interaction

package
v0.0.0-...-122f59b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: Apache-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SignupAnonymousPerIP    ratelimit.BucketName = "SignupAnonymousPerIP"
	SignupPerIP             ratelimit.BucketName = "SignupPerIP"
	AccountEnumerationPerIP ratelimit.BucketName = "AccountEnumerationPerIP"
)
View Source 
const GraphLifetime = duration.UserInteraction

Variables

View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(Context), "*"),
	wire.Struct(new(StoreRedis), "*"),
	wire.Bind(new(Store), new(*StoreRedis)),
	NewLogger,
	wire.Struct(new(Service), "*"),
)
View Source 
var ErrGraphNotFound = errors.New("invalid graph or graph not found")
View Source 
var ErrIncompatibleInput = errors.New("incompatible input type for this node")
View Source 
var ErrSameNode = errors.New("the edge points to the same current node")

Functions

func AccountEnumerationPerIPRateLimitBucketSpec 

func AccountEnumerationPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, ip string) ratelimit.BucketSpec

func Input 

func Input(i interface{}, input interface{}) bool

func IntentKind 

func IntentKind(intent Intent) string

func IsAdminAPI 

func IsAdminAPI(input interface{}) bool

func NodeKind 

func NodeKind(node Node) string

func RegisterIntent 

func RegisterIntent(intent Intent)

func RegisterNode 

func RegisterNode(node Node)

func SignupPerIPRateLimitBucketSpec 

func SignupPerIPRateLimitBucketSpec(c *config.AuthenticationConfig, isAnonymous bool, ip string) ratelimit.BucketSpec

func SortAuthenticators 

func SortAuthenticators(
	preferred []model.AuthenticatorType,
	slice interface{},
	toSortable func(i int) SortableAuthenticator,
)

SortAuthenticators sorts slice in-place by considering preferred as the order. The item in the slice must somehow associated with a single AuthenticatorType.

Types

type AnonymousIdentityProvider 

type AnonymousIdentityProvider interface {
	Get(userID string, id string) (*identity.Anonymous, error)
	ParseRequestUnverified(requestJWT string) (*anonymous.Request, error)
	GetByKeyID(keyID string) (*identity.Anonymous, error)
	ParseRequest(requestJWT string, identity *identity.Anonymous) (*anonymous.Request, error)
}

type AnonymousUserPromotionCodeStore 

type AnonymousUserPromotionCodeStore interface {
	GetPromotionCode(codeHash string) (*anonymous.PromotionCode, error)
	DeletePromotionCode(code *anonymous.PromotionCode) error
}

type AuthenticationInfoService 

type AuthenticationInfoService interface {
	Save(entry *authenticationinfo.Entry) error
}

type AuthenticatorService 

type AuthenticatorService interface {
	Get(id string) (*authenticator.Info, error)
	List(userID string, filters ...authenticator.Filter) ([]*authenticator.Info, error)
	New(spec *authenticator.Spec) (*authenticator.Info, error)
	NewWithAuthenticatorID(authenticatorID string, spec *authenticator.Spec) (*authenticator.Info, error)
	WithSpec(authenticatorInfo *authenticator.Info, spec *authenticator.Spec) (changed bool, info *authenticator.Info, err error)
	Create(authenticatorInfo *authenticator.Info, markVerified bool) error
	Update(authenticatorInfo *authenticator.Info) error
	Delete(authenticatorInfo *authenticator.Info) error
	VerifyWithSpec(info *authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (verifyResult *service.VerifyResult, err error)
	VerifyOneWithSpec(userID string, authenticatorType model.AuthenticatorType, infos []*authenticator.Info, spec *authenticator.Spec, options *facade.VerifyOptions) (info *authenticator.Info, verifyResult *service.VerifyResult, err error)
	ClearLockoutAttempts(userID string, usedMethods []config.AuthenticationLockoutMethod) error
	MarkOOBIdentityVerified(info *authenticator.Info) error
}

type AuthenticatorUpdateReason 

type AuthenticatorUpdateReason string
const (
	AuthenticatorUpdateReasonPolicy AuthenticatorUpdateReason = "policy"
	AuthenticatorUpdateReasonExpiry AuthenticatorUpdateReason = "expiry"
)

type BiometricIdentityProvider 

type BiometricIdentityProvider interface {
	ParseRequestUnverified(requestJWT string) (*biometric.Request, error)
	GetByKeyID(keyID string) (*identity.Biometric, error)
	ParseRequest(requestJWT string, identity *identity.Biometric) (*biometric.Request, error)
}

type ChallengeProvider 

type ChallengeProvider interface {
	Consume(token string) (*challenge.Purpose, error)
	Get(token string) (*challenge.Challenge, error)
}

type Context 

type Context struct {
	IsCommitting   bool   `wire:"-"`
	WebSessionID   string `wire:"-"`
	OAuthSessionID string `wire:"-"`

