Documentation ¶
Index ¶
- Variables
- func AuthenticationHandler(app *GorgonApp, w http.ResponseWriter, r *http.Request) (err error)
- func CheckAuthenticatedHandler(app *GorgonApp, w http.ResponseWriter, r *http.Request) (err error)
- func CreateCertificate(private_key *PrivateKey, public_key *PublicKey, email string, ...) ([]byte, error)
- func GenerateCertificateHandler(app *GorgonApp, w http.ResponseWriter, r *http.Request) (err error)
- func ProvisioningHandler(app *GorgonApp, w http.ResponseWriter, r *http.Request) (err error)
- func SupportDocumentHandler(app *GorgonApp, w http.ResponseWriter, r *http.Request) (err error)
- type Authenticator
- type ErrorKey
- type GorgonApp
- type ImapAuthenticator
- type PrivateKey
- type PublicKey
- type SupportDocument
- type TestAuthenticator
Constants ¶
This section is empty.
Variables ¶
var ( Authenticators = map[string]reflect.Value{ "test": reflect.ValueOf(NewTestAuthenticator), "imap": reflect.ValueOf(NewImapAuthenticator), } )
var (
Version = "0.1.0"
)
Functions ¶
func AuthenticationHandler ¶
AuthenticationHandler is responsible of presenting the auth form and authenticating the user using the app Authenticator and the username/password provided by the user. If the user is successfully authenticated, the "persona-auth" cookie is updated with the username used in the authentication process.
func CheckAuthenticatedHandler ¶
CheckAuthenticateHandler checks if the user has an active session (the user is authenticated). If the user is not authenticated returns an HTTP code 403 (Forbidden), else returns an HTTP code 200 (OK).
func CreateCertificate ¶
func CreateCertificate(private_key *PrivateKey, public_key *PublicKey, email string, cert_duration int, pubkey map[string]string, iss string) ([]byte, error)
CreateCertificate returns the string representation of a token signed with the given private_key. The token contains the following claims: - iat: - exp: expiry date of the certificate - iss: issuer of the certificate (the domain used by the IdP) - public-key: the public key provided by the browser - principal:
- email : the email address of the authenticated user
func GenerateCertificateHandler ¶
GenerateCertificateHandler is called via an AJAX request from the provisioning page when the user is authenticated. This handler returns a generated certificate from informations provided in the query string.
func ProvisioningHandler ¶
ProvisioningHandler returns the content of hidden iframe. The content depends if the user have an active session or not.
func SupportDocumentHandler ¶
SupportDocumentHandler returns the SupportDocument in a JSON encoded response.
Types ¶
type Authenticator ¶
Authenticator is an interface representing a method to authenticate a user. Only one function must be implemented: Authenticate(username, password string) that returns nil when the username/password pair is correct or an error.
func NewAuthenticator ¶
func NewAuthenticator(app GorgonApp, name string) (authenticator Authenticator, err error)
NewAuthenticator returns an Authenticator based on the provided name. The authenticator is configured from app.Config.
func NewImapAuthenticator ¶
func NewImapAuthenticator(app GorgonApp) (Authenticator, error)
NewImapAuthenticator returns a populated ImapAuthenticator
func NewTestAuthenticator ¶
func NewTestAuthenticator(app GorgonApp) (Authenticator, error)
NewTestAuthenticator returns a populated TestAuthenticator.
type ErrorKey ¶
type ErrorKey struct {
// contains filtered or unexported fields
}
ErrorKey is a base error for public/private key operations
type GorgonApp ¶
type GorgonApp struct { Config ini.File // configuration read from a configuration file Router *mux.Router // routes to URL SessionStore *sessions.CookieStore // users sessions (client side cookie) PublicKey *PublicKey // public key for the domain PrivateKey *PrivateKey // private key for the domain Templates *template.Template // list of all templates used by the application Domain string // domain name used for this IdP Authenticator Authenticator // method to authenticate users ListenAddress string // network address on which the app will listens Logger *logging.Logger // Logger for this app }
GorgonApp represents an application used to act as a Persona IdP.
func NewApp ¶
NewApp returns a GorgonApp fully configured and initialized. Panic if the app can't be initialized.
func (*GorgonApp) GetSupportDocument ¶
func (app *GorgonApp) GetSupportDocument() SupportDocument
GetSupportDocument returns a SupportDocument struct for the GorgonApp.
func (GorgonApp) ListenAndServe ¶
ListenAndServe listens on the TCP network address provided by the app configuration and then serve requests on incoming connections.
type ImapAuthenticator ¶
type ImapAuthenticator struct {
// contains filtered or unexported fields
}
ImapAuthenticator implements the Authenticator interface to authenticate users against an Imap server. The username (email) and password are passed without modification to the Imap server.
An example configuration looks like this:
[global] ... auth = imap
[auth:imap] server = imap.example.com
func (ImapAuthenticator) Authenticate ¶
func (a ImapAuthenticator) Authenticate(username, password string) (err error)
Authenticate uses an Imap server to authenticate users. If the Imap server advertise the STARTTLS capability, the connection switches to TLS. The username (email) and password are passed without modification to the Imap server.
type PrivateKey ¶
type PrivateKey struct {
*rsa.PrivateKey // anonymous field to the read RSA private key
}
PrivateKey represents an RSA private key.
func LoadPrivateKey ¶
func LoadPrivateKey(filename string) (*PrivateKey, error)
LoadPrivateKey returns a PrivateKey created from the content of a PEM encoded file containing an RSA private key.
type PublicKey ¶
PublicKey represents an RSA public key that implements the Marshaler interface.
func LoadPublicKey ¶
LoadPublicKey returns a PublicKey created from the content of a PEM encoded file containing an RSA public key.
func (*PublicKey) MarshalJSON ¶
MarshalJSON returns the json representation of the RSA public key
type SupportDocument ¶
type SupportDocument struct { Authentication string `json:"authentication""` Provisioning string `json:"provisioning"` PublicKey *PublicKey `json:"public-key"` }
SupportDocument represents the document where domains advertise their ability to act as Persona Identity Providers located at: "/.well-known/browserid".
type TestAuthenticator ¶
type TestAuthenticator struct {
// contains filtered or unexported fields
}
TestAuthenticator implements the Authenticator interface and is a very simple auth method whose first goal is to test a Gorgon app. This authenticator should not be used in production.
An example configuration looks like this:
[global] ... auth = test
[auth:test] global_password = myverysecretpassword
func (TestAuthenticator) Authenticate ¶
func (a TestAuthenticator) Authenticate(username, password string) (err error)
Authenticate uses a global password to authenticate all users.