providers

package

v1.2.0 Latest Latest Go to latest Published: Apr 1, 2019 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/buzzfeed/sso

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Provider
- func New(provider string, p *ProviderData, sc *statsd.Client) Provider
type ProviderData
- func (p *ProviderData) Data() *ProviderData
type SSOProvider
- func NewSSOProvider(p *ProviderData, sc *statsd.Client) *SSOProvider
type SingleFlightProvider
- func NewSingleFlightProvider(provider Provider, StatsdClient *statsd.Client) *SingleFlightProvider
type TestProvider
- func NewTestProvider(providerURL *url.URL, emailAddress string) *TestProvider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMissingRefreshToken     = errors.New("missing refresh token")
	ErrAuthProviderUnavailable = errors.New("auth provider unavailable")
)

Errors

View Source

var (
	ErrUnexpectedReturnType = errors.New("received unexpected return type from single flight func call")
)

Error message for ErrUnexpectedReturnType

Functions ¶

This section is empty.

Types ¶

type Provider ¶

type Provider interface {
	Data() *ProviderData
	Redeem(string, string) (*sessions.SessionState, error)
	ValidateGroup(string, []string) ([]string, bool, error)
	UserGroups(string, []string) ([]string, error)
	ValidateSessionState(*sessions.SessionState, []string) bool
	GetSignInURL(redirectURL *url.URL, finalRedirect string) *url.URL
	GetSignOutURL(redirectURL *url.URL) *url.URL
	RefreshSession(*sessions.SessionState, []string) (bool, error)
}

Provider is an interface exposing functions necessary to authenticate with a given provider.

func New ¶

func New(provider string, p *ProviderData, sc *statsd.Client) Provider

New returns a new sso Provider

type ProviderData ¶

type ProviderData struct {
	ProviderName        string
	ProviderURL         *url.URL
	ProviderURLInternal *url.URL
	ClientID            string
	ClientSecret        string
	SignInURL           *url.URL
	SignOutURL          *url.URL
	RedeemURL           *url.URL
	RefreshURL          *url.URL
	ProfileURL          *url.URL
	ValidateURL         *url.URL
	Scope               string

	SessionValidTTL    time.Duration
	SessionLifetimeTTL time.Duration
	GracePeriodTTL     time.Duration
}

ProviderData holds the fields associated with providers necessary to implement the Provider interface.

func (*ProviderData) Data ¶

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData struct

type SSOProvider ¶

type SSOProvider struct {
	*ProviderData

	StatsdClient *statsd.Client
}

SSOProvider holds the data associated with the SSOProviders necessary to implement a SSOProvider interface.

func NewSSOProvider ¶

func NewSSOProvider(p *ProviderData, sc *statsd.Client) *SSOProvider

NewSSOProvider instantiates a new SSOProvider with provider data and a statsd client.

func (*SSOProvider) GetSignInURL ¶ added in v1.1.0

func (p *SSOProvider) GetSignInURL(redirectURL *url.URL, state string) *url.URL

GetSignInURL with typical oauth parameters

func (*SSOProvider) GetSignOutURL ¶ added in v1.1.0

func (p *SSOProvider) GetSignOutURL(redirectURL *url.URL) *url.URL

GetSignOutURL creates and returns the sign out URL, given a redirectURL

func (*SSOProvider) Redeem ¶

func (p *SSOProvider) Redeem(redirectURL, code string) (*sessions.SessionState, error)

Redeem takes a redirectURL and code and redeems the SessionState

func (*SSOProvider) RefreshSession ¶

func (p *SSOProvider) RefreshSession(s *sessions.SessionState, allowedGroups []string) (bool, error)

RefreshSession takes a SessionState and allowedGroups and refreshes the session access token, returns `true` on success, and `false` on error

func (*SSOProvider) UserGroups ¶

func (p *SSOProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and returns the UserGroups for that email

func (*SSOProvider) ValidateGroup ¶

func (p *SSOProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup does a GET request to the profile url and returns true if the user belongs to an authorized group.

func (*SSOProvider) ValidateSessionState ¶

func (p *SSOProvider) ValidateSessionState(s *sessions.SessionState, allowedGroups []string) bool

ValidateSessionState takes a sessionState and allowedGroups and validates the session state

type SingleFlightProvider ¶

type SingleFlightProvider struct {
	StatsdClient *statsd.Client
	// contains filtered or unexported fields
}

SingleFlightProvider middleware provider that multiple requests for the same object to be processed as a single request. This is often called request collpasing or coalesce. This middleware leverages the golang singlelflight provider, with modifications for metrics.