	Request  *http.Request
	RemoteIP httputil.RemoteIP

	Database            *appdb.SQLExecutor
	Clock               clock.Clock
	Config              *config.AppConfig
	FeatureConfig       *config.FeatureConfig
	OAuthClientResolver OAuthClientResolver

	OfflineGrants                   OfflineGrantStore
	Identities                      IdentityService
	Authenticators                  AuthenticatorService
	AnonymousIdentities             AnonymousIdentityProvider
	AnonymousUserPromotionCodeStore AnonymousUserPromotionCodeStore
	BiometricIdentities             BiometricIdentityProvider
	OTPCodeService                  OTPCodeService
	OTPSender                       OTPSender
	OAuthProviderFactory            OAuthProviderFactory
	OAuthRedirectURIBuilder         OAuthRedirectURIBuilder
	MFA                             MFAService
	ForgotPassword                  ForgotPasswordService
	ResetPassword                   ResetPasswordService
	Passkey                         PasskeyService
	Verification                    VerificationService
	RateLimiter                     RateLimiter

	Nonces NonceService

	Challenges                ChallengeProvider
	Users                     UserService
	StdAttrsService           StdAttrsService
	Events                    EventService
	CookieManager             CookieManager
	AuthenticationInfoService AuthenticationInfoService
	Sessions                  SessionProvider
	SessionManager            SessionManager
	SessionCookie             session.CookieDef
	OAuthSessions             OAuthSessions
	MFADeviceTokenCookie      mfa.CookieDef
}

type ContextValues 

type ContextValues struct {
	WebSessionID   string
	OAuthSessionID string
}

type CookieManager 

type CookieManager interface {
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type Edge 

type Edge interface {
	// Instantiate instantiates the node pointed by the edge.
	// It is ran once only for the pointed node, so side effects visible
	// outside the transaction (e.g. sending messages) is allowed.
	// It may return ErrSameNode if the edge loops back to self.
	// This is used to model side-effect only actions, such as sending
	// OTP message.
	Instantiate(ctx *Context, graph *Graph, input interface{}) (Node, error)
}

type Effect 

type Effect interface {
	// contains filtered or unexported methods
}

type EffectOnCommit 

type EffectOnCommit func(ctx *Context, graph *Graph, nodeIndex int) error

type EffectRun 

type EffectRun func(ctx *Context, graph *Graph, nodeIndex int) error

type ErrClearCookie 

type ErrClearCookie struct {
	Cookies []*http.Cookie
	Inner   error
}

func (*ErrClearCookie) Error 

func (e *ErrClearCookie) Error() string

func (*ErrClearCookie) Unwrap 

func (e *ErrClearCookie) Unwrap() error

type ErrInputRequired 

type ErrInputRequired struct {
	Inner error
}

func (*ErrInputRequired) Error 

func (e *ErrInputRequired) Error() string

func (*ErrInputRequired) Unwrap 

func (e *ErrInputRequired) Unwrap() error

type EventService 

type EventService interface {
	DispatchEventOnCommit(payload event.Payload) error
}

type ForgotPasswordService 

type ForgotPasswordService interface {
	SendCode(loginID string, options *forgotpassword.CodeOptions) error
}

type Graph 

type Graph struct {
	// GraphID is the unique ID for a graph.
	// It is a constant value through out a graph.
	// It is used to keep track of which instances belong to a particular graph.
	// When one graph is committed, any other instances sharing the same GraphID become invalid.
	GraphID string

	// InstanceID is a unique ID for a particular instance of a graph.
	InstanceID string

	// Intent is the intent (i.e. flow type) of the graph
	Intent Intent

	// Nodes are nodes in a specific path from intent of the interaction graph.
	Nodes []Node
}

func (*Graph) Apply 

func (g *Graph) Apply(ctx *Context) error

Apply applies the effect the the graph nodes into the context.

func (*Graph) CurrentNode 

func (g *Graph) CurrentNode() Node

func (*Graph) FillDetails 

func (g *Graph) FillDetails(err error) error

func (*Graph) FindLastNode 

func (g *Graph) FindLastNode(node interface{}) bool

func (*Graph) FindLastNodeAndPosition 

func (g *Graph) FindLastNodeAndPosition(node interface{}) int

func (*Graph) FindLastNodeFromList 

func (g *Graph) FindLastNodeFromList(nodes []interface{}) (node interface{})

