mfa

package
v0.0.0-...-5c79d48 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HandleMFAPromptGoroutines 

func HandleMFAPromptGoroutines(ctx context.Context, startGoroutines func(context.Context, *sync.WaitGroup, chan<- MFAGoroutineResponse)) (*proto.MFAAuthenticateResponse, error)

HandleMFAPromptGoroutines spawns MFA prompt goroutines and returns the first successful response, terminating error, or an aggregated error if they all fail.

Types

type CLIPrompt 

type CLIPrompt struct {
	// contains filtered or unexported fields
}

CLIPrompt is the default CLI mfa prompt implementation.

func NewCLIPrompt 

func NewCLIPrompt(cfg *PromptConfig, writer io.Writer) *CLIPrompt

NewCLIPrompt returns a new CLI mfa prompt with the config and writer.

func (*CLIPrompt) Run 

func (c *CLIPrompt) Run(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (*proto.MFAAuthenticateResponse, error)

Run prompts the user to complete an MFA authentication challenge.

type MFAGoroutineResponse 

type MFAGoroutineResponse struct {
	Resp *proto.MFAAuthenticateResponse
	Err  error
}

MFAGoroutineResponse is an MFA goroutine response.

type PromptConfig 

type PromptConfig struct {
	mfa.PromptConfig
	// ProxyAddress is the address of the authenticating proxy. required.
	ProxyAddress string
	// WebauthnLoginFunc performs client-side Webauthn login.
	WebauthnLoginFunc func(ctx context.Context, origin string, assertion *wantypes.CredentialAssertion, prompt wancli.LoginPrompt, opts *wancli.LoginOpts) (*proto.MFAAuthenticateResponse, string, error)
	// AllowStdinHijack allows stdin hijack during MFA prompts.
	// Stdin hijack provides a better login UX, but it can be difficult to reason
	// about and is often a source of bugs.
	// Do not set this options unless you deeply understand what you are doing.
	// If false then only the strongest auth method is prompted.
	AllowStdinHijack bool
	// AuthenticatorAttachment specifies the desired authenticator attachment.
	AuthenticatorAttachment wancli.AuthenticatorAttachment
	// PreferOTP favors OTP challenges, if applicable.
	// Takes precedence over AuthenticatorAttachment settings.
	PreferOTP bool
	// WebauthnSupported indicates whether Webauthn is supported.
	WebauthnSupported bool
}

PromptConfig contains common mfa prompt config options.

func NewPromptConfig 

func NewPromptConfig(proxyAddr string, opts ...mfa.PromptOpt) *PromptConfig

NewPromptConfig returns a prompt config that will induce default behavior.

func (PromptConfig) GetRunOptions 

func (c PromptConfig) GetRunOptions(ctx context.Context, chal *proto.MFAAuthenticateChallenge) (RunOpts, error)

GetRunOptions gets mfa prompt run options by cross referencing the mfa challenge with prompt configuration.

func (PromptConfig) GetWebauthnOrigin 

func (c PromptConfig) GetWebauthnOrigin() string

type RunOpts 

type RunOpts struct {
	PromptTOTP     bool
	PromptWebauthn bool
}

RunOpts are mfa prompt run options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.