providers

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2018 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrMissingRefreshToken     = errors.New("missing refresh token")
	ErrAuthProviderUnavailable = errors.New("auth provider unavailable")
)

Errors

View Source 
var (
	ErrUnexpectedReturnType = errors.New("received unexpected return type from single flight func call")
)

Error message for ErrUnexpectedReturnType

Functions

func MarshalSession 

func MarshalSession(s *SessionState, c aead.Cipher) (string, error)

MarshalSession marshals the session state as JSON, encrypts the JSON using the given cipher, and base64-encodes the result

Types

type Provider 

type Provider interface {
	Data() *ProviderData
	Redeem(string, string) (*SessionState, error)
	ValidateGroup(string, []string) ([]string, bool, error)
	UserGroups(string, []string) ([]string, error)
	ValidateSessionState(*SessionState, []string) bool
	RefreshSession(*SessionState, []string) (bool, error)
	GetSignInURL(redirectURL *url.URL, state string) *url.URL
	GetSignOutURL(redirectURL *url.URL) *url.URL
}

Provider is an interface exposing functions necessary to authenticate with a given provider.

func New 

func New(provider string, p *ProviderData, sc *statsd.Client) Provider

New returns a new sso Provider

type ProviderData 

type ProviderData struct {
	ProviderName        string
	ProviderURL         *url.URL
	ProviderURLInternal *url.URL
	ClientID            string
	ClientSecret        string
	SignInURL           *url.URL
	SignOutURL          *url.URL
	RedeemURL           *url.URL
	RefreshURL          *url.URL
	ProfileURL          *url.URL
	ValidateURL         *url.URL
	Scope               string

	SessionValidTTL    time.Duration
	SessionLifetimeTTL time.Duration
	GracePeriodTTL     time.Duration
}

ProviderData holds the fields associated with providers necessary to implement the Provider interface.

func (*ProviderData) Data 

func (p *ProviderData) Data() *ProviderData

Data returns the ProviderData struct

type SSOProvider 

type SSOProvider struct {
	*ProviderData

	StatsdClient *statsd.Client
}

SSOProvider holds the data associated with the SSOProviders necessary to implement a SSOProvider interface.

func NewSSOProvider 

func NewSSOProvider(p *ProviderData, sc *statsd.Client) *SSOProvider

NewSSOProvider instantiates a new SSOProvider with provider data and a statsd client.

func (*SSOProvider) GetSignInURL added in v1.1.0 

func (p *SSOProvider) GetSignInURL(redirectURL *url.URL, state string) *url.URL

GetSignInURL with typical oauth parameters

func (*SSOProvider) GetSignOutURL added in v1.1.0 

func (p *SSOProvider) GetSignOutURL(redirectURL *url.URL) *url.URL

GetSignOutURL creates and returns the sign out URL, given a redirectURL

func (*SSOProvider) Redeem 

func (p *SSOProvider) Redeem(redirectURL, code string) (*SessionState, error)

Redeem takes a redirectURL and code and redeems the SessionState

func (*SSOProvider) RefreshSession 

func (p *SSOProvider) RefreshSession(s *SessionState, allowedGroups []string) (bool, error)

RefreshSession takes a SessionState and allowedGroups and refreshes the session access token, returns `true` on success, and `false` on error

func (*SSOProvider) UserGroups 

func (p *SSOProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and returns the UserGroups for that email

func (*SSOProvider) ValidateGroup 

func (p *SSOProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup does a GET request to the profile url and returns true if the user belongs to an authorized group.

func (*SSOProvider) ValidateSessionState 

func (p *SSOProvider) ValidateSessionState(s *SessionState, allowedGroups []string) bool

ValidateSessionState takes a sessionState and allowedGroups and validates the session state

type SessionState 

type SessionState struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`

	RefreshDeadline  time.Time `json:"refresh_deadline"`
	LifetimeDeadline time.Time `json:"lifetime_deadline"`
	ValidDeadline    time.Time `json:"valid_deadline"`
	GracePeriodStart time.Time `json:"grace_period_start"`

	Email  string   `json:"email"`
	User   string   `json:"user"`
	Groups []string `json:"groups"`
}

SessionState is our object that keeps track of a user's session state

func UnmarshalSession 

func UnmarshalSession(value string, c aead.Cipher) (*SessionState, error)

UnmarshalSession takes the marshaled string, base64-decodes into a byte slice, decrypts the byte slice using the pased cipher, and unmarshals the resulting JSON into a session state struct

func (*SessionState) LifetimePeriodExpired 

func (s *SessionState) LifetimePeriodExpired() bool

LifetimePeriodExpired returns true if the lifetime has expired

func (*SessionState) RefreshPeriodExpired 

func (s *SessionState) RefreshPeriodExpired() bool

RefreshPeriodExpired returns true if the refresh period has expired

func (*SessionState) ValidationPeriodExpired 

func (s *SessionState) ValidationPeriodExpired() bool

ValidationPeriodExpired returns true if the validation period has expired

type SingleFlightProvider 

type SingleFlightProvider struct {
	StatsdClient *statsd.Client
	// contains filtered or unexported fields
}

SingleFlightProvider middleware provider that multiple requests for the same object to be processed as a single request. This is often called request collpasing or coalesce. This middleware leverages the golang singlelflight provider, with modifications for metrics.

