 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Variables
- func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)
- func BuiltinApplications() map[string]*BuiltinOAuth2Application
- func CleanupSessions(ctx context.Context, maxLifetime int64) error
- func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool
- func CountSessions(ctx context.Context) (int64, error)
- func CreateSource(ctx context.Context, source *Source) error
- func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error
- func DeleteAuthTokenByID(ctx context.Context, id string) error
- func DeleteAuthTokensByUserID(ctx context.Context, uid int64) error
- func DeleteCredential(ctx context.Context, id, userID int64) (bool, error)
- func DeleteExpiredAuthTokens(ctx context.Context) error
- func DeleteOAuth2Application(ctx context.Context, id, userid int64) error
- func DeleteOAuth2RelictsByUserID(ctx context.Context, userID int64) error
- func DeleteTwoFactorByID(ctx context.Context, id, userID int64) error
- func DestroySession(ctx context.Context, key string) error
- func ExistSession(ctx context.Context, key string) (bool, error)
- func ExistsWebAuthnCredentialsForUID(ctx context.Context, uid int64) (bool, error)
- func GetAccessTokenCategories() (res []string)
- func HasTwoFactorByUID(ctx context.Context, uid int64) (bool, error)
- func HasTwoFactorOrWebAuthn(ctx context.Context, id int64) (bool, error)
- func HasWebAuthnRegistrationsByUID(ctx context.Context, uid int64) (bool, error)
- func HashToken(token, salt string) string
- func Init(ctx context.Context) error
- func InsertAuthToken(ctx context.Context, t *AuthToken) error
- func IsErrAccessTokenEmpty(err error) bool
- func IsErrAccessTokenNotExist(err error) bool
- func IsErrOAuthApplicationNotFound(err error) bool
- func IsErrOauthClientIDInvalid(err error) bool
- func IsErrSourceAlreadyExist(err error) bool
- func IsErrSourceInUse(err error) bool
- func IsErrSourceNotExist(err error) bool
- func IsErrTwoFactorNotEnrolled(err error) bool
- func IsErrWebAuthnCredentialNotExist(err error) bool
- func IsSSPIEnabled(ctx context.Context) bool
- func NewAccessToken(ctx context.Context, t *AccessToken) error
- func NewTwoFactor(ctx context.Context, t *TwoFactor) error
- func RegisterTypeConfig(typ Type, exemplar Config)
- func RevokeOAuth2Grant(ctx context.Context, grantID, userID int64) error
- func UpdateAccessToken(ctx context.Context, t *AccessToken) error
- func UpdateAuthTokenByID(ctx context.Context, t *AuthToken) error
- func UpdateSession(ctx context.Context, key string, data []byte) error
- func UpdateSource(ctx context.Context, source *Source) error
- func UpdateTwoFactor(ctx context.Context, t *TwoFactor) error
- func WebAuthnCredentials(ctx context.Context, userID int64) ([]webauthn.Credential, error)
- type AccessToken
- type AccessTokenScope
- func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error)
- func (s AccessTokenScope) HasPermissionScope() bool
- func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error)
- func (s AccessTokenScope) Normalize() (AccessTokenScope, error)
- func (s AccessTokenScope) PublicOnly() (bool, error)
- func (s AccessTokenScope) StringSlice() []string
 
- type AccessTokenScopeCategory
- type AccessTokenScopeLevel
- type AuthToken
- type BuiltinOAuth2Application
- type Config
- type ConfigBase
- type CreateOAuth2ApplicationOptions
- type ErrAccessTokenEmpty
- type ErrAccessTokenNotExist
- type ErrOAuthApplicationNotFound
- type ErrOAuthClientIDInvalid
- type ErrSourceAlreadyExist
- type ErrSourceInUse
- type ErrSourceNotExist
- type ErrTwoFactorNotEnrolled
- type ErrWebAuthnCredentialNotExist
- type FindOAuth2ApplicationsOptions
- type FindSourcesOptions
- type HasTLSer
- type ListAccessTokensOptions
- type OAuth2Application
- func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
- func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
- func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
- func UpdateOAuth2Application(ctx context.Context, opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
 
- func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
- func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
- func (app *OAuth2Application) GenerateClientSecret(ctx context.Context) (string, error)
- func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
- func (app *OAuth2Application) TableName() string
- func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
 
- type OAuth2AuthorizationCode
- func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL, error)
- func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
- func (code *OAuth2AuthorizationCode) TableName() string
- func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
 
- type OAuth2Grant
- func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
- func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
- func (grant *OAuth2Grant) ScopeContains(scope string) bool
- func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
- func (grant *OAuth2Grant) TableName() string
 
- type RegisterableSource
- type SSHKeyProvider
- type Session
- type SkipVerifiable
- type Source
- func (source *Source) BeforeSet(colName string, val xorm.Cell)
- func (source *Source) HasTLS() bool
- func (source *Source) IsDLDAP() bool
- func (source *Source) IsLDAP() bool
- func (source *Source) IsOAuth2() bool
- func (source *Source) IsPAM() bool
- func (source *Source) IsSMTP() bool
- func (source *Source) IsSSPI() bool
- func (source *Source) SkipVerify() bool
- func (Source) TableName() string
- func (source *Source) TwoFactorShouldSkip() bool
- func (source *Source) TypeName() string
- func (source *Source) UseTLS() bool
 
- type TwoFactor
- type Type
- type UpdateOAuth2ApplicationOptions
- type UseTLSer
- type WebAuthnCredential
- func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)
- func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)
 
- type WebAuthnCredentialList
Constants ¶
This section is empty.
