authn

package
v0.0.0-...-6a2a004 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 2, 2024 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package authn helps integrate and abstract authentication providers.

Copyright (c) 2018 - 2024 PhotoPrism UG. All rights reserved. 

This program is free software: you can redistribute it and/or modify
it under Version 3 of the GNU Affero General Public License (the "AGPL"):
<https://docs.photoprism.app/license/agpl>

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

The AGPL is supplemented by our Trademark and Brand Guidelines,
which describe how our Brand Assets may be used:
<https://www.photoprism.app/trademark>

Feel free to send an email to hello@photoprism.app if you have questions, want to support our work, or just want to say hello.

Additional information can be found in our Developer Guide: <https://docs.photoprism.app/developer-guide/>

Index

Constants

View Source 
const (
	ClientConfidential = "confidential"
	ClientPublic       = "public"
	ClientUnknown      = ""
)

API client types.

View Source 
const (
	Denied      = "denied"
	Granted     = "granted"
	Created     = "created"
	Succeeded   = "succeeded"
	Verified    = "verified"
	Activated   = "activated"
	Deactivated = "deactivated"
	Passcode    = "passcode"
	Session     = "session"
	Sessions    = "sessions"
	Users       = "users"
)

Generic status messages for authentication and authorization:

Variables

View Source 
var (
	ErrUnauthorized           = errors.New("unauthorized")
	ErrAccountAlreadyExists   = errors.New("account already exists")
	ErrAccountNotFound        = errors.New("account not found")
	ErrAccountDisabled        = errors.New("account disabled")
	ErrInvalidRequest         = errors.New("invalid request")
	ErrInvalidCredentials     = errors.New("invalid credentials")
	ErrInvalidShareToken      = errors.New("invalid share token")
	ErrTokenRequired          = errors.New("token required")
	ErrInvalidToken           = errors.New("invalid token")
	ErrInvalidTokenType       = errors.New("invalid token type")
	ErrInsufficientScope      = errors.New("insufficient scope")
	ErrNameRequired           = errors.New("name required")
	ErrScopeRequired          = errors.New("scope required")
	ErrDisabledInPublicMode   = errors.New("disabled in public mode")
	ErrAuthenticationDisabled = errors.New("authentication disabled")
	ErrRateLimitExceeded      = errors.New("rate limit exceeded")
)

Generic error messages for authentication and authorization:

View Source 
var (
	ErrInvalidGrantType     = errors.New("invalid grant type")
	ErrInvalidClientID      = errors.New("invalid client id")
	ErrClientIDRequired     = errors.New("client id required")
	ErrInvalidClientSecret  = errors.New("invalid client secret")
	ErrClientSecretRequired = errors.New("client secret required")
)

OAuth2-related error messages:

View Source 
var (
	ErrUsernameRequired     = errors.New("username required")
	ErrInvalidUsername      = errors.New("invalid username")
	ErrUsernameDoesNotMatch = errors.New("specified username does not match")
)

User-related error messages:

View Source 
var (
	ErrPasscodeRequired           = errors.New("passcode required")
	ErrPasscodeNotSetUp           = errors.New("passcode required, but not configured")
	ErrPasscodeNotVerified        = errors.New("passcode not verified")
	ErrPasscodeAlreadyActivated   = errors.New("passcode already activated")
	ErrPasscodeGenerateFailed     = errors.New("failed to generate passcode")
	ErrPasscodeCreateFailed       = errors.New("failed to create passcode")
	ErrPasscodeSaveFailed         = errors.New("failed to save passcode")
	ErrPasscodeVerificationFailed = errors.New("failed to verify passcode")
	ErrPasscodeActivationFailed   = errors.New("failed to activate passcode")
	ErrPasscodeDeactivationFailed = errors.New("failed to deactivate passcode")
	ErrPasscodeNotSupported       = errors.New("passcode not supported")
	ErrInvalidPasscode            = errors.New("invalid passcode")
	ErrInvalidPasscodeFormat      = errors.New("invalid passcode format")
	ErrInvalidPasscodeKey         = errors.New("invalid passcode key")
	ErrInvalidPasscodeType        = errors.New("invalid passcode type")
)

Passcode-related error messages:

