Documentation ¶
Index ¶
- Constants
- Variables
- type Lockout
- type LockoutProvider
- type OOBOTPAuthenticatorProvider
- type OTPCodeService
- type PasskeyAuthenticatorProvider
- type PasswordAuthenticatorProvider
- type RateLimiter
- type RateLimits
- type Reservation
- type Service
- func (s *Service) ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error
- func (s *Service) Count(userID string) (uint64, error)
- func (s *Service) Create(info *authenticator.Info) error
- func (s *Service) Delete(info *authenticator.Info) error
- func (s *Service) Get(id string) (*authenticator.Info, error)
- func (s *Service) GetMany(ids []string) ([]*authenticator.Info, error)
- func (s *Service) List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
- func (s *Service) ListByUserIDs(userIDs []string, filters ...authenticator.Filter) (map[string][]*authenticator.Info, error)
- func (s *Service) ListRefsByUsers(userIDs []string, authenticatorType *model.AuthenticatorType, ...) ([]*authenticator.Ref, error)
- func (s *Service) New(spec *authenticator.Spec) (*authenticator.Info, error)
- func (s *Service) NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
- func (s *Service) RemoveOrphans(identities []*identity.Info) error
- func (s *Service) Update(info *authenticator.Info) error
- func (s *Service) UpdateOrphans(oldInfo *identity.Info, newInfo *identity.Info) error
- func (s *Service) VerifyOneWithSpec(userID string, authenticatorType model.AuthenticatorType, ...) (info *authenticator.Info, verifyResult *VerifyResult, err error)
- func (s *Service) WithSpec(ai *authenticator.Info, spec *authenticator.Spec) (bool, *authenticator.Info, error)
- type Store
- func (s *Store) Count(userID string) (uint64, error)
- func (s *Store) GetRefByID(id string) (*authenticator.Ref, error)
- func (s *Store) ListRefsByIDs(ids []string) ([]*authenticator.Ref, error)
- func (s *Store) ListRefsByUsers(userIDs []string, authenticatorType *model.AuthenticatorType, ...) ([]*authenticator.Ref, error)
- type TOTPAuthenticatorProvider
- type VerifyOptions
- type VerifyResult
Constants ¶
View Source
const ( VerifyPasswordPerIP ratelimit.BucketName = "VerifyPasswordPerIP" VerifyPasswordPerUserPerIP ratelimit.BucketName = "VerifyPasswordPerUserPerIP" VerifyTOTPPerIP ratelimit.BucketName = "VerifyTOTPPerIP" VerifyTOTPPerUserPerIP ratelimit.BucketName = "VerifyTOTPPerUserPerIP" VerifyPasskeyPerIP ratelimit.BucketName = "VerifyPasskeyPerIP" )
Variables ¶
Functions ¶
This section is empty.
Types ¶
type Lockout ¶
type Lockout struct { Config *config.AuthenticationLockoutConfig RemoteIP httputil.RemoteIP Provider LockoutProvider }
func (*Lockout) ClearAttempts ¶
func (l *Lockout) ClearAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error
func (*Lockout) MakeAttempt ¶
func (l *Lockout) MakeAttempt(userID string, authenticatorType model.AuthenticatorType) error
type LockoutProvider ¶
type LockoutProvider interface { MakeAttempts(spec lockout.LockoutSpec, contributor string, attempts int) (result *lockout.MakeAttemptResult, err error) ClearAttempts(spec lockout.LockoutSpec, contributor string) error }
type OOBOTPAuthenticatorProvider ¶
type OOBOTPAuthenticatorProvider interface { Get(userID, id string) (*authenticator.OOBOTP, error) GetMany(ids []string) ([]*authenticator.OOBOTP, error) List(userID string) ([]*authenticator.OOBOTP, error) New(id string, userID string, oobAuthenticatorType model.AuthenticatorType, target string, isDefault bool, kind string) (*authenticator.OOBOTP, error) WithSpec(a *authenticator.OOBOTP, spec *authenticator.OOBOTPSpec) (*authenticator.OOBOTP, error) Create(*authenticator.OOBOTP) error Update(*authenticator.OOBOTP) error Delete(*authenticator.OOBOTP) error }
type OTPCodeService ¶
type PasskeyAuthenticatorProvider ¶
type PasskeyAuthenticatorProvider interface { Get(userID, id string) (*authenticator.Passkey, error) GetMany(ids []string) ([]*authenticator.Passkey, error) List(userID string) ([]*authenticator.Passkey, error) New( id string, userID string, attestationResponse []byte, isDefault bool, kind string, ) (*authenticator.Passkey, error) Create(*authenticator.Passkey) error Update(*authenticator.Passkey) error Delete(*authenticator.Passkey) error Authenticate(a *authenticator.Passkey, assertionResponse []byte) (requireUpdate bool, err error) }