Variables ¶
var AllAccessTokenScopeCategories = []AccessTokenScopeCategory{ AccessTokenScopeCategoryActivityPub, AccessTokenScopeCategoryAdmin, AccessTokenScopeCategoryMisc, AccessTokenScopeCategoryNotification, AccessTokenScopeCategoryOrganization, AccessTokenScopeCategoryPackage, AccessTokenScopeCategoryIssue, AccessTokenScopeCategoryRepository, AccessTokenScopeCategoryUser, }
AllAccessTokenScopeCategories contains all access token scope categories
var ErrAuthTokenNotExist = util.NewNotExistErrorf("auth token does not exist")
    var Names = map[Type]string{ LDAP: "LDAP (via BindDN)", DLDAP: "LDAP (simple auth)", SMTP: "SMTP", PAM: "PAM", OAuth2: "OAuth2", SSPI: "SPNEGO with SSPI", }
Names contains the name of LoginType values.
Functions ¶
func AccessTokenByNameExists ¶ added in v1.17.4
func AccessTokenByNameExists(ctx context.Context, token *AccessToken) (bool, error)
AccessTokenByNameExists checks if a token name has been used already by a user.
func BuiltinApplications ¶ added in v1.21.0
func BuiltinApplications() map[string]*BuiltinOAuth2Application
func CleanupSessions ¶
CleanupSessions cleans up expired sessions
func ContainsCategory ¶ added in v1.20.0
func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool
ContainsCategory checks if a list of categories contains a specific category
func CountSessions ¶
CountSessions returns the number of sessions
func CreateSource ¶
CreateSource inserts a AuthSource in the DB if not already existing with the given name.
func DeleteAccessTokenByID ¶ added in v1.17.4
DeleteAccessTokenByID deletes access token by given ID.
func DeleteAuthTokenByID ¶ added in v1.22.0
func DeleteAuthTokensByUserID ¶ added in v1.22.0
func DeleteCredential ¶
DeleteCredential will delete WebAuthnCredential
func DeleteExpiredAuthTokens ¶ added in v1.22.0
func DeleteOAuth2Application ¶
DeleteOAuth2Application deletes the application with the given id and the grants and auth codes related to it. It checks if the userid was the creator of the app.
func DeleteOAuth2RelictsByUserID ¶ added in v1.17.0
func DeleteTwoFactorByID ¶
DeleteTwoFactorByID deletes two-factor authentication token by given ID.
func DestroySession ¶
DestroySession destroys a session
func ExistSession ¶
ExistSession checks if a session exists
func ExistsWebAuthnCredentialsForUID ¶
ExistsWebAuthnCredentialsForUID returns if the given user has credentials
func GetAccessTokenCategories ¶ added in v1.24.0
func GetAccessTokenCategories() (res []string)
func HasTwoFactorByUID ¶
HasTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func HasTwoFactorOrWebAuthn ¶ added in v1.24.0
func HasWebAuthnRegistrationsByUID ¶
HasWebAuthnRegistrationsByUID returns whether a given user has WebAuthn registrations
func InsertAuthToken ¶ added in v1.22.0
func IsErrAccessTokenEmpty ¶ added in v1.17.4
IsErrAccessTokenEmpty checks if an error is a ErrAccessTokenEmpty.
func IsErrAccessTokenNotExist ¶ added in v1.17.4
IsErrAccessTokenNotExist checks if an error is a ErrAccessTokenNotExist.
