessTokenScopeCategories contains all access token scope categories

View Source 
var Names = map[Type]string{
	LDAP:   "LDAP (via BindDN)",
	DLDAP:  "LDAP (simple auth)",
	SMTP:   "SMTP",
	PAM:    "PAM",
	OAuth2: "OAuth2",
	SSPI:   "SPNEGO with SSPI",
}

Names contains the name of LoginType values.

Functions

func AccessTokenByNameExists 

func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)

AccessTokenByNameExists checks if a token name has been used already by a user.

func ContainsCategory 

func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool

ContainsCategory checks if a list of categories contains a specific category

func CountAccessTokens 

func CountAccessTokens(ctx context.Context, opts ListAccessTokensOptions) (int64, error)

CountAccessTokens count access tokens belongs to given user by options

func CountSources 

func CountSources() int64

CountSources returns number of login sources.

func CreateSource 

func CreateSource(source *Source) error

CreateSource inserts a AuthSource in the DB if not already existing with the given name.

func DeleteAccessTokenByID 

func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error

DeleteAccessTokenByID deletes access token by given ID.

func DeleteCredential 

func DeleteCredential(ctx context.Context, id, userID int64) (bool, error)

DeleteCredential will delete WebAuthnCredential

func ExistsWebAuthnCredentialsForUID 

func ExistsWebAuthnCredentialsForUID(ctx context.Context, uid int64) (bool, error)

ExistsWebAuthnCredentialsForUID returns if the given user has credentials

func HasWebAuthnRegistrationsByUID 

func HasWebAuthnRegistrationsByUID(ctx context.Context, uid int64) (bool, error)

HasWebAuthnRegistrationsByUID returns whether a given user has WebAuthn registrations

func IsErrAccessTokenEmpty 

func IsErrAccessTokenEmpty(err error) bool

IsErrAccessTokenEmpty checks if an error is a ErrAccessTokenEmpty.

func IsErrAccessTokenNotExist 

func IsErrAccessTokenNotExist(err error) bool

IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist.

func IsErrSourceAlreadyExist 

func IsErrSourceAlreadyExist(err error) bool

IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.

func IsErrSourceInUse 

func IsErrSourceInUse(err error) bool

IsErrSourceInUse checks if an error is a ErrSourceInUse.

func IsErrSourceNotExist 

func IsErrSourceNotExist(err error) bool

IsErrSourceNotExist checks if an error is a ErrSourceNotExist.

func IsErrWebAuthnCredentialNotExist 

func IsErrWebAuthnCredentialNotExist(err error) bool

IsErrWebAuthnCredentialNotExist checks if an error is a ErrWebAuthnCredentialNotExist.

func IsSSPIEnabled 

func IsSSPIEnabled() bool

IsSSPIEnabled returns true if there is at least one activated login source of type LoginSSPI

func NewAccessToken 

func NewAccessToken(ctx context.Context, t *AccessToken) error

NewAccessToken creates new access token.

func RegisterTypeConfig 

func RegisterTypeConfig(typ Type, exemplar Config)

RegisterTypeConfig register a config for a provided type

func UpdateAccessToken 

func UpdateAccessToken(ctx context.Context, t *AccessToken) error

UpdateAccessToken updates information of access token.

func UpdateSource 

func UpdateSource(source *Source) error

UpdateSource updates a Source record in DB.

func WebAuthnCredentials 

func WebAuthnCredentials(ctx context.Context, userID int64) ([]webauthn.Credential, error)

WebAuthnCredentials implementns the webauthn.User interface

Types

type AccessToken 

type AccessToken struct {
	ID             int64 `xorm:"pk autoincr"`
	UID            int64 `xorm:"INDEX"`
	Name           string
	Token          string `xorm:"-"`
	TokenHash      string `xorm:"UNIQUE"` // sha256 of token
	TokenSalt      string
	TokenLastEight string `xorm:"INDEX token_last_eight"`
	Scope          AccessTokenScope

	CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}

AccessToken represents a personal access token.

func GetAccessTokenBySHA 

func GetAccessTokenBySHA(ctx context.Context, token string) (*AccessToken, error)

GetAccessTokenBySHA returns access token by given token value

func ListAccessTokens 

func ListAccessTokens(ctx context.Context, opts ListAccessTokensOptions) ([]*AccessToken, error)