type PasswordAuthenticatorProvider ¶
type PasswordAuthenticatorProvider interface { Get(userID, id string) (*authenticator.Password, error) GetMany(ids []string) ([]*authenticator.Password, error) List(userID string) ([]*authenticator.Password, error) New(id string, userID string, passwordSpec *authenticator.PasswordSpec, isDefault bool, kind string) (*authenticator.Password, error) // WithPassword returns new authenticator pointer if password is changed // Otherwise original authenticator will be returned WithPassword(a *authenticator.Password, password string) (*authenticator.Password, error) Create(*authenticator.Password) error UpdatePassword(*authenticator.Password) error Delete(*authenticator.Password) error Authenticate(a *authenticator.Password, password string) (verifyResult *password.VerifyResult, err error) }
type RateLimiter ¶
type RateLimiter interface { Reserve(spec ratelimit.BucketSpec) *ratelimit.Reservation Cancel(r *ratelimit.Reservation) }
type RateLimits ¶
type RateLimits struct { IP httputil.RemoteIP Config *config.AuthenticationConfig RateLimiter RateLimiter }
func (*RateLimits) Cancel ¶
func (l *RateLimits) Cancel(r *Reservation)
func (*RateLimits) Reserve ¶
func (l *RateLimits) Reserve(userID string, authType model.AuthenticatorType) *Reservation
type Reservation ¶
type Reservation struct {
// contains filtered or unexported fields
}
func (*Reservation) Consume ¶
func (r *Reservation) Consume()
func (*Reservation) Error ¶
func (r *Reservation) Error() error
type Service ¶
type Service struct { Store *Store Config *config.AppConfig Password PasswordAuthenticatorProvider Passkey PasskeyAuthenticatorProvider TOTP TOTPAuthenticatorProvider OOBOTP OOBOTPAuthenticatorProvider OTPCodeService OTPCodeService RateLimits RateLimits Lockout Lockout }
func (*Service) ClearLockoutAttempts ¶
func (s *Service) ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error
func (*Service) List ¶
func (s *Service) List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
func (*Service) ListByUserIDs ¶
func (s *Service) ListByUserIDs(userIDs []string, filters ...authenticator.Filter) (map[string][]*authenticator.Info, error)
nolint:gocognit
func (*Service) ListRefsByUsers ¶
func (s *Service) ListRefsByUsers(userIDs []string, authenticatorType *model.AuthenticatorType, authenticatorKind *authenticator.Kind) ([]*authenticator.Ref, error)
func (*Service) New ¶
func (s *Service) New(spec *authenticator.Spec) (*authenticator.Info, error)
func (*Service) NewWithAuthenticatorID ¶
func (s *Service) NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
func (*Service) UpdateOrphans ¶
func (*Service) VerifyOneWithSpec ¶
func (s *Service) VerifyOneWithSpec( userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *VerifyOptions) (info *authenticator.Info, verifyResult *VerifyResult, err error)
Given a list of authenticators, try to verify one of them
func (*Service) WithSpec ¶
func (s *Service) WithSpec(ai *authenticator.Info, spec *authenticator.Spec) (bool, *authenticator.Info, error)
type Store ¶
type Store struct { SQLBuilder *appdb.SQLBuilderApp SQLExecutor *appdb.SQLExecutor }
func (*Store) GetRefByID ¶
func (s *Store) GetRefByID(id string) (*authenticator.Ref, error)
func (*Store) ListRefsByIDs ¶
func (s *Store) ListRefsByIDs(ids []string) ([]*authenticator.Ref, error)
func (*Store) ListRefsByUsers ¶
func (s *Store) ListRefsByUsers(userIDs []string, authenticatorType *model.AuthenticatorType, authenticatorKind *authenticator.Kind) ([]*authenticator.Ref, error)
type TOTPAuthenticatorProvider ¶
type TOTPAuthenticatorProvider interface { Get(userID, id string) (*authenticator.TOTP, error) GetMany(ids []string) ([]*authenticator.TOTP, error) List(userID string) ([]*authenticator.TOTP, error) New(id string, userID string, totpSpec *authenticator.TOTPSpec, isDefault bool, kind string) (*authenticator.TOTP, error) Create(*authenticator.TOTP) error Delete(*authenticator.TOTP) error Authenticate(a *authenticator.TOTP, code string) error }
type VerifyOptions ¶
type VerifyOptions struct { OOBChannel *model.AuthenticatorOOBChannel UseSubmittedValue bool }
type VerifyResult ¶
type VerifyResult struct { Password *password.VerifyResult Passkey bool }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.