func IsErrOAuthApplicationNotFound ¶
IsErrOAuthApplicationNotFound checks if an error is a ErrReviewNotExist.
func IsErrOauthClientIDInvalid ¶
IsErrOauthClientIDInvalid checks if an error is a ErrOAuthClientIDInvalid.
func IsErrSourceAlreadyExist ¶
IsErrSourceAlreadyExist checks if an error is a ErrSourceAlreadyExist.
func IsErrSourceInUse ¶
IsErrSourceInUse checks if an error is a ErrSourceInUse.
func IsErrSourceNotExist ¶
IsErrSourceNotExist checks if an error is a ErrSourceNotExist.
func IsErrTwoFactorNotEnrolled ¶
IsErrTwoFactorNotEnrolled checks if an error is a ErrTwoFactorNotEnrolled.
func IsErrWebAuthnCredentialNotExist ¶
IsErrWebAuthnCredentialNotExist checks if an error is a ErrWebAuthnCredentialNotExist.
func IsSSPIEnabled ¶
IsSSPIEnabled returns true if there is at least one activated login source of type LoginSSPI
func NewAccessToken ¶ added in v1.17.4
func NewAccessToken(ctx context.Context, t *AccessToken) error
NewAccessToken creates new access token.
func NewTwoFactor ¶
NewTwoFactor creates a new two-factor authentication token.
func RegisterTypeConfig ¶
RegisterTypeConfig register a config for a provided type
func RevokeOAuth2Grant ¶
RevokeOAuth2Grant deletes the grant with grantID and userID
func UpdateAccessToken ¶ added in v1.17.4
func UpdateAccessToken(ctx context.Context, t *AccessToken) error
UpdateAccessToken updates information of access token.
func UpdateAuthTokenByID ¶ added in v1.22.0
func UpdateSession ¶
UpdateSession updates the session with provided id
func UpdateSource ¶
UpdateSource updates a Source record in DB.
func UpdateTwoFactor ¶
UpdateTwoFactor updates a two-factor authentication token.
func WebAuthnCredentials ¶
WebAuthnCredentials implements the webauthn.User interface
Types ¶
type AccessToken ¶ added in v1.17.4
type AccessToken struct {
	ID             int64 `xorm:"pk autoincr"`
	UID            int64 `xorm:"INDEX"`
	Name           string
	Token          string `xorm:"-"`
	TokenHash      string `xorm:"UNIQUE"` // sha256 of token
	TokenSalt      string
	TokenLastEight string `xorm:"INDEX token_last_eight"`
	Scope          AccessTokenScope
	CreatedUnix       timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`
	HasRecentActivity bool               `xorm:"-"`
	HasUsed           bool               `xorm:"-"`
}
    AccessToken represents a personal access token.
func GetAccessTokenBySHA ¶ added in v1.17.4
func GetAccessTokenBySHA(ctx context.Context, token string) (*AccessToken, error)
GetAccessTokenBySHA returns access token by given token value
func (*AccessToken) AfterLoad ¶ added in v1.17.4
func (t *AccessToken) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*AccessToken) DisplayPublicOnly ¶ added in v1.20.0
func (t *AccessToken) DisplayPublicOnly() bool
DisplayPublicOnly whether to display this as a public-only token.
type AccessTokenScope ¶ added in v1.19.0
type AccessTokenScope string
AccessTokenScope represents the scope for an access token.
const ( AccessTokenScopeAll AccessTokenScope = "all" AccessTokenScopePublicOnly AccessTokenScope = "public-only" // limited to public orgs/repos AccessTokenScopeReadActivityPub AccessTokenScope = "read:activitypub" AccessTokenScopeWriteActivityPub AccessTokenScope = "write:activitypub" AccessTokenScopeReadAdmin AccessTokenScope = "read:admin" AccessTokenScopeWriteAdmin AccessTokenScope = "write:admin" AccessTokenScopeReadMisc AccessTokenScope = "read:misc" AccessTokenScopeWriteMisc AccessTokenScope = "write:misc" AccessTokenScopeReadNotification AccessTokenScope = "read:notification" AccessTokenScopeWriteNotification AccessTokenScope = "write:notification" AccessTokenScopeReadOrganization AccessTokenScope = "read:organization" AccessTokenScopeWriteOrganization AccessTokenScope = "write:organization" AccessTokenScopeReadPackage AccessTokenScope = "read:package" AccessTokenScopeWritePackage AccessTokenScope = "write:package" AccessTokenScopeReadIssue AccessTokenScope = "read:issue" AccessTokenScopeWriteIssue AccessTokenScope = "write:issue" AccessTokenScopeReadRepository AccessTokenScope = "read:repository" AccessTokenScopeWriteRepository AccessTokenScope = "write:repository" AccessTokenScopeReadUser AccessTokenScope = "read:user" AccessTokenScopeWriteUser AccessTokenScope = "write:user" )
for all categories, write implies read
func GetRequiredScopes ¶ added in v1.20.0
func GetRequiredScopes(level AccessTokenScopeLevel, scopeCategories ...AccessTokenScopeCategory) []AccessTokenScope
GetRequiredScopes gets the specific scopes for a given level and categories
func (AccessTokenScope) HasAnyScope ¶ added in v1.22.2
func (s AccessTokenScope) HasAnyScope(scopes ...AccessTokenScope) (bool, error)
HasAnyScope returns true if any of the scopes is contained in the string
func (AccessTokenScope) HasPermissionScope ¶ added in v1.23.7
func (s AccessTokenScope) HasPermissionScope() bool
func (AccessTokenScope) HasScope ¶ added in v1.19.0
func (s AccessTokenScope) HasScope(scopes ...AccessTokenScope) (bool, error)
HasScope returns true if the string has the given scope
func (AccessTokenScope) Normalize ¶ added in v1.19.0
func (s AccessTokenScope) Normalize() (AccessTokenScope, error)
Normalize returns a normalized scope string without any duplicates.
func (AccessTokenScope) PublicOnly ¶ added in v1.20.0
func (s AccessTokenScope) PublicOnly() (bool, error)
PublicOnly checks if this token scope is limited to public resources
func (AccessTokenScope) StringSlice ¶ added in v1.19.0
func (s AccessTokenScope) StringSlice() []string
StringSlice returns the AccessTokenScope as a []string
type AccessTokenScopeCategory ¶ added in v1.20.0
type AccessTokenScopeCategory int
AccessTokenScopeCategory represents the scope category for an access token
const ( AccessTokenScopeCategoryActivityPub AccessTokenScopeCategory = iota AccessTokenScopeCategoryAdmin AccessTokenScopeCategoryMisc // WARN: this is now just a placeholder, don't remove it which will change the following values AccessTokenScopeCategoryNotification AccessTokenScopeCategoryOrganization AccessTokenScopeCategoryPackage AccessTokenScopeCategoryIssue AccessTokenScopeCategoryRepository AccessTokenScopeCategoryUser )
type AccessTokenScopeLevel ¶ added in v1.20.0
type AccessTokenScopeLevel int
AccessTokenScopeLevel represents the access levels without a given scope category
const ( NoAccess AccessTokenScopeLevel = iota Read Write )
func GetScopeLevelFromAccessMode ¶ added in v1.20.0
func GetScopeLevelFromAccessMode(mode perm.AccessMode) AccessTokenScopeLevel
GetScopeLevelFromAccessMode converts permission access mode to scope level
type AuthToken ¶ added in v1.22.0
type BuiltinOAuth2Application ¶ added in v1.21.0
type Config ¶
type Config interface {
	convert.Conversion
	SetAuthSource(*Source)
}
    Config represents login config as far as the db is concerned
type ConfigBase ¶ added in v1.24.0
type ConfigBase struct {
	AuthSource *Source
}
    func (*ConfigBase) SetAuthSource ¶ added in v1.24.0
func (p *ConfigBase) SetAuthSource(s *Source)
type CreateOAuth2ApplicationOptions ¶
type CreateOAuth2ApplicationOptions struct {
	Name                       string
	UserID                     int64
	ConfidentialClient         bool
	SkipSecondaryAuthorization bool
	RedirectURIs               []string
}
    CreateOAuth2ApplicationOptions holds options to create an oauth2 application
type ErrAccessTokenEmpty ¶ added in v1.17.4
type ErrAccessTokenEmpty struct{}
    ErrAccessTokenEmpty represents a "AccessTokenEmpty" kind of error.
func (ErrAccessTokenEmpty) Error ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Error() string
func (ErrAccessTokenEmpty) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenEmpty) Unwrap() error
type ErrAccessTokenNotExist ¶ added in v1.17.4
type ErrAccessTokenNotExist struct {
	Token string
}
    ErrAccessTokenNotExist represents a "AccessTokenNotExist" kind of error.