FindLastNodeFromList find the last node from a list of node interface

func (*Graph) GetAMR 

func (g *Graph) GetAMR() []string

func (*Graph) GetAuthenticationInfoEntry 

func (g *Graph) GetAuthenticationInfoEntry() (*authenticationinfo.Entry, bool)

func (*Graph) GetNewUserID 

func (g *Graph) GetNewUserID() (string, bool)

func (*Graph) GetRequireUpdateAuthenticator 

func (g *Graph) GetRequireUpdateAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, *AuthenticatorUpdateReason, bool)

func (*Graph) GetUsedAuthenticationLockoutMethods 

func (g *Graph) GetUsedAuthenticationLockoutMethods() []config.AuthenticationLockoutMethod

func (*Graph) GetUserAuthenticator 

func (g *Graph) GetUserAuthenticator(stage authn.AuthenticationStage) (*authenticator.Info, bool)

func (*Graph) GetUserLastIdentity 

func (g *Graph) GetUserLastIdentity() (*identity.Info, bool)

func (*Graph) GetUserNewAuthenticators 

func (g *Graph) GetUserNewAuthenticators() []*authenticator.Info

func (*Graph) GetUserNewIdentities 

func (g *Graph) GetUserNewIdentities() []*identity.Info

func (*Graph) MarshalJSON 

func (g *Graph) MarshalJSON() ([]byte, error)

func (*Graph) MustGetUpdateIdentityID 

func (g *Graph) MustGetUpdateIdentityID() string

func (*Graph) MustGetUserID 

func (g *Graph) MustGetUserID() string

func (*Graph) MustGetUserLastIdentity 

func (g *Graph) MustGetUserLastIdentity() *identity.Info

func (*Graph) UnmarshalJSON 

func (g *Graph) UnmarshalJSON(d []byte) error

type IdentityService 

type IdentityService interface {
	Get(id string) (*identity.Info, error)
	SearchBySpec(spec *identity.Spec) (exactMatch *identity.Info, otherMatches []*identity.Info, err error)
	ListByUser(userID string) ([]*identity.Info, error)
	New(userID string, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	UpdateWithSpec(is *identity.Info, spec *identity.Spec, options identity.NewIdentityOptions) (*identity.Info, error)
	Create(is *identity.Info) error
	Update(oldInfo *identity.Info, newInfo *identity.Info) error
	Delete(is *identity.Info) error
	CheckDuplicated(info *identity.Info) (*identity.Info, error)
}

type Intent 

type Intent interface {
	InstantiateRootNode(ctx *Context, graph *Graph) (Node, error)
	DeriveEdgesForNode(graph *Graph, node Node) ([]Edge, error)
}

func InstantiateIntent 

func InstantiateIntent(kind string) Intent

type IntentFactory 

type IntentFactory func() Intent

type Logger 

type Logger struct{ *log.Logger }

func NewLogger 

func NewLogger(lf *log.Factory) Logger

type MFAService 

type MFAService interface {
	GenerateDeviceToken() string
	CreateDeviceToken(userID string, token string) (*mfa.DeviceToken, error)
	VerifyDeviceToken(userID string, token string) error
	InvalidateAllDeviceTokens(userID string) error

	VerifyRecoveryCode(userID string, code string) (*mfa.RecoveryCode, error)
	ConsumeRecoveryCode(rc *mfa.RecoveryCode) error
	GenerateRecoveryCodes() []string
	ReplaceRecoveryCodes(userID string, codes []string) ([]*mfa.RecoveryCode, error)
	ListRecoveryCodes(userID string) ([]*mfa.RecoveryCode, error)
}

type Node 

type Node interface {
	// Prepare the node with data required by DeriveEdges.
	Prepare(ctx *Context, graph *Graph) error
	// GetEffects describe the effects of this node.
	// The effects may be ran multiple times, due replaying the graph.
	// So no external visible side effect is allowed.
	GetEffects() (effs []Effect, err error)
	DeriveEdges(graph *Graph) ([]Edge, error)
}

func InstantiateNode 

func InstantiateNode(kind string) Node

type NodeFactory 

type NodeFactory func() Node

type NonceService 

type NonceService interface {
	GenerateAndSet() string
	GetAndClear() string
}

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthProviderFactory 

type OAuthProviderFactory interface {
	NewOAuthProvider(alias string) sso.OAuthProvider
}

type OAuthRedirectURIBuilder 

type OAuthRedirectURIBuilder interface {
	SSOCallbackURL(alias string) *url.URL
	WeChatAuthorizeURL(alias string) *url.URL
	WeChatCallbackEndpointURL() *url.URL
}

type OAuthSessions 

type OAuthSessions interface {
	Get(entryID string) (*oauthsession.Entry, error)
	Save(entry *oauthsession.Entry) (err error)
}

type OOBType 

type OOBType string
const (
	OOBTypeSetupPrimary          OOBType = "setup-primary-oob"
	OOBTypeSetupSecondary        OOBType = "setup-secondary-oob"
	OOBTypeAuthenticatePrimary   OOBType = "authenticate-primary-oob"
	OOBTypeAuthenticateSecondary OOBType = "authenticate-secondary-oob"
)

