selfhosted

package
v0.0.0-...-8b70b2c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2023 License: Unlicense Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UidSize      = 6                 // nolint
	PubLen       = common.TokenIDLen // of otp token
	AesSize      = 16
	OtpSize      = common.TokenOTPLen
	CrcOkResidue = 0xf0b8
	ModHexMap    = "cbdefghijklnrtuv"
)

Variables

This section is empty.

Functions

func ParseToken 

func ParseToken(token string) ([]byte, []byte, error)

ParseToken generic util to parse a OTP into public-key (yubikey ID) and token

Types

type Token 

type Token struct {
	// Uid Private secret ID
	Uid [UidSize]byte // nolint
	// Ctr Usage counter
	Ctr uint16
	// Tstpl timestamp
	Tstpl uint16
	// Tstph timestamp hour
	Tstph uint8
	// Use Session usage counter
	Use uint8
	// Rnd Random number
	Rnd uint16
	// Crc checksum of token
	Crc uint16
}

Token Yubikey token structure. See https://developers.yubico.com/OTP/OTPs_Explained.html

func ShvValidateOTP 

func ShvValidateOTP(user model.YubiUser, otp []byte) (*Token, error)

ShvValidateOTP self-hosted validation of OTP token. Note that `otp` should NOT include the leading public key.

type YubiAuth 

type YubiAuth struct {
	// contains filtered or unexported fields
}

func NewYubiAuth 

func NewYubiAuth(dsn string) (*YubiAuth, error)

NewYubiAuth creates an instance of a Yubi Key authenticator. If dsn is not empty, it specifies an implementation of a Databaser interface where self-hosted yubikeys are stored for valid users. Otherwise, Yubi tokens are validated by the default YubiCo services in the cloud.

func (*YubiAuth) Bytes 

func (y *YubiAuth) Bytes() []byte

func (*YubiAuth) Done 

func (y *YubiAuth) Done() bool

Done finished reading the token?

func (*YubiAuth) GetDB 

func (y *YubiAuth) GetDB() yubidb.Databaser

func (*YubiAuth) GetResetCount 

func (y *YubiAuth) GetResetCount() int

GetResetCount returns the number of times Reset() has been called

func (*YubiAuth) Public 

func (y *YubiAuth) Public() string

Public the public part of the token

func (*YubiAuth) ReadTokenData 

func (y *YubiAuth) ReadTokenData(reader io.Reader) bool

ReadTokenData reads bytes from input until a CR is found. Returns true if the token has been fully consumed.

func (*YubiAuth) Reset 

func (y *YubiAuth) Reset()

Reset make ready to read next token

func (*YubiAuth) RetryableError 

func (y *YubiAuth) RetryableError(err error) bool

RetryableError validation or other error is retryable?

func (*YubiAuth) SetToken 

func (y *YubiAuth) SetToken(token string)

SetToken instead of reading a token from input, set it from a string

func (*YubiAuth) Token 

func (y *YubiAuth) Token() string

func (*YubiAuth) Validate 

func (y *YubiAuth) Validate() (*model.YubiUser, error)

Validate will validate the yubikey token we read. Looks up yubikey ID from token to ensure user is registered. For the self-hosted validation, it uses the user records secret key to decrypt the token. Uses Yubico server validation when db is nil or user.secret is empty. For self-hosted, the usage count will be updated in the database when the token successfully validates. Returns a non-nil error if it cannot be validated or found in the database.

func (*YubiAuth) VerifyToken 

func (y *YubiAuth) VerifyToken(user model.YubiUser, token string) (*Token, error)

VerifyToken is not normally called. Use Validate() instead. This simply verifies the OTP but does not determine if the token is registered, nor does it update token session counters in the DB.

Source Files

View all Source files

Directories

Path Synopsis
** An implementation of the Databaser interface as an in-memory map for testing
 ** An implementation of the Databaser interface as an in-memory map for testing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.