GO-2024-2646: Cross-site scripting on application summary component in github.com/argoproj/argo-cd/v2

The highest tagged major version is v2.

session

package

v1.8.7 Latest Latest Go to latest Published: Mar 3, 2021 License: Apache-2.0 Imports: 9 Imported by: 51

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/argoproj/argo-cd

Links

Open Source Insights

Documentation ¶

Index ¶

func NewLoginRateLimiter(maxNumber int) func() (util.Closer, error)
type Authenticator
type Server
- func NewServer(mgr *sessionmgr.SessionManager, authenticator Authenticator, ...) *Server

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewLoginRateLimiter ¶ added in v1.5.3

func NewLoginRateLimiter(maxNumber int) func() (util.Closer, error)

Types ¶

type Authenticator ¶ added in v1.2.4

type Authenticator interface {
	Authenticate(ctx context.Context) (context.Context, error)
}

func NewServer ¶

func NewServer(mgr *sessionmgr.SessionManager, authenticator Authenticator, policyEnf *rbacpolicy.RBACPolicyEnforcer, rateLimiter func() (util.Closer, error)) *Server

NewServer returns a new instance of the Session service

func (*Server) AuthFuncOverride ¶

func (s *Server) AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)

AuthFuncOverride overrides the authentication function and let us not require auth to receive auth. Without this function here, ArgoCDServer.authenticate would be invoked and credentials checked. Since this service is generally invoked when the user has _no_ credentials, that would create a chicken-and-egg situation if we didn't place this here to allow traffic to pass through.

func (*Server) Create ¶

func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*session.SessionResponse, error)

Create generates a JWT token signed by Argo CD intended for web/CLI logins of the admin user using username/password

func (*Server) Delete ¶

func (s *Server) Delete(ctx context.Context, q *session.SessionDeleteRequest) (*session.SessionResponse, error)

Delete an authentication cookie from the client. This makes sense only for the Web client.

func (*Server) GetUserInfo ¶ added in v1.2.4

func (s *Server) GetUserInfo(ctx context.Context, q *session.GetUserInfoRequest) (*session.GetUserInfoResponse, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL