The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- Variables
- func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error
- func AuthenticateUserByToken(token *auth.Token, user *User) (bool, error)
- func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
- func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
- func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
- func ValidateAndHashPassword(plainPwd string) (string, error)
- func ValidateEmail(email string) error
- type ChangeAuthTokenRequest
- type ORM
- type Session
- type SessionReaperConfig
- type SessionRequest
- type User
- type UserRole
- type WebAuthn
- type WebAuthnConfiguration
- type WebAuthnSessionStore
- func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
- func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, ...) (*webauthn.Credential, error)
- func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)
- func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
- type WebAuthnUser
- func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
- func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
- func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
- func (u WebAuthnUser) WebAuthnDisplayName() string
- func (u WebAuthnUser) WebAuthnID() []byte
- func (u WebAuthnUser) WebAuthnIcon() string
- func (u WebAuthnUser) WebAuthnName() string
Constants ¶
const (
MaxBcryptPasswordLength = 50
)
https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length
Variables ¶
var ErrUserSessionExpired = errors.New("session missing or expired, please login again")
ErrUserSessionExpired defines the error triggered when the user session has expired
Functions ¶
func AddCredentialToUser ¶ added in v1.5.0
func AddCredentialToUser(o ORM, email string, credential *webauthn.Credential) error
func AuthenticateUserByToken ¶
AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.
func BeginWebAuthnLogin ¶
func BeginWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) (*protocol.CredentialAssertion, error)
func FinishWebAuthnLogin ¶
func FinishWebAuthnLogin(user User, uwas []WebAuthn, sr SessionRequest) error
func NewSessionReaper ¶
func NewSessionReaper(db *sql.DB, config SessionReaperConfig, lggr logger.Logger) utils.SleeperTask
NewSessionReaper creates a reaper that cleans stale sessions from the store.
func ValidateAndHashPassword ¶ added in v1.7.0
ValidateAndHashPassword is the single point of logic for user password validations
func ValidateEmail ¶ added in v1.7.0
ValidateEmail is the single point of logic for user email validations
Types ¶
type ChangeAuthTokenRequest ¶
type ChangeAuthTokenRequest struct {
Password string `json:"password"`
}
Changeauth.TokenRequest is sent when updating a User's authentication token.
type ORM ¶
type ORM interface {
FindUser(email string) (User, error)
FindUserByAPIToken(apiToken string) (User, error)
ListUsers() ([]User, error)
AuthorizedUserWithSession(sessionID string) (User, error)
DeleteUser(email string) error
DeleteUserSession(sessionID string) error
CreateSession(sr SessionRequest) (string, error)
ClearNonCurrentSessions(sessionID string) error
CreateUser(user *User) error
UpdateRole(email, newRole string) (User, error)
SetAuthToken(user *User, token *auth.Token) error
CreateAndSetAuthToken(user *User) (*auth.Token, error)
DeleteAuthToken(user *User) error
SetPassword(user *User, newPassword string) error
Sessions(offset, limit int) ([]Session, error)
GetUserWebAuthn(email string) ([]WebAuthn, error)
SaveWebAuthn(token *WebAuthn) error
FindExternalInitiator(eia *auth.Token) (initiator *bridges.ExternalInitiator, err error)
}
type Session ¶
type Session struct {
ID string `json:"id"`
Email string `json:"email"`
LastUsed time.Time `json:"lastUsed"`
CreatedAt time.Time `json:"createdAt"`
}
Session holds the unique id for the authenticated session.
func NewSession ¶
func NewSession() Session
NewSession returns a session instance with ID set to a random ID and LastUsed to now.
type SessionReaperConfig ¶
type SessionRequest ¶
type SessionRequest struct {
Email string `json:"email"`
Password string `json:"password"`
WebAuthnData string `json:"webauthndata"`
WebAuthnConfig WebAuthnConfiguration
SessionStore *WebAuthnSessionStore
}
SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.
type User ¶
type User struct {
Email string
HashedPassword string
Role UserRole
CreatedAt time.Time
TokenKey null.String
TokenSalt null.String
TokenHashedSecret null.String
UpdatedAt time.Time
}
User holds the credentials for API user.
func (*User) GenerateAuthToken ¶
GenerateAuthToken randomly generates and sets the users Authentication Token.
type UserRole ¶ added in v1.7.0
type UserRole string
func GetUserRole ¶ added in v1.7.0
GetUserRole is the single point of logic for mapping role string to UserRole
type WebAuthnConfiguration ¶
type WebAuthnSessionStore ¶
type WebAuthnSessionStore struct {
// contains filtered or unexported fields
}
WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.
func NewWebAuthnSessionStore ¶
func NewWebAuthnSessionStore() *WebAuthnSessionStore
NewWebAuthnSessionStore returns a new session store.
func (*WebAuthnSessionStore) BeginWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) BeginWebAuthnRegistration(user User, uwas []WebAuthn, config WebAuthnConfiguration) (*protocol.CredentialCreation, error)
func (*WebAuthnSessionStore) FinishWebAuthnRegistration ¶
func (store *WebAuthnSessionStore) FinishWebAuthnRegistration(user User, uwas []WebAuthn, response *http.Request, config WebAuthnConfiguration) (*webauthn.Credential, error)
func (*WebAuthnSessionStore) GetWebauthnSession ¶
func (store *WebAuthnSessionStore) GetWebauthnSession(key string) (data webauthn.SessionData, err error)
GetWebauthnSession unmarshals and returns the webauthn session information from the session cookie, which is removed.
func (*WebAuthnSessionStore) SaveWebauthnSession ¶
func (store *WebAuthnSessionStore) SaveWebauthnSession(key string, data *webauthn.SessionData) error
SaveWebauthnSession marshals and saves the webauthn data to the provided key given the request and responsewriter
type WebAuthnUser ¶
type WebAuthnUser struct {
Email string
WACredentials []webauthn.Credential
}
WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct
func (WebAuthnUser) CredentialExcludeList ¶
func (u WebAuthnUser) CredentialExcludeList() []protocol.CredentialDescriptor
CredentialExcludeList returns a CredentialDescriptor array filled with all the user's credentials to prevent them from re-registering keys
func (*WebAuthnUser) LoadWebAuthnCredentials ¶
func (u *WebAuthnUser) LoadWebAuthnCredentials(uwas []WebAuthn) error
func (WebAuthnUser) WebAuthnCredentials ¶
func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential
WebAuthnCredentials returns credentials owned by the user
func (WebAuthnUser) WebAuthnDisplayName ¶
func (u WebAuthnUser) WebAuthnDisplayName() string
WebAuthnDisplayName returns the user's display name. In this case we just return the email
func (WebAuthnUser) WebAuthnID ¶
func (u WebAuthnUser) WebAuthnID() []byte
WebAuthnID returns the user's ID
func (WebAuthnUser) WebAuthnIcon ¶
func (u WebAuthnUser) WebAuthnIcon() string
WebAuthnIcon should be the logo in some form. How it should be is currently unclear to me.
func (WebAuthnUser) WebAuthnName ¶
func (u WebAuthnUser) WebAuthnName() string
WebAuthnName returns the user's email
Source Files
Directories