ListAccessTokens returns a list of access tokens belongs to given user.

func (*AccessToken) AfterLoad 

func (t *AccessToken) AfterLoad()

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*AccessToken) DisplayPublicOnly 

func (t *AccessToken) DisplayPublicOnly() bool

DisplayPublicOnly whether to display this as a public-only token.

type AccessTokenScope 

type AccessTokenScope string

AccessTokenScope represents the scope for an access token. 

const (
	AccessTokenScopeAll        AccessTokenScope = "all"
	AccessTokenScopePublicOnly AccessTokenScope = "public-only" // limited to public orgs/repos

	AccessTokenScopeReadActivityPub  AccessTokenScope = "read:activitypub"
	AccessTokenScopeWriteActivityPub AccessTokenScope = "write:activitypub"

	AccessTokenScopeReadAdmin  AccessTokenScope = "read:admin"
	AccessTokenScopeWriteAdmin AccessTokenScope = "write:admin"

	AccessTokenScopeReadMisc  AccessTokenScope = "read:misc"
	AccessTokenScopeWriteMisc AccessTokenScope = "write:misc"

	AccessTokenScopeReadNotification  AccessTokenScope = "read:notification"
	AccessTokenScopeWriteNotification AccessTokenScope = "write:notification"

	AccessTokenScopeReadOrganization  AccessTokenScope = "read:organization"
	AccessTokenScopeWriteOrganization AccessTokenScope = "write:organization"

	AccessTokenScopeReadPackage  AccessTokenScope = "read:package"
	AccessTokenScopeWritePackage AccessTokenScope = "write:package"

	AccessTokenScopeReadIssue  AccessTokenScope = "read:issue"
	AccessTokenScopeWriteIssue AccessTokenScope = "write:issue"

	AccessTokenScopeReadRepository  AccessTokenScope = "read:repository"
	AccessTokenScopeWriteRepository AccessTokenScope = "write:repository"

	AccessTokenScopeReadUser  AccessTokenScope = "read:user"
	AccessTokenScopeWriteUser AccessTokenScope = "write:user"
)

for all categories, write implies read

func GetRequiredScopes 

func GetRequiredScopes(level AccessTokenScopeLevel, scopeCategories ...AccessTokenScopeCategory) []AccessTokenScope

GetRequiredScopes gets the specific scopes for a given level and categories

func (AccessTokenScope) HasScope 

func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error)

HasScope returns true if the string has the given scope

func (AccessTokenScope) Normalize 

func (s AccessTokenScope) Normalize() (AccessTokenScope, error)

Normalize returns a normalized scope string without any duplicates.

func (AccessTokenScope) PublicOnly 

func (s AccessTokenScope) PublicOnly() (bool, error)

PublicOnly checks if this token scope is limited to public resources

func (AccessTokenScope) StringSlice 

func (s AccessTokenScope) StringSlice() []string

StringSlice returns the AccessTokenScope as a []string

type AccessTokenScopeCategory 

type AccessTokenScopeCategory int

AccessTokenScopeCategory represents the scope category for an access token

type AccessTokenScopeLevel 

type AccessTokenScopeLevel int

AccessTokenScopeLevel represents the access levels without a given scope category 

const (
	NoAccess AccessTokenScopeLevel = iota
	Read
	Write
)

func GetScopeLevelFromAccessMode 

func GetScopeLevelFromAccessMode(mode perm.AccessMode) AccessTokenScopeLevel

GetScopeLevelFromAccessMode converts permission access mode to scope level

type Config 

type Config interface {
	convert.Conversion
}

Config represents login config as far as the db is concerned

type ErrAccessTokenEmpty 

type ErrAccessTokenEmpty struct{}

ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.

func (ErrAccessTokenEmpty) Error 

func (err ErrAccessTokenEmpty) Error() string

func (ErrAccessTokenEmpty) Unwrap 

func (err ErrAccessTokenEmpty) Unwrap() error

type ErrAccessTokenNotExist 

type ErrAccessTokenNotExist struct {
	Token string
}

ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error.

func (ErrAccessTokenNotExist) Error 

func (err ErrAccessTokenNotExist) Error() string

func (ErrAccessTokenNotExist) Unwrap 

func (err ErrAccessTokenNotExist) Unwrap() error

type ErrSourceAlreadyExist 

type ErrSourceAlreadyExist struct {
	Name string
}

ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.

func (ErrSourceAlreadyExist) Error 

func (err ErrSourceAlreadyExist) Error() string

func (ErrSourceAlreadyExist) Unwrap 

func (err ErrSourceAlreadyExist) Unwrap() error

Unwrap unwraps this as a ErrExist err

type ErrSourceInUse 

type ErrSourceInUse struct {
	ID int64
}

ErrSourceInUse represents a "SourceInUse" kind of error.

func (ErrSourceInUse) Error 

func (err ErrSourceInUse) Error() string

type ErrSourceNotExist 

type ErrSourceNotExist struct {
	ID int64
}

ErrSourceNotExist represents a "SourceNotExist" kind of error.

func (ErrSourceNotExist) Error 

func (err ErrSourceNotExist) Error() string

func (ErrSourceNotExist) Unwrap 

func (err ErrSourceNotExist) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type ErrWebAuthnCredentialNotExist 

type ErrWebAuthnCredentialNotExist struct {
	ID           int64
	CredentialID []byte
}

ErrWebAuthnCredentialNotExist represents a "ErrWebAuthnCRedentialNotExist" kind of error.

func (ErrWebAuthnCredentialNotExist) Error 

func (err ErrWebAuthnCredentialNotExist) Error() string

func (ErrWebAuthnCredentialNotExist) Unwrap 

func (err ErrWebAuthnCredentialNotExist) Unwrap() error

Unwrap unwraps this as a ErrNotExist err

type HasTLSer 

type HasTLSer interface {
	HasTLS() bool
}

HasTLSer configurations provide a HasTLS to check if TLS can be enabled

type ListAccessTokensOptions 

type ListAccessTokensOptions struct {
	db.ListOptions
	Name   string
	UserID int64
}

ListAccessTokensOptions contain filter options

type RegisterableSource 

type RegisterableSource interface {
	RegisterSource() error
	UnregisterSource() error
}

RegisterableSource configurations provide RegisterSource which needs to be run on creation

type SSHKeyProvider 

type SSHKeyProvider interface {
	ProvidesSSHKeys() bool
}

SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys

type SkipVerifiable 

type SkipVerifiable interface {
	IsSkipVerify() bool
}

SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set

type Source 

type Source struct {
	ID            int64 `xorm:"pk autoincr"`
	Type          Type
	Name          string             `xorm:"UNIQUE"`
	IsActive      bool               `xorm:"INDEX NOT NULL DEFAULT false"`
	IsSyncEnabled bool               `xorm:"INDEX NOT NULL DEFAULT false"`
	Cfg           convert.Conversion `xorm:"TEXT"`

	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}

Source represents an external way for authorizing users.

func ActiveSources 

func ActiveSources(tp Type) ([]*Source, error)

ActiveSources returns all active sources of the specified type

func AllActiveSources 

func AllActiveSources() ([]*Source, error)

AllActiveSources returns all active sources

func GetSourceByID 

func GetSourceByID(id int64) (*Source, error)

GetSourceByID returns login source by given ID.

func Sources 

func Sources() ([]*Source, error)

Sources returns a slice of all login sources found in DB.

func SourcesByType 

func SourcesByType(loginType Type) ([]*Source, error)

SourcesByType returns all sources of the specified type

func (*Source) BeforeSet 

func (source *Source) BeforeSet(colName string, val xorm.Cell)

BeforeSet is invoked from XORM before setting the value of a field of this object.

func (*Source) HasTLS 

func (source *Source) HasTLS() bool

HasTLS returns true of this source supports TLS.

func (*Source) IsDLDAP 

func (source *Source) IsDLDAP() bool

IsDLDAP returns true of this source is of the DLDAP type.

func (*Source) IsLDAP 

func (source *Source) IsLDAP() bool

IsLDAP returns true of this source is of the LDAP type.

func (*Source) IsOAuth2 

func (source *Source) IsOAuth2() bool

IsOAuth2 returns true of this source is of the OAuth2 type.