It's common among HTTP reverse proxy cache servers such as nginx, Squid or Varnish - they all call it something else but works similarly.

* https://www.varnish-cache.org/docs/3.0/tutorial/handling_misbehaving_servers.html * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock * http://wiki.squid-cache.org/Features/CollapsedForwarding

func NewSingleFlightProvider ¶

func NewSingleFlightProvider(provider Provider, StatsdClient *statsd.Client) *SingleFlightProvider

NewSingleFlightProvider instatiates a SingleFlightProvider given a provider and statsdClient

func (*SingleFlightProvider) Data ¶

func (p *SingleFlightProvider) Data() *ProviderData

Data calls the provider's Data function

func (*SingleFlightProvider) GetSignInURL ¶

func (p *SingleFlightProvider) GetSignInURL(redirectURI *url.URL, finalRedirect string) *url.URL

GetSignInURL calls the GetSignInURL for the provider, which will return the sign in url

func (*SingleFlightProvider) GetSignOutURL ¶

func (p *SingleFlightProvider) GetSignOutURL(redirectURI *url.URL) *url.URL

GetSignOutURL calls the GetSignOutURL for the provider, which will return the sign out url

func (*SingleFlightProvider) Redeem ¶

func (p *SingleFlightProvider) Redeem(redirectURL, code string) (*sessions.SessionState, error)

Redeem takes the redirectURL and a code and calls the provider function Redeem

func (*SingleFlightProvider) RefreshSession ¶

func (p *SingleFlightProvider) RefreshSession(s *sessions.SessionState, allowedGroups []string) (bool, error)

RefreshSession takes in a SessionState and allowedGroups and returns false if the session is not refreshed and true if it is.

func (*SingleFlightProvider) UserGroups ¶

func (p *SingleFlightProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and passes it to the provider's UserGroups function and returns the response

func (*SingleFlightProvider) ValidateGroup ¶

func (p *SingleFlightProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup takes an email, allowedGroups, and userGroups and passes it to the provider's ValidateGroup function and returns the response

func (*SingleFlightProvider) ValidateSessionState ¶

func (p *SingleFlightProvider) ValidateSessionState(s *sessions.SessionState, allowedGroups []string) bool

ValidateSessionState calls the provider's ValidateSessionState function and returns the response

type TestProvider ¶ added in v1.1.0

type TestProvider struct {
	RefreshSessionFunc  func(*sessions.SessionState, []string) (bool, error)
	ValidateSessionFunc func(*sessions.SessionState, []string) bool
	RedeemFunc          func(string, string) (*sessions.SessionState, error)
	UserGroupsFunc      func(string, []string) ([]string, error)
	ValidateGroupsFunc  func(string, []string) ([]string, bool, error)
	*ProviderData
}

TestProvider is a mock provider

func NewTestProvider ¶ added in v1.1.0

func NewTestProvider(providerURL *url.URL, emailAddress string) *TestProvider

NewTestProvider returns a new TestProvider

func (*TestProvider) GetSignInURL ¶ added in v1.1.0

func (tp *TestProvider) GetSignInURL(redirectURL *url.URL, state string) *url.URL

GetSignInURL mocks GetSignInURL

func (*TestProvider) GetSignOutURL ¶ added in v1.1.0

func (tp *TestProvider) GetSignOutURL(redirectURL *url.URL) *url.URL

GetSignOutURL mocks GetSignOutURL function

func (*TestProvider) Redeem ¶ added in v1.1.0

func (tp *TestProvider) Redeem(redirectURL string, token string) (*sessions.SessionState, error)

Redeem mocks the provider Redeem function

func (*TestProvider) RefreshSession ¶ added in v1.1.0

func (tp *TestProvider) RefreshSession(s *sessions.SessionState, g []string) (bool, error)

RefreshSession mocks the RefreshSession function

func (*TestProvider) UserGroups ¶ added in v1.1.0

func (tp *TestProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups mocks the UserGroups function

func (*TestProvider) ValidateGroup ¶ added in v1.1.0

func (tp *TestProvider) ValidateGroup(email string, groups []string) ([]string, bool, error)

ValidateGroup mocks the ValidateGroup function

func (*TestProvider) ValidateSessionState ¶ added in v1.1.0

func (tp *TestProvider) ValidateSessionState(s *sessions.SessionState, groups []string) bool

ValidateSessionState mocks the ValidateSessionState function

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL