Documentation ¶
Overview ¶
Package authn helps integrate and abstract authentication providers.
Copyright (c) 2018 - 2024 PhotoPrism UG. All rights reserved.
This program is free software: you can redistribute it and/or modify it under Version 3 of the GNU Affero General Public License (the "AGPL"): <https://docs.photoprism.app/license/agpl> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. The AGPL is supplemented by our Trademark and Brand Guidelines, which describe how our Brand Assets may be used: <https://www.photoprism.app/trademark>
Feel free to send an email to hello@photoprism.app if you have questions, want to support our work, or just want to say hello.
Additional information can be found in our Developer Guide: <https://docs.photoprism.app/developer-guide/>
Index ¶
- Constants
- Variables
- func Username(name string) (sanitized string, err error)
- type GrantType
- type KeyType
- type MethodType
- func (t MethodType) Equal(s string) bool
- func (t MethodType) Is(methodType MethodType) bool
- func (t MethodType) IsDefault() bool
- func (t MethodType) IsNot(methodType MethodType) bool
- func (t MethodType) IsSession() bool
- func (t MethodType) IsUndefined() bool
- func (t MethodType) NotEqual(s string) bool
- func (t MethodType) Pretty() string
- func (t MethodType) String() string
- type ProviderType
- func (t ProviderType) Equal(s string) bool
- func (t ProviderType) Is(providerType ProviderType) bool
- func (t ProviderType) IsApplication() bool
- func (t ProviderType) IsClient() bool
- func (t ProviderType) IsDefault() bool
- func (t ProviderType) IsLocal() bool
- func (t ProviderType) IsNot(providerType ProviderType) bool
- func (t ProviderType) IsRemote() bool
- func (t ProviderType) IsUndefined() bool
- func (t ProviderType) NotEqual(s string) bool
- func (t ProviderType) Pretty() string
- func (t ProviderType) String() string
- func (t ProviderType) SupportsPasscodeAuthentication() bool
- func (t ProviderType) SupportsPasswordAuthentication() bool
Constants ¶
const ( ClientConfidential = "confidential" ClientPublic = "public" ClientUnknown = "" )
API client types.
const ( Denied = "denied" Granted = "granted" Created = "created" Succeeded = "succeeded" Verified = "verified" Activated = "activated" Deactivated = "deactivated" Passcode = "passcode" Session = "session" Sessions = "sessions" Users = "users" )
Generic status messages for authentication and authorization:
Variables ¶
var ( ErrAccountAlreadyExists = errors.New("account already exists") ErrAccountNotFound = errors.New("account not found") ErrAccountDisabled = errors.New("account disabled") ErrInvalidRequest = errors.New("invalid request") ErrInvalidCredentials = errors.New("invalid credentials") ErrTokenRequired = errors.New("token required") ErrInvalidToken = errors.New("invalid token") ErrInvalidTokenType = errors.New("invalid token type") ErrInsufficientScope = errors.New("insufficient scope") ErrNameRequired = errors.New("name required") ErrScopeRequired = errors.New("scope required") ErrDisabledInPublicMode = errors.New("disabled in public mode") ErrAuthenticationDisabled = errors.New("authentication disabled") ErrRateLimitExceeded = errors.New("rate limit exceeded") )
Generic error messages for authentication and authorization:
var ( ErrInvalidGrantType = errors.New("invalid grant type") ErrInvalidClientID = errors.New("invalid client id") ErrClientIDRequired = errors.New("client id required") ErrInvalidClientSecret = errors.New("invalid client secret") ErrClientSecretRequired = errors.New("client secret required") )
OAuth2-related error messages:
var ( ErrUsernameRequired = errors.New("username required") ErrInvalidUsername = errors.New("invalid username") ErrUsernameDoesNotMatch = errors.New("specified username does not match") )
User-related error messages:
var ( ErrPasscodeRequired = errors.New("passcode required") ErrPasscodeNotSetUp = errors.New("passcode required, but not configured") ErrPasscodeNotVerified = errors.New("passcode not verified") ErrPasscodeAlreadyActivated = errors.New("passcode already activated") ErrPasscodeGenerateFailed = errors.New("failed to generate passcode") ErrPasscodeCreateFailed = errors.New("failed to create passcode") ErrPasscodeSaveFailed = errors.New("failed to save passcode") ErrPasscodeVerificationFailed = errors.New("failed to verify passcode") ErrPasscodeActivationFailed = errors.New("failed to activate passcode") ErrPasscodeDeactivationFailed = errors.New("failed to deactivate passcode") ErrPasscodeNotSupported = errors.New("passcode not supported") ErrInvalidPasscode = errors.New("invalid passcode") ErrInvalidPasscodeFormat = errors.New("invalid passcode format") ErrInvalidPasscodeKey = errors.New("invalid passcode key") ErrInvalidPasscodeType = errors.New("invalid passcode type") )
Passcode-related error messages:
var ( ErrInvalidPassword = errors.New("invalid password") ErrPasswordRequired = errors.New("password required") ErrPasswordTooShort = errors.New("password is too short") ErrPasswordTooLong = errors.New(fmt.Sprintf("password must have less than %d characters", txt.ClipPassword)) ErrPasswordsDoNotMatch = errors.New("passwords do not match") )
Password-related error messages:
var ( ErrWebDAVAccessDisabled = errors.New("webdav access is disabled") ErrFailedToCreateUploadPath = errors.New("failed to create upload path") )
WebDAV-related error messages:
var ( ErrEmpty = errors.New("empty") ErrTooLong = errors.New("too long") ErrInvalid = errors.New("invalid") ErrReserved = errors.New("reserved") )
var ClientProviders = list.List{ string(ProviderClient), string(ProviderApplication), string(ProviderAccessToken), }
ClientProviders contains all client authentication providers.
var LocalProviders = list.List{ string(ProviderLocal), }
LocalProviders contains local auth providers.
var PasscodeProviders = list.List{ string(ProviderDefault), string(ProviderLocal), string(ProviderLDAP), }
PasscodeProviders contains authentication providers that support 2-Factor Authentication (2FA) with a TOTP passcode.
var PasswordProviders = list.List{ string(ProviderDefault), string(ProviderLocal), string(ProviderLDAP), }
PasswordProviders contains authentication providers that allow a password to be checked for authentication.
var RemoteProviders = list.List{ string(ProviderOIDC), string(ProviderLDAP), }
RemoteProviders contains remote auth providers.
Functions ¶
Types ¶
type GrantType ¶
type GrantType string
GrantType represents an authentication grant type.
const ( GrantUndefined GrantType = "" GrantCLI GrantType = "cli" GrantImplicit GrantType = "implicit" GrantSession GrantType = "session" GrantPassword GrantType = "password" GrantClientCredentials GrantType = "client_credentials" GrantRefreshToken GrantType = "refresh_token" GrantAuthorizationCode GrantType = "authorization_code" GrantJwtBearer GrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer" GrantSamlBearer GrantType = "urn:ietf:params:oauth:grant-type:saml2-bearer" GrantTokenExchange GrantType = "urn:ietf:params:oauth:grant-type:token-exchange" )
Standard authentication grant types.
func (GrantType) IsUndefined ¶
IsUndefined checks if the grant is undefined.
type KeyType ¶
type KeyType string
KeyType represents a multi-factor authentication key type.
type MethodType ¶
type MethodType string
MethodType represents an authentication method.
const ( MethodUndefined MethodType = "" MethodDefault MethodType = "default" MethodSession MethodType = "session" MethodOAuth2 MethodType = "oauth2" Method2FA MethodType = "2fa" )
Authentication methods.
func Methods ¶
func Methods(s string) []MethodType
Methods casts a string to normalized method type strings.