It's common among HTTP reverse proxy cache servers such as nginx, Squid or Varnish - they all call it something else but works similarly.

* https://www.varnish-cache.org/docs/3.0/tutorial/handling_misbehaving_servers.html * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_lock * http://wiki.squid-cache.org/Features/CollapsedForwarding

func NewSingleFlightProvider 

func NewSingleFlightProvider(provider Provider, StatsdClient *statsd.Client) *SingleFlightProvider

NewSingleFlightProvider instatiates a SingleFlightProvider given a provider and statsdClient

func (*SingleFlightProvider) Data 

func (p *SingleFlightProvider) Data() *ProviderData

Data calls the provider's Data function

func (*SingleFlightProvider) GetSignInURL 

func (p *SingleFlightProvider) GetSignInURL(redirectURI *url.URL, finalRedirect string) *url.URL

GetSignInURL calls the GetSignInURL for the provider, which will return the sign in url

func (*SingleFlightProvider) GetSignOutURL 

func (p *SingleFlightProvider) GetSignOutURL(redirectURI *url.URL) *url.URL

GetSignOutURL calls the GetSignOutURL for the provider, which will return the sign out url

func (*SingleFlightProvider) Redeem 

func (p *SingleFlightProvider) Redeem(redirectURL, code string) (*SessionState, error)

Redeem takes the redirectURL and a code and calls the provider function Redeem

func (*SingleFlightProvider) RefreshSession 

func (p *SingleFlightProvider) RefreshSession(s *SessionState, allowedGroups []string) (bool, error)

RefreshSession takes in a SessionState and allowedGroups and returns false if the session is not refreshed and true if it is.

func (*SingleFlightProvider) UserGroups 

func (p *SingleFlightProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups takes an email and passes it to the provider's UserGroups function and returns the response

func (*SingleFlightProvider) ValidateGroup 

func (p *SingleFlightProvider) ValidateGroup(email string, allowedGroups []string) ([]string, bool, error)

ValidateGroup takes an email, allowedGroups, and userGroups and passes it to the provider's ValidateGroup function and returns the response

func (*SingleFlightProvider) ValidateSessionState 

func (p *SingleFlightProvider) ValidateSessionState(s *SessionState, allowedGroups []string) bool

ValidateSessionState calls the provider's ValidateSessionState function and returns the response

type TestProvider added in v1.1.0 

type TestProvider struct {
	RefreshSessionFunc  func(*SessionState, []string) (bool, error)
	ValidateSessionFunc func(*SessionState, []string) bool
	RedeemFunc          func(string, string) (*SessionState, error)
	UserGroupsFunc      func(string, []string) ([]string, error)
	ValidateGroupsFunc  func(string, []string) ([]string, bool, error)
	*ProviderData
}

TestProvider is a mock provider

func NewTestProvider added in v1.1.0 

func NewTestProvider(providerURL *url.URL, emailAddress string) *TestProvider

NewTestProvider returns a new TestProvider

func (*TestProvider) GetSignInURL added in v1.1.0 

func (tp *TestProvider) GetSignInURL(redirectURL *url.URL, state string) *url.URL

GetSignInURL mocks GetSignInURL

func (*TestProvider) GetSignOutURL added in v1.1.0 

func (tp *TestProvider) GetSignOutURL(redirectURL *url.URL) *url.URL

GetSignOutURL mocks GetSignOutURL function

func (*TestProvider) Redeem added in v1.1.0 

func (tp *TestProvider) Redeem(redirectURL string, token string) (*SessionState, error)

Redeem mocks the provider Redeem function

func (*TestProvider) RefreshSession added in v1.1.0 

func (tp *TestProvider) RefreshSession(s *SessionState, g []string) (bool, error)

RefreshSession mocks the RefreshSession function

func (*TestProvider) UserGroups added in v1.1.0 

func (tp *TestProvider) UserGroups(email string, groups []string) ([]string, error)

UserGroups mocks the UserGroups function

func (*TestProvider) ValidateGroup added in v1.1.0 

func (tp *TestProvider) ValidateGroup(email string, groups []string) ([]string, bool, error)

ValidateGroup mocks the ValidateGroup function

func (*TestProvider) ValidateSessionState added in v1.1.0 

func (tp *TestProvider) ValidateSessionState(s *SessionState, groups []string) bool

ValidateSessionState mocks the ValidateSessionState function

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.