func (*Source) IsPAM 

func (source *Source) IsPAM() bool

IsPAM returns true of this source is of the PAM type.

func (*Source) IsSMTP 

func (source *Source) IsSMTP() bool

IsSMTP returns true of this source is of the SMTP type.

func (*Source) IsSSPI 

func (source *Source) IsSSPI() bool

IsSSPI returns true of this source is of the SSPI type.

func (*Source) SkipVerify 

func (source *Source) SkipVerify() bool

SkipVerify returns true if this source is configured to skip SSL verification.

func (Source) TableName 

func (Source) TableName() string

TableName xorm will read the table name from this method

func (*Source) TypeName 

func (source *Source) TypeName() string

TypeName return name of this login source type.

func (*Source) UseTLS 

func (source *Source) UseTLS() bool

UseTLS returns true of this source is configured to use TLS.

type SourceSettable 

type SourceSettable interface {
	SetAuthSource(*Source)
}

SourceSettable configurations can have their authSource set on them

type Type 

type Type int

Type represents an login type. 

const (
	NoType Type = iota
	Plain       // 1
	LDAP        // 2
	SMTP        // 3
	PAM         // 4
	DLDAP       // 5
	OAuth2      // 6
	SSPI        // 7
)

Note: new type must append to the end of list to maintain compatibility.

func (Type) Int 

func (typ Type) Int() int

Int returns the int value of the LoginType

func (Type) String 

func (typ Type) String() string

String returns the string name of the LoginType

type UseTLSer 

type UseTLSer interface {
	UseTLS() bool
}

UseTLSer configurations provide a HasTLS to check if TLS is enabled

type WebAuthnCredential 

type WebAuthnCredential struct {
	ID              int64 `xorm:"pk autoincr"`
	Name            string
	LowerName       string `xorm:"unique(s)"`
	UserID          int64  `xorm:"INDEX unique(s)"`
	CredentialID    []byte `xorm:"INDEX VARBINARY(1024)"`
	PublicKey       []byte
	AttestationType string
	AAGUID          []byte
	SignCount       uint32 `xorm:"BIGINT"`
	CloneWarning    bool
	CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix     timeutil.TimeStamp `xorm:"INDEX updated"`
}

WebAuthnCredential represents the WebAuthn credential data for a public-key credential conformant to WebAuthn Level 1

func CreateCredential 

func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)

CreateCredential will create a new WebAuthnCredential from the given Credential

func GetWebAuthnCredentialByCredID 

func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)

GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID

func GetWebAuthnCredentialByID 

func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)

GetWebAuthnCredentialByID returns WebAuthn credential by id

func GetWebAuthnCredentialByName 

func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)

GetWebAuthnCredentialByName returns WebAuthn credential by id

func (*WebAuthnCredential) AfterLoad 

func (cred *WebAuthnCredential) AfterLoad(session *xorm.Session)

AfterLoad is invoked from XORM after setting the values of all fields of this object.

func (*WebAuthnCredential) BeforeInsert 

func (cred *WebAuthnCredential) BeforeInsert()

BeforeInsert will be invoked by XORM before updating a record

func (*WebAuthnCredential) BeforeUpdate 

func (cred *WebAuthnCredential) BeforeUpdate()

BeforeUpdate will be invoked by XORM before updating a record

func (WebAuthnCredential) TableName 

func (cred WebAuthnCredential) TableName() string

TableName returns a better table name for WebAuthnCredential

func (*WebAuthnCredential) UpdateSignCount 

func (cred *WebAuthnCredential) UpdateSignCount(ctx context.Context) error

UpdateSignCount will update the database value of SignCount

type WebAuthnCredentialList 

type WebAuthnCredentialList []*WebAuthnCredential

WebAuthnCredentialList is a list of *WebAuthnCredential

func GetWebAuthnCredentialsByUID 

func GetWebAuthnCredentialsByUID(ctx context.Context, uid int64) (WebAuthnCredentialList, error)

GetWebAuthnCredentialsByUID returns all WebAuthn credentials of the given user

func (WebAuthnCredentialList) ToCredentials 

func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential

ToCredentials will convert all WebAuthnCredentials to webauthn.Credentials

Source Files

View all Source files

Directories

Path Synopsis
hash
pwn

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.