func (ErrAccessTokenNotExist) Error ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Error() string
func (ErrAccessTokenNotExist) Unwrap ¶ added in v1.17.4
func (err ErrAccessTokenNotExist) Unwrap() error
type ErrOAuthApplicationNotFound ¶
type ErrOAuthApplicationNotFound struct {
	ID int64
}
    ErrOAuthApplicationNotFound will be thrown if id cannot be found
func (ErrOAuthApplicationNotFound) Error ¶
func (err ErrOAuthApplicationNotFound) Error() string
Error returns the error message
func (ErrOAuthApplicationNotFound) Unwrap ¶ added in v1.17.4
func (err ErrOAuthApplicationNotFound) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrOAuthClientIDInvalid ¶
type ErrOAuthClientIDInvalid struct {
	ClientID string
}
    ErrOAuthClientIDInvalid will be thrown if client id cannot be found
func (ErrOAuthClientIDInvalid) Error ¶
func (err ErrOAuthClientIDInvalid) Error() string
Error returns the error message
func (ErrOAuthClientIDInvalid) Unwrap ¶ added in v1.17.4
func (err ErrOAuthClientIDInvalid) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrSourceAlreadyExist ¶
type ErrSourceAlreadyExist struct {
	Name string
}
    ErrSourceAlreadyExist represents a "SourceAlreadyExist" kind of error.
func (ErrSourceAlreadyExist) Error ¶
func (err ErrSourceAlreadyExist) Error() string
func (ErrSourceAlreadyExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceAlreadyExist) Unwrap() error
Unwrap unwraps this as a ErrExist err
type ErrSourceInUse ¶
type ErrSourceInUse struct {
	ID int64
}
    ErrSourceInUse represents a "SourceInUse" kind of error.
func (ErrSourceInUse) Error ¶
func (err ErrSourceInUse) Error() string
type ErrSourceNotExist ¶
type ErrSourceNotExist struct {
	ID int64
}
    ErrSourceNotExist represents a "SourceNotExist" kind of error.
func (ErrSourceNotExist) Error ¶
func (err ErrSourceNotExist) Error() string
func (ErrSourceNotExist) Unwrap ¶ added in v1.17.4
func (err ErrSourceNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrTwoFactorNotEnrolled ¶
type ErrTwoFactorNotEnrolled struct {
	UID int64
}
    ErrTwoFactorNotEnrolled indicates that a user is not enrolled in two-factor authentication.
func (ErrTwoFactorNotEnrolled) Error ¶
func (err ErrTwoFactorNotEnrolled) Error() string
func (ErrTwoFactorNotEnrolled) Unwrap ¶ added in v1.17.4
func (err ErrTwoFactorNotEnrolled) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type ErrWebAuthnCredentialNotExist ¶
ErrWebAuthnCredentialNotExist represents a "ErrWebAuthnCRedentialNotExist" kind of error.
func (ErrWebAuthnCredentialNotExist) Error ¶
func (err ErrWebAuthnCredentialNotExist) Error() string
func (ErrWebAuthnCredentialNotExist) Unwrap ¶ added in v1.17.4
func (err ErrWebAuthnCredentialNotExist) Unwrap() error
Unwrap unwraps this as a ErrNotExist err
type FindOAuth2ApplicationsOptions ¶ added in v1.22.0
type FindOAuth2ApplicationsOptions struct {
	db.ListOptions
	// OwnerID is the user id or org id of the owner of the application
	OwnerID int64
	// find global applications, if true, then OwnerID will be igonred
	IsGlobal bool
}
    func (FindOAuth2ApplicationsOptions) ToConds ¶ added in v1.22.0
func (opts FindOAuth2ApplicationsOptions) ToConds() builder.Cond
func (FindOAuth2ApplicationsOptions) ToOrders ¶ added in v1.22.0
func (opts FindOAuth2ApplicationsOptions) ToOrders() string
type FindSourcesOptions ¶ added in v1.22.0
func (FindSourcesOptions) ToConds ¶ added in v1.22.0
func (opts FindSourcesOptions) ToConds() builder.Cond
type HasTLSer ¶
type HasTLSer interface {
	HasTLS() bool
}
    HasTLSer configurations provide a HasTLS to check if TLS can be enabled
type ListAccessTokensOptions ¶ added in v1.17.4
type ListAccessTokensOptions struct {
	db.ListOptions
	Name   string
	UserID int64
}
    ListAccessTokensOptions contain filter options
func (ListAccessTokensOptions) ToConds ¶ added in v1.22.0
func (opts ListAccessTokensOptions) ToConds() builder.Cond
func (ListAccessTokensOptions) ToOrders ¶ added in v1.22.0
func (opts ListAccessTokensOptions) ToOrders() string
