Documentation ¶
Index ¶
- Variables
- func CheckPassword(userDetails *models.UserWithPass, email, password string) (reason consts.FailedReason, err error)
- func ConfirmTOTPAndSave(w http.ResponseWriter, r *http.Request)
- func Enrol2FADevice(w http.ResponseWriter, r *http.Request)
- func InitStore(state *global.State)
- func InitStoreMock() *authMock
- func LoginHandler(w http.ResponseWriter, r *http.Request)
- func LogoutHandler(w http.ResponseWriter, r *http.Request)
- func RegisterUserDevice(w http.ResponseWriter, r *http.Request)
- func SAMLLoginHandler(w http.ResponseWriter, r *http.Request)
- func SetSession(userID, orgID, deviceID, browserID string) (string, string, error)
- func SyncExtension(w http.ResponseWriter, r *http.Request)
- func TfaHandler(w http.ResponseWriter, r *http.Request)
- func UpdateHygiene(w http.ResponseWriter, r *http.Request)
- type ConfirmTOTPPreq
- type DeviceDetail
- type EnrolDeviceStruct
- type LoginRequest
- type RegisterDeviceReq
- type TfaRequest
- type UpdateHygienereq
Constants ¶
This section is empty.
Variables ¶
var Store adapter
Store is the package state variable which contains database connections
Functions ¶
func CheckPassword ¶
func CheckPassword(userDetails *models.UserWithPass, email, password string) (reason consts.FailedReason, err error)
func ConfirmTOTPAndSave ¶ added in v1.1.4
func ConfirmTOTPAndSave(w http.ResponseWriter, r *http.Request)
Check newly added TOTP to complete device registration process. This function will also create http session
func Enrol2FADevice ¶
func Enrol2FADevice(w http.ResponseWriter, r *http.Request)
Enrol2FADevice primary function is to enrol user mobile device for 2FA. While previously this function was used to enrol U2F only part, this function now also syncs totp shared secret key for user for their particular organization. This is a Four step process. 1) handle user login, 2) generate device, get totpssc ID 3) send GetDeviceDetail Request to trasa cloud 4) respond with device ID and otpauth url.
func InitStoreMock ¶
func InitStoreMock() *authMock
InitStoreMock will init mock state of this package
func LoginHandler ¶
func LoginHandler(w http.ResponseWriter, r *http.Request)
LoginHandler authenticates user for configured identity provider. successful authentication should respond with tfarequired intent. If user has not enrolled any 2fa device, this handler should respond with enroll device intent.
func LogoutHandler ¶
func LogoutHandler(w http.ResponseWriter, r *http.Request)
LogoutHandler handles logout
func RegisterUserDevice ¶
func RegisterUserDevice(w http.ResponseWriter, r *http.Request)
RegisterUserDevice registers new user device and stores device hygiene, device browser and browser extensions details.
func SAMLLoginHandler ¶ added in v1.1.4
func SAMLLoginHandler(w http.ResponseWriter, r *http.Request)
SAMLLoginHandler handles SAML login request. IF validation is failed, return 403 response. If validation succeeds, respond with TRASA session response (csrf and session tokens)
func SetSession ¶
SetSession sets, encrypts and serializes session cookies and csrf tokens
func SyncExtension ¶
func SyncExtension(w http.ResponseWriter, r *http.Request)
SyncExtension extension does not requires sending in device hygiene.
func TfaHandler ¶
func TfaHandler(w http.ResponseWriter, r *http.Request)
TfaHandler handles two factor authentication from TRASA ui
func UpdateHygiene ¶
func UpdateHygiene(w http.ResponseWriter, r *http.Request)
Types ¶
type ConfirmTOTPPreq ¶ added in v1.1.4
type DeviceDetail ¶
type DeviceDetail struct { DeviceBrowser models.DeviceBrowser `json:"deviceBrowser"` BrowserExtensions []models.BrowserExtensions `json:"browserExtensions"` DeviceHygiene models.DeviceHygiene `json:"deviceHygiene"` }
type EnrolDeviceStruct ¶
type LoginRequest ¶
type LoginRequest struct { OrgID string `json:"orgId"` UserID string `json:"userId"` Email string `json:"email"` Username string `json:"username"` Password string `json:"password"` TfaMethod string `json:"tfaMethod"` Totp string `json:"totp"` PublicKey []byte `json:"publicKey"` DeviceID string `json:"deviceID"` IdpName string `json:"idpName"` Intent string `json:"intent"` }
type RegisterDeviceReq ¶
type RegisterDeviceReq struct { TfaMethod string `json:"tfaMethod"` TotpCode string `json:"totpCode"` TrasaID string `json:"trasaID"` OrgID string `json:"orgID"` // Device name to be used before we decrypt deviceHygiene DeviceName string `json:"deviceName"` DeviceHygiene string `json:"deviceHygiene"` }
type TfaRequest ¶ added in v1.1.4
type TfaRequest struct { // Token is unique to tfarequest which is tied to specific user profile Token string `json:"token"` // TfaMethod can be u2f, totp or htoken TfaMethod string `json:"tfaMethod"` // Totp is value if TfaMethod is totp. otherwise it is nil. Totp string `json:"totpCode"` // Intent identifies where the tfa request is in context. Value can be login, forget password, appconnect. Intent string `json:"intent"` HTTPProxyDomain string `json:"httpProxyDomain"` ExtID string `json:"extID"` DeviceHygiene string `json:"deviceHygiene"` ClientPubKey string `json:"clientPubKey"` }