View Source 
var (
	ErrInvalidPassword     = errors.New("invalid password")
	ErrPasswordRequired    = errors.New("password required")
	ErrPasswordTooShort    = errors.New("password is too short")
	ErrPasswordTooLong     = errors.New(fmt.Sprintf("password must have less than %d characters", txt.ClipPassword))
	ErrPasswordsDoNotMatch = errors.New("passwords do not match")
)

Password-related error messages:

View Source 
var (
	ErrWebDAVAccessDisabled     = errors.New("webdav access is disabled")
	ErrFailedToCreateUploadPath = errors.New("failed to create upload path")
)

WebDAV-related error messages:

View Source 
var (
	ErrEmpty    = errors.New("empty")
	ErrTooLong  = errors.New("too long")
	ErrInvalid  = errors.New("invalid")
	ErrReserved = errors.New("reserved")
)
View Source 
var ClientProviders = list.List{
	string(ProviderClient),
	string(ProviderApplication),
	string(ProviderAccessToken),
}

ClientProviders contains all client authentication providers.

View Source 
var LocalProviders = list.List{
	string(ProviderLocal),
}

LocalProviders contains local auth providers.

View Source 
var PasscodeProviders = list.List{
	string(ProviderDefault),
	string(ProviderLocal),
	string(ProviderLDAP),
}

PasscodeProviders contains authentication providers that support 2-Factor Authentication (2FA) with a TOTP passcode.

View Source 
var PasswordProviders = list.List{
	string(ProviderDefault),
	string(ProviderLocal),
	string(ProviderLDAP),
}

PasswordProviders contains authentication providers that allow a password to be checked for authentication.

View Source 
var RemoteProviders = list.List{
	string(ProviderOIDC),
	string(ProviderLDAP),
}

RemoteProviders contains remote auth providers.

Functions

func Username 

func Username(name string) (sanitized string, err error)

Username checks if the name provided is invalid or reserved.

Types

type GrantType 

type GrantType string

GrantType represents an authentication grant type. 

const (
	GrantUndefined         GrantType = ""
	GrantCLI               GrantType = "cli"
	GrantImplicit          GrantType = "implicit"
	GrantSession           GrantType = "session"
	GrantPassword          GrantType = "password"
	GrantClientCredentials GrantType = "client_credentials"
	GrantShareToken        GrantType = "share_token"
	GrantRefreshToken      GrantType = "refresh_token"
	GrantAuthorizationCode GrantType = "authorization_code"
	GrantJwtBearer         GrantType = "urn:ietf:params:oauth:grant-type:jwt-bearer"
	GrantSamlBearer        GrantType = "urn:ietf:params:oauth:grant-type:saml2-bearer"
	GrantTokenExchange     GrantType = "urn:ietf:params:oauth:grant-type:token-exchange"
)

Standard authentication grant types.

func Grant 

func Grant(s string) GrantType

Grant casts a string to a normalized grant type.

func (GrantType) Equal 

func (t GrantType) Equal(s string) bool

Equal checks if the type matches the specified string.

func (GrantType) Is 

func (t GrantType) Is(grantType GrantType) bool

Is compares the grant with another type.

func (GrantType) IsNot 

func (t GrantType) IsNot(grantType GrantType) bool

IsNot checks if the grant is not the specified type.

func (GrantType) IsUndefined 

func (t GrantType) IsUndefined() bool

IsUndefined checks if the grant is undefined.

func (GrantType) NotEqual 

func (t GrantType) NotEqual(s string) bool

NotEqual checks if the type does mot match the specified string.

func (GrantType) Pretty 

func (t GrantType) Pretty() string

Pretty returns the grant type in a human-readable format.

func (GrantType) String 

func (t GrantType) String() string

String returns the grant type as a string.

type KeyType 

type KeyType string

KeyType represents a multi-factor authentication key type. 

const (
	KeyTOTP    KeyType = "totp"
	KeyUnknown KeyType = ""
)

Multi-factor authentication key types.

func Key 

func Key(s string) KeyType

Key casts a string to a normalized authentication key type.

func (KeyType) Equal 

func (t KeyType) Equal(s string) bool

Equal checks if the type matches.

func (KeyType) NotEqual 

func (t KeyType) NotEqual(s string) bool

NotEqual checks if the type is different.

func (KeyType) Pretty 

func (t KeyType) Pretty() string

Pretty returns the authentication key type in an easy-to-read format.

func (KeyType) String 

func (t KeyType) String() string

String returns the authentication key type as a string.

