Documentation
¶
Overview ¶
Package auth provides interfaces and types required for implementing an authenticaor.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthHandler ¶
type AuthHandler interface {
// Init initializes the handler taking config string and logical name as parameters.
Init(jsonconf json.RawMessage, name string) error
// AddRecord adds persistent authentication record to the database.
// Returns: updated auth record, error
AddRecord(rec *Rec, secret []byte) (*Rec, error)
// UpdateRecord updates existing record with new credentials.
// Returns updated auth record, error.
UpdateRecord(rec *Rec, secret []byte) (*Rec, error)
// Authenticate: given a user-provided authentication secret (such as "login:password"), either
// return user's record (ID, time when the secret expires, etc), or issue a challenge to
// continue the authentication process to the next step, or return an error code.
// store.Users.GetAuthRecord("scheme", "unique")
// Returns: user auth record, challenge, error.
Authenticate(secret []byte) (*Rec, []byte, error)
// IsUnique verifies if the provided secret can be considered unique by the auth scheme
// E.g. if login is unique.
IsUnique(secret []byte) (bool, error)
// GenSecret generates a new secret, if appropriate.
GenSecret(rec *Rec) ([]byte, time.Time, error)
// DelRecords deletes (or disables) all authentication records for the given user.
DelRecords(uid types.Uid) error
// RestrictedTags returns the tag namespaces which are restricted by this authenticator.
RestrictedTags() ([]string, error)
// GetResetParams returns authenticator parameters passed to password reset handler
// for the provided user id.
// Returns: map of params.
GetResetParams(uid types.Uid) (map[string]interface{}, error)
}
AuthHandler is the interface which auth providers must implement.
type Feature ¶ added in v0.14.4
type Feature uint16
Feature is a bitmap of authenticated features, such as validated/not validated.
func (Feature) MarshalJSON ¶ added in v0.15.11
MarshalJSON converts AccessMode to a quoted string.
func (Feature) MarshalText ¶ added in v0.15.11
MarshalText converts AccessMode to ASCII byte slice.
func (*Feature) UnmarshalJSON ¶ added in v0.15.11
UnmarshalJSON reads AccessMode from a quoted string.
func (*Feature) UnmarshalText ¶ added in v0.15.11
UnmarshalText parses access mode string as byte slice. Does not change the mode if the string is empty or invalid.
type Level ¶ added in v0.14.4
type Level int
Level is the type for authentication levels.
const ( // LevelNone is undefined/not authenticated LevelNone Level = iota * 10 // LevelAnon is anonymous user/light authentication LevelAnon // LevelAuth is fully authenticated user LevelAuth // LevelRoot is a superuser (currently unused) LevelRoot )
Authentication levels
func ParseAuthLevel ¶ added in v0.14.4
ParseAuthLevel parses authentication level from a string.
func (Level) MarshalJSON ¶ added in v0.15.11
MarshalJSON converts Level to a quoted string.
func (Level) MarshalText ¶ added in v0.15.11
MarshalText converts Level to a slice of bytes with the name of the level.
func (Level) String ¶ added in v0.14.4
String implements Stringer interface: gets human-readable name for a numeric authentication level.
func (*Level) UnmarshalJSON ¶ added in v0.15.11
UnmarshalJSON reads Level from a quoted string.
func (*Level) UnmarshalText ¶ added in v0.15.11
UnmarshalText parses authentication level from a string.
type Rec ¶ added in v0.14.4
type Rec struct {
// User ID
Uid types.Uid `json:"uid,omitempty"`
// Authentication level
AuthLevel Level `json:"authlvl,omitempty"`
// Lifetime of this record
Lifetime time.Duration `json:"lifetime,omitempty"`
// Bitmap of features. Currently 'validated'/'not validated' only.
Features Feature `json:"features,omitempty"`
// Tags generated by this authentication record.
Tags []string `json:"tags,omitempty"`
// User account state received or read by the authenticator.
State types.ObjState
// Authenticator may request the server to create a new account.
// These are the account parameters which can be used for creating the account.
DefAcs *types.DefaultAccess `json:"defacs,omitempty"`
Public interface{} `json:"public,omitempty"`
Private interface{} `json:"private,omitempty"`
}
Rec is an authentication record.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package anon provides authentication without credentials.
|
Package anon provides authentication without credentials. |
|
Package basic is an authenticator by login-password.
|
Package basic is an authenticator by login-password. |
|
Package REST provides authentication by calling a separate process over REST API.
|
Package REST provides authentication by calling a separate process over REST API. |
|
Package token implements authentication by HMAC-signed security token.
|
Package token implements authentication by HMAC-signed security token. |