type OAuth2Application ¶
type OAuth2Application struct {
	ID           int64 `xorm:"pk autoincr"`
	UID          int64 `xorm:"INDEX"`
	Name         string
	ClientID     string `xorm:"unique"`
	ClientSecret string
	// OAuth defines both Confidential and Public client types
	// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
	// "Authorization servers MUST record the client type in the client registration details"
	// https://datatracker.ietf.org/doc/html/rfc8252#section-8.4
	ConfidentialClient         bool               `xorm:"NOT NULL DEFAULT TRUE"`
	SkipSecondaryAuthorization bool               `xorm:"NOT NULL DEFAULT FALSE"`
	RedirectURIs               []string           `xorm:"redirect_uris JSON TEXT"`
	CreatedUnix                timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix                timeutil.TimeStamp `xorm:"INDEX updated"`
}
    OAuth2Application represents an OAuth2 client (RFC 6749)
func CreateOAuth2Application ¶
func CreateOAuth2Application(ctx context.Context, opts CreateOAuth2ApplicationOptions) (*OAuth2Application, error)
CreateOAuth2Application inserts a new oauth2 application
func GetOAuth2ApplicationByClientID ¶
func GetOAuth2ApplicationByClientID(ctx context.Context, clientID string) (app *OAuth2Application, err error)
GetOAuth2ApplicationByClientID returns the oauth2 application with the given client_id. Returns an error if not found.
func GetOAuth2ApplicationByID ¶
func GetOAuth2ApplicationByID(ctx context.Context, id int64) (app *OAuth2Application, err error)
GetOAuth2ApplicationByID returns the oauth2 application with the given id. Returns an error if not found.
func UpdateOAuth2Application ¶
func UpdateOAuth2Application(ctx context.Context, opts UpdateOAuth2ApplicationOptions) (*OAuth2Application, error)
UpdateOAuth2Application updates an oauth2 application
func (*OAuth2Application) ContainsRedirectURI ¶
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool
ContainsRedirectURI checks if redirectURI is allowed for app
func (*OAuth2Application) CreateGrant ¶
func (app *OAuth2Application) CreateGrant(ctx context.Context, userID int64, scope string) (*OAuth2Grant, error)
CreateGrant generates a grant for an user
func (*OAuth2Application) GenerateClientSecret ¶
func (app *OAuth2Application) GenerateClientSecret(ctx context.Context) (string, error)
GenerateClientSecret will generate the client secret and returns the plaintext and saves the hash at the database
func (*OAuth2Application) GetGrantByUserID ¶
func (app *OAuth2Application) GetGrantByUserID(ctx context.Context, userID int64) (grant *OAuth2Grant, err error)
GetGrantByUserID returns a OAuth2Grant by its user and application ID
func (*OAuth2Application) TableName ¶
func (app *OAuth2Application) TableName() string
TableName sets the table name to `oauth2_application`
func (*OAuth2Application) ValidateClientSecret ¶
func (app *OAuth2Application) ValidateClientSecret(secret []byte) bool
ValidateClientSecret validates the given secret by the hash saved in database
type OAuth2AuthorizationCode ¶
type OAuth2AuthorizationCode struct {
	ID                  int64        `xorm:"pk autoincr"`
	Grant               *OAuth2Grant `xorm:"-"`
	GrantID             int64
	Code                string `xorm:"INDEX unique"`
	CodeChallenge       string
	CodeChallengeMethod string
	RedirectURI         string
	ValidUntil          timeutil.TimeStamp `xorm:"index"`
}
    OAuth2AuthorizationCode is a code to obtain an access token in combination with the client secret once. It has a limited lifetime.
func GetOAuth2AuthorizationByCode ¶
func GetOAuth2AuthorizationByCode(ctx context.Context, code string) (auth *OAuth2AuthorizationCode, err error)
GetOAuth2AuthorizationByCode returns an authorization by its code
func (*OAuth2AuthorizationCode) GenerateRedirectURI ¶
func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL, error)
GenerateRedirectURI generates a redirect URI for a successful authorization request. State will be used if not empty.