type MethodType 

type MethodType string

MethodType represents an authentication method. 

const (
	MethodUndefined MethodType = ""
	MethodDefault   MethodType = "default"
	MethodSession   MethodType = "session"
	MethodOAuth2    MethodType = "oauth2"
	Method2FA       MethodType = "2fa"
)

Authentication methods.

func Method 

func Method(s string) MethodType

Method casts a string to a normalized method type.

func Methods 

func Methods(s string) []MethodType

Methods casts a string to normalized method type strings.

func (MethodType) Equal 

func (t MethodType) Equal(s string) bool

Equal checks if the type matches the specified string.

func (MethodType) Is 

func (t MethodType) Is(methodType MethodType) bool

Is compares the method with another type.

func (MethodType) IsDefault 

func (t MethodType) IsDefault() bool

IsDefault checks if this is the default method.

func (MethodType) IsNot 

func (t MethodType) IsNot(methodType MethodType) bool

IsNot checks if the method is not the specified type.

func (MethodType) IsSession 

func (t MethodType) IsSession() bool

IsSession checks if this is the session method.

func (MethodType) IsUndefined 

func (t MethodType) IsUndefined() bool

IsUndefined checks if the method is undefined.

func (MethodType) NotEqual 

func (t MethodType) NotEqual(s string) bool

NotEqual checks if the type does not match the specified string.

func (MethodType) Pretty 

func (t MethodType) Pretty() string

Pretty returns the provider identifier in an easy-to-read format.

func (MethodType) String 

func (t MethodType) String() string

String returns the provider identifier as a string.

type ProviderType 

type ProviderType string

ProviderType represents an authentication provider type. 

const (
	ProviderUndefined   ProviderType = ""
	ProviderDefault     ProviderType = "default"
	ProviderClient      ProviderType = "client"
	ProviderApplication ProviderType = "application"
	ProviderAccessToken ProviderType = "access_token"
	ProviderLocal       ProviderType = "local"
	ProviderOIDC        ProviderType = "oidc"
	ProviderLDAP        ProviderType = "ldap"
	ProviderLink        ProviderType = "link"
	ProviderNone        ProviderType = "none"
)

Standard authentication provider types.

func Provider 

func Provider(s string) ProviderType

Provider casts a string to a normalized provider type.

func Providers 

func Providers(s string) []ProviderType

Providers casts a string to normalized provider type strings.

func (ProviderType) Equal 

func (t ProviderType) Equal(s string) bool

Equal checks if the type matches the specified string.

func (ProviderType) Is 

func (t ProviderType) Is(providerType ProviderType) bool

Is compares the provider with another type.

func (ProviderType) IsApplication 

func (t ProviderType) IsApplication() bool

IsApplication checks if the authentication is provided for an application.

func (ProviderType) IsClient 

func (t ProviderType) IsClient() bool

IsClient checks if the authentication is provided for a client.

func (ProviderType) IsDefault 

func (t ProviderType) IsDefault() bool

IsDefault checks if this is the default provider.

func (ProviderType) IsLocal 

func (t ProviderType) IsLocal() bool

IsLocal checks if local authentication is possible.

func (ProviderType) IsNot 

func (t ProviderType) IsNot(providerType ProviderType) bool

IsNot checks if the provider is not the specified type.

func (ProviderType) IsRemote 

func (t ProviderType) IsRemote() bool

IsRemote checks if the provider is external.

func (ProviderType) IsUndefined 

func (t ProviderType) IsUndefined() bool

IsUndefined checks if the provider is undefined.

func (ProviderType) NotEqual 

func (t ProviderType) NotEqual(s string) bool

NotEqual checks if the type does not match the specified string.

func (ProviderType) Pretty 

func (t ProviderType) Pretty() string

Pretty returns the provider identifier in an easy-to-read format.

func (ProviderType) String 

func (t ProviderType) String() string

String returns the provider identifier as a string.

func (ProviderType) SupportsPasscodeAuthentication 

func (t ProviderType) SupportsPasscodeAuthentication() bool

SupportsPasscodeAuthentication checks if the provider supports two-factor authentication with a passcode.

func (ProviderType) SupportsPasswordAuthentication 

func (t ProviderType) SupportsPasswordAuthentication() bool

SupportsPasswordAuthentication checks if the provider allows a password to be checked for authentication.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.