type OTPCodeService 

type OTPCodeService interface {
	GenerateOTP(kind otp.Kind, target string, form otp.Form, opt *otp.GenerateOptions) (string, error)
	VerifyOTP(kind otp.Kind, target string, otp string, opts *otp.VerifyOptions) error
}

type OTPSender 

type OTPSender interface {
	Prepare(channel model.AuthenticatorOOBChannel, target string, form otp.Form, typ otp.MessageType) (*otp.PreparedMessage, error)
	Send(msg *otp.PreparedMessage, opts otp.SendOptions) error
}

type OfflineGrantStore 

type OfflineGrantStore interface {
	ListClientOfflineGrants(clientID string, userID string) ([]*oauth.OfflineGrant, error)
}

type PasskeyService 

type PasskeyService interface {
	ConsumeAttestationResponse(attestationResponse []byte) (err error)
	ConsumeAssertionResponse(assertionResponse []byte) (err error)
}

type RateLimiter 

type RateLimiter interface {
	Allow(spec ratelimit.BucketSpec) error
	Reserve(spec ratelimit.BucketSpec) *ratelimit.Reservation
	Cancel(r *ratelimit.Reservation)
}

type ResetPasswordService 

type ResetPasswordService interface {
	ResetPassword(code string, newPassword string) error
	SetPassword(userID string, newPassword string) error
}

type Service 

type Service struct {
	Logger  Logger
	Context *Context
	Store   Store
}

func (*Service) Accept 

func (s *Service) Accept(ctx *Context, graph *Graph, input interface{}) (*Graph, []Edge, error)

func (*Service) DryRun 

func (s *Service) DryRun(contextValues ContextValues, fn func(*Context) (*Graph, error)) (err error)

func (*Service) Get 

func (s *Service) Get(instanceID string) (*Graph, error)

func (*Service) NewGraph 

func (s *Service) NewGraph(ctx *Context, intent Intent) (*Graph, error)

func (*Service) Run 

func (s *Service) Run(contextValues ContextValues, graph *Graph) (err error)

type SessionManager 

type SessionManager interface {
	RevokeWithoutEvent(session.Session) error
}

type SessionProvider 

type SessionProvider interface {
	MakeSession(*session.Attrs) (*idpsession.IDPSession, string)
	Create(*idpsession.IDPSession) error
	Reauthenticate(idpSessionID string, amr []string) error
}

type SortableAuthenticator 

type SortableAuthenticator interface {
	AuthenticatorType() model.AuthenticatorType
	IsDefaultAuthenticator() bool
}

type SortableAuthenticatorInfo 

type SortableAuthenticatorInfo authenticator.Info

func (*SortableAuthenticatorInfo) AuthenticatorType 

func (i *SortableAuthenticatorInfo) AuthenticatorType() model.AuthenticatorType

func (*SortableAuthenticatorInfo) IsDefaultAuthenticator 

func (i *SortableAuthenticatorInfo) IsDefaultAuthenticator() bool

type StdAttrsService 

type StdAttrsService interface {
	PopulateStandardAttributes(userID string, iden *identity.Info) error
}

type Store 

type Store interface {
	CreateGraph(graph *Graph) error
	CreateGraphInstance(graph *Graph) error
	GetGraphInstance(instanceID string) (*Graph, error)
	DeleteGraph(graph *Graph) error
}

type StoreRedis 

type StoreRedis struct {
	Redis *appredis.Handle
	AppID config.AppID
}

func (*StoreRedis) CreateGraph 

func (s *StoreRedis) CreateGraph(graph *Graph) error

func (*StoreRedis) CreateGraphInstance 

func (s *StoreRedis) CreateGraphInstance(graph *Graph) error

func (*StoreRedis) DeleteGraph 

func (s *StoreRedis) DeleteGraph(graph *Graph) error

func (*StoreRedis) GetGraphInstance 

func (s *StoreRedis) GetGraphInstance(instanceID string) (*Graph, error)

type UserService 

type UserService interface {
	Get(id string, role accesscontrol.Role) (*model.User, error)
	GetRaw(id string) (*user.User, error)
	Create(userID string) (*user.User, error)
	AfterCreate(
		user *user.User,
		identities []*identity.Info,
		authenticators []*authenticator.Info,
		isAdminAPI bool,
	) error
	UpdateLoginTime(userID string, lastLoginAt time.Time) error
}

type VerificationService 

type VerificationService interface {
	GetIdentityVerificationStatus(i *identity.Info) ([]verification.ClaimStatus, error)
	GetAuthenticatorVerificationStatus(a *authenticator.Info) (verification.AuthenticatorStatus, error)
	NewVerifiedClaim(userID string, claimName string, claimValue string) *verification.Claim
	MarkClaimVerified(claim *verification.Claim) error
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.