func (*OAuth2AuthorizationCode) Invalidate ¶
func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error
Invalidate deletes the auth code from the database to invalidate this code
func (*OAuth2AuthorizationCode) TableName ¶
func (code *OAuth2AuthorizationCode) TableName() string
TableName sets the table name to `oauth2_authorization_code`
func (*OAuth2AuthorizationCode) ValidateCodeChallenge ¶
func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool
ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE implementation.
type OAuth2Grant ¶
type OAuth2Grant struct {
	ID            int64              `xorm:"pk autoincr"`
	UserID        int64              `xorm:"INDEX unique(user_application)"`
	Application   *OAuth2Application `xorm:"-"`
	ApplicationID int64              `xorm:"INDEX unique(user_application)"`
	Counter       int64              `xorm:"NOT NULL DEFAULT 1"`
	Scope         string             `xorm:"TEXT"`
	Nonce         string             `xorm:"TEXT"`
	CreatedUnix   timeutil.TimeStamp `xorm:"created"`
	UpdatedUnix   timeutil.TimeStamp `xorm:"updated"`
}
    OAuth2Grant represents the permission of an user for a specific application to access resources
func GetOAuth2GrantByID ¶
func GetOAuth2GrantByID(ctx context.Context, id int64) (grant *OAuth2Grant, err error)
GetOAuth2GrantByID returns the grant with the given ID
func GetOAuth2GrantsByUserID ¶
func GetOAuth2GrantsByUserID(ctx context.Context, uid int64) ([]*OAuth2Grant, error)
GetOAuth2GrantsByUserID lists all grants of a certain user
func (*OAuth2Grant) GenerateNewAuthorizationCode ¶
func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redirectURI, codeChallenge, codeChallengeMethod string) (code *OAuth2AuthorizationCode, err error)
GenerateNewAuthorizationCode generates a new authorization code for a grant and saves it to the database
func (*OAuth2Grant) IncreaseCounter ¶
func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error
IncreaseCounter increases the counter and updates the grant
func (*OAuth2Grant) ScopeContains ¶
func (grant *OAuth2Grant) ScopeContains(scope string) bool
ScopeContains returns true if the grant scope contains the specified scope
func (*OAuth2Grant) SetNonce ¶
func (grant *OAuth2Grant) SetNonce(ctx context.Context, nonce string) error
SetNonce updates the current nonce value of a grant
func (*OAuth2Grant) TableName ¶
func (grant *OAuth2Grant) TableName() string
TableName sets the table name to `oauth2_grant`
type RegisterableSource ¶
RegisterableSource configurations provide RegisterSource which needs to be run on creation
type SSHKeyProvider ¶
type SSHKeyProvider interface {
	ProvidesSSHKeys() bool
}
    SSHKeyProvider configurations provide ProvidesSSHKeys to check if they provide SSHKeys
type Session ¶
type Session struct {
	Key    string             `xorm:"pk CHAR(16)"` // has to be Key to match with go-chi/session
	Data   []byte             `xorm:"BLOB"`        // on MySQL this has a maximum size of 64Kb - this may need to be increased
	Expiry timeutil.TimeStamp // has to be Expiry to match with go-chi/session
}
    Session represents a session compatible for go-chi session
func ReadSession ¶
ReadSession reads the data for the provided session
type SkipVerifiable ¶
type SkipVerifiable interface {
	IsSkipVerify() bool
}
    SkipVerifiable configurations provide a IsSkipVerify to check if SkipVerify is set
type Source ¶
type Source struct {
	ID              int64 `xorm:"pk autoincr"`
	Type            Type
	Name            string `xorm:"UNIQUE"`
	IsActive        bool   `xorm:"INDEX NOT NULL DEFAULT false"`
	IsSyncEnabled   bool   `xorm:"INDEX NOT NULL DEFAULT false"`
	TwoFactorPolicy string `xorm:"two_factor_policy NOT NULL DEFAULT ''"`
	Cfg             Config `xorm:"TEXT"`
	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
}
    Source represents an external way for authorizing users.
func GetActiveOAuth2SourceByName ¶
GetActiveOAuth2SourceByName returns a OAuth2 AuthSource based on the given name
func GetSourceByID ¶
GetSourceByID returns login source by given ID.
func (*Source) BeforeSet ¶
BeforeSet is invoked from XORM before setting the value of a field of this object.
func (*Source) SkipVerify ¶
SkipVerify returns true if this source is configured to skip SSL verification.
func (*Source) TwoFactorShouldSkip ¶ added in v1.24.0
type TwoFactor ¶
type TwoFactor struct {
	ID               int64 `xorm:"pk autoincr"`
	UID              int64 `xorm:"UNIQUE"`
	Secret           string
	ScratchSalt      string
	ScratchHash      string
	LastUsedPasscode string             `xorm:"VARCHAR(10)"`
	CreatedUnix      timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix      timeutil.TimeStamp `xorm:"INDEX updated"`
}
    TwoFactor represents a two-factor authentication token.
func GetTwoFactorByUID ¶
GetTwoFactorByUID returns the two-factor authentication token associated with the user, if any.
func (*TwoFactor) GenerateScratchToken ¶
GenerateScratchToken recreates the scratch token the user is using.
func (*TwoFactor) ValidateTOTP ¶
ValidateTOTP validates the provided passcode.
func (*TwoFactor) VerifyScratchToken ¶
VerifyScratchToken verifies if the specified scratch token is valid.
type Type ¶
type Type int
Type represents an login type.
type UpdateOAuth2ApplicationOptions ¶
type UpdateOAuth2ApplicationOptions struct {
	ID                         int64
	Name                       string
	UserID                     int64
	ConfidentialClient         bool
	SkipSecondaryAuthorization bool
	RedirectURIs               []string
}
    UpdateOAuth2ApplicationOptions holds options to update an oauth2 application
type UseTLSer ¶
type UseTLSer interface {
	UseTLS() bool
}
    UseTLSer configurations provide a HasTLS to check if TLS is enabled
type WebAuthnCredential ¶
type WebAuthnCredential struct {
	ID              int64 `xorm:"pk autoincr"`
	Name            string
	LowerName       string `xorm:"unique(s)"`
	UserID          int64  `xorm:"INDEX unique(s)"`
	CredentialID    []byte `xorm:"INDEX VARBINARY(1024)"`
	PublicKey       []byte
	AttestationType string
	AAGUID          []byte
	SignCount       uint32 `xorm:"BIGINT"`
	CloneWarning    bool
	CreatedUnix     timeutil.TimeStamp `xorm:"INDEX created"`
	UpdatedUnix     timeutil.TimeStamp `xorm:"INDEX updated"`
}
    WebAuthnCredential represents the WebAuthn credential data for a public-key credential conformant to WebAuthn Level 1
func CreateCredential ¶
func CreateCredential(ctx context.Context, userID int64, name string, cred *webauthn.Credential) (*WebAuthnCredential, error)
CreateCredential will create a new WebAuthnCredential from the given Credential
func GetWebAuthnCredentialByCredID ¶
func GetWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID []byte) (*WebAuthnCredential, error)
GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID
func GetWebAuthnCredentialByID ¶
func GetWebAuthnCredentialByID(ctx context.Context, id int64) (*WebAuthnCredential, error)
GetWebAuthnCredentialByID returns WebAuthn credential by id
func GetWebAuthnCredentialByName ¶
func GetWebAuthnCredentialByName(ctx context.Context, uid int64, name string) (*WebAuthnCredential, error)
GetWebAuthnCredentialByName returns WebAuthn credential by id
func (*WebAuthnCredential) AfterLoad ¶
func (cred *WebAuthnCredential) AfterLoad()
AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (*WebAuthnCredential) BeforeInsert ¶
func (cred *WebAuthnCredential) BeforeInsert()
BeforeInsert will be invoked by XORM before updating a record
func (*WebAuthnCredential) BeforeUpdate ¶
func (cred *WebAuthnCredential) BeforeUpdate()
BeforeUpdate will be invoked by XORM before updating a record
func (WebAuthnCredential) TableName ¶
func (cred WebAuthnCredential) TableName() string
TableName returns a better table name for WebAuthnCredential
func (*WebAuthnCredential) UpdateSignCount ¶
func (cred *WebAuthnCredential) UpdateSignCount(ctx context.Context) error
UpdateSignCount will update the database value of SignCount
type WebAuthnCredentialList ¶
type WebAuthnCredentialList []*WebAuthnCredential
WebAuthnCredentialList is a list of *WebAuthnCredential
func GetWebAuthnCredentialsByUID ¶
func GetWebAuthnCredentialsByUID(ctx context.Context, uid int64) (WebAuthnCredentialList, error)
GetWebAuthnCredentialsByUID returns all WebAuthn credentials of the given user
func (WebAuthnCredentialList) ToCredentials ¶
func (list WebAuthnCredentialList) ToCredentials(defaultAuthFlags ...protocol.AuthenticatorFlags) []webauthn.Credential
ToCredentials will convert all WebAuthnCredentials to webauthn.Credentials