func (MethodType) Equal ¶
func (t MethodType) Equal(s string) bool
Equal checks if the type matches the specified string.
func (MethodType) Is ¶
func (t MethodType) Is(methodType MethodType) bool
Is compares the method with another type.
func (MethodType) IsDefault ¶
func (t MethodType) IsDefault() bool
IsDefault checks if this is the default method.
func (MethodType) IsNot ¶
func (t MethodType) IsNot(methodType MethodType) bool
IsNot checks if the method is not the specified type.
func (MethodType) IsSession ¶
func (t MethodType) IsSession() bool
IsSession checks if this is the session method.
func (MethodType) IsUndefined ¶
func (t MethodType) IsUndefined() bool
IsUndefined checks if the method is undefined.
func (MethodType) NotEqual ¶
func (t MethodType) NotEqual(s string) bool
NotEqual checks if the type does not match the specified string.
func (MethodType) Pretty ¶
func (t MethodType) Pretty() string
Pretty returns the provider identifier in an easy-to-read format.
func (MethodType) String ¶
func (t MethodType) String() string
String returns the provider identifier as a string.
type ProviderType ¶
type ProviderType string
ProviderType represents an authentication provider type.
const ( ProviderUndefined ProviderType = "" ProviderDefault ProviderType = "default" ProviderClient ProviderType = "client" ProviderApplication ProviderType = "application" ProviderAccessToken ProviderType = "access_token" ProviderLocal ProviderType = "local" ProviderOIDC ProviderType = "oidc" ProviderLDAP ProviderType = "ldap" ProviderLink ProviderType = "link" ProviderNone ProviderType = "none" )
Standard authentication provider types.
func Provider ¶
func Provider(s string) ProviderType
Provider casts a string to a normalized provider type.
func Providers ¶
func Providers(s string) []ProviderType
Providers casts a string to normalized provider type strings.
func (ProviderType) Equal ¶
func (t ProviderType) Equal(s string) bool
Equal checks if the type matches the specified string.
func (ProviderType) Is ¶
func (t ProviderType) Is(providerType ProviderType) bool
Is compares the provider with another type.
func (ProviderType) IsApplication ¶
func (t ProviderType) IsApplication() bool
IsApplication checks if the authentication is provided for an application.
func (ProviderType) IsClient ¶
func (t ProviderType) IsClient() bool
IsClient checks if the authentication is provided for a client.
func (ProviderType) IsDefault ¶
func (t ProviderType) IsDefault() bool
IsDefault checks if this is the default provider.
func (ProviderType) IsLocal ¶
func (t ProviderType) IsLocal() bool
IsLocal checks if local authentication is possible.
func (ProviderType) IsNot ¶
func (t ProviderType) IsNot(providerType ProviderType) bool
IsNot checks if the provider is not the specified type.
func (ProviderType) IsRemote ¶
func (t ProviderType) IsRemote() bool
IsRemote checks if the provider is external.
func (ProviderType) IsUndefined ¶
func (t ProviderType) IsUndefined() bool
IsUndefined checks if the provider is undefined.
func (ProviderType) NotEqual ¶
func (t ProviderType) NotEqual(s string) bool
NotEqual checks if the type does not match the specified string.
func (ProviderType) Pretty ¶
func (t ProviderType) Pretty() string
Pretty returns the provider identifier in an easy-to-read format.
func (ProviderType) String ¶
func (t ProviderType) String() string
String returns the provider identifier as a string.
func (ProviderType) SupportsPasscodeAuthentication ¶
func (t ProviderType) SupportsPasscodeAuthentication() bool
SupportsPasscodeAuthentication checks if the provider supports two-factor authentication with a passcode.
func (ProviderType) SupportsPasswordAuthentication ¶
func (t ProviderType) SupportsPasswordAuthentication() bool
SupportsPasswordAuthentication checks if the provider allows a password to be checked for authentication.