flow

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 26, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrStrategyNotResponsible   = errors.New("strategy is not responsible for this request")
	ErrCompletedByStrategy      = errors.New("flow response completed by strategy")
	ErrStrategyAsksToReturnToUI = errors.New("flow strategy is redirecting to the ui")
)
View Source 
var ErrCookieHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
	WithReasonf(`The HTTP Request Header included the "Cookie" key, indicating that this request was made by a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)
View Source 
var ErrOriginHeaderNeedsBrowserFlow = herodot.ErrBadRequest.
	WithReasonf(`The HTTP Request Header included the "Origin" key, indicating that this request was made as part of an AJAX request in a Browser. The flow however was initiated as an API request. To prevent potential misuse and mitigate several attack vectors including CSRF, the request has been blocked. Please consult the documentation.`)

Functions

func AppendFlowTo 

func AppendFlowTo(src *url.URL, id uuid.UUID) *url.URL

func EnsureCSRF 

func EnsureCSRF(
	reg config.Provider,
	r *http.Request,
	flowType Type,
	disableAPIFlowEnforcement bool,
	generator func(r *http.Request) string,
	actual string,
) error

func ErrorWithContinueWith added in v1.1.0 

func ErrorWithContinueWith(err *herodot.DefaultError, continueWith ...ContinueWith) *herodot.DefaultError

func GetCSRFToken 

func GetCSRFToken(reg interface {
	x.CSRFProvider
	x.CSRFTokenGeneratorProvider
}, w http.ResponseWriter, r *http.Request, p Type) string

func GetFlowExpiredRedirectURL 

func GetFlowExpiredRedirectURL(ctx context.Context, config *config.Config, route, returnTo string) *url.URL

func GetFlowID 

func GetFlowID(r *http.Request) (uuid.UUID, error)

func HandleHookError added in v0.11.0 

func HandleHookError(_ http.ResponseWriter, r *http.Request, f Flow, traits identity.Traits, group node.UiNodeGroup, flowError error, logger x.LoggingProvider, csrf x.CSRFTokenGeneratorProvider) error

func HasReachedState added in v1.1.0 

func HasReachedState(expected, actual State) bool

func MethodEnabledAndAllowed 

func MethodEnabledAndAllowed(ctx context.Context, _ FlowName, expected, actual string, d config.Provider) error

func MethodEnabledAndAllowedFromRequest 

func MethodEnabledAndAllowedFromRequest(r *http.Request, flow FlowName, expected string, d interface {
	config.Provider
},
) error

func PrefixInternalContextKey 

func PrefixInternalContextKey(t identity.CredentialsType, suffix string) string

func SetDuplicateCredentials added in v1.1.0 

func SetDuplicateCredentials(flow InternalContexter, creds DuplicateCredentialsData) error

SetDuplicateCredentials sets the duplicate credentials data in the flow's internal context.

Types

type BrowserLocationChangeRequiredError 

type BrowserLocationChangeRequiredError struct {
	*herodot.DefaultError `json:"error"`

	// Points to where to redirect the user to next.
	RedirectBrowserTo string `json:"redirect_browser_to"`
}

BrowserLocationChangeRequiredError is sent when a flow requires a browser to change its location.

func NewBrowserLocationChangeRequiredError 

func NewBrowserLocationChangeRequiredError(redirectTo string) *BrowserLocationChangeRequiredError

func (*BrowserLocationChangeRequiredError) EnhanceJSONError 

func (e *BrowserLocationChangeRequiredError) EnhanceJSONError() interface{}

type ContinueWith added in v0.13.0 

type ContinueWith any

swagger:model continueWith

type ContinueWithActionRedirectBrowserTo added in v1.3.0 

type ContinueWithActionRedirectBrowserTo string

swagger:enum ContinueWithActionRedirectBrowserTo 

const (
	ContinueWithActionRedirectBrowserToString ContinueWithActionRedirectBrowserTo = "redirect_browser_to"
)

#nosec G101 -- only a key constant

type ContinueWithActionSetOrySessionToken added in v0.13.0 

type ContinueWithActionSetOrySessionToken string

swagger:enum ContinueWithActionSetOrySessionToken 

const (
	ContinueWithActionSetOrySessionTokenString ContinueWithActionSetOrySessionToken = "set_ory_session_token" // #nosec G101 -- only a key constant
)

type ContinueWithActionShowRecoveryUI added in v1.1.0 

type ContinueWithActionShowRecoveryUI string

swagger:enum ContinueWithActionShowRecoveryUI 

const (
	ContinueWithActionShowRecoveryUIString ContinueWithActionShowRecoveryUI = "show_recovery_ui"
)

#nosec G101 -- only a key constant

type ContinueWithActionShowSettingsUI added in v1.1.0 

type ContinueWithActionShowSettingsUI string

swagger:enum ContinueWithActionShowSettingsUI 

const (
	ContinueWithActionShowSettingsUIString ContinueWithActionShowSettingsUI = "show_settings_ui"
)

#nosec G101 -- only a key constant

type ContinueWithActionShowVerificationUI added in v0.13.0 

type ContinueWithActionShowVerificationUI string

swagger:enum ContinueWithActionShowVerificationUI 

const (
	ContinueWithActionShowVerificationUIString ContinueWithActionShowVerificationUI = "show_verification_ui"
)

#nosec G101 -- only a key constant

type ContinueWithRecoveryUI added in v1.1.0 

type ContinueWithRecoveryUI struct {
	// Action will always be `show_recovery_ui`
	//
	// required: true
	Action ContinueWithActionShowRecoveryUI `json:"action"`
	// Flow contains the ID of the recovery flow
	//
	// required: true
	Flow ContinueWithRecoveryUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a recovery ui

swagger:model continueWithRecoveryUi

func NewContinueWithRecoveryUI added in v1.1.0 

func NewContinueWithRecoveryUI(f Flow) *ContinueWithRecoveryUI

type ContinueWithRecoveryUIFlow added in v1.1.0 

type ContinueWithRecoveryUIFlow struct {
	// The ID of the recovery flow
	//
	// required: true
	ID uuid.UUID `json:"id"`

	// The URL of the recovery flow
	//
	// If this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.
	//
	// required: false
	URL string `json:"url,omitempty"`
}

swagger:model continueWithRecoveryUiFlow

type ContinueWithRedirectBrowserTo added in v1.3.0 

type ContinueWithRedirectBrowserTo struct {
	// Action will always be `redirect_browser_to`
	//
	// required: true
	Action ContinueWithActionRedirectBrowserTo `json:"action"`

	// The URL to redirect the browser to
	//
	// required: true
	RedirectTo string `json:"redirect_browser_to"`
}

Indicates, that the UI flow could be continued by showing a recovery ui

swagger:model continueWithRedirectBrowserTo

func NewContinueWithRedirectBrowserTo added in v1.3.0 

func NewContinueWithRedirectBrowserTo(redirectTo string) *ContinueWithRedirectBrowserTo

type ContinueWithSetOrySessionToken added in v1.1.0 

type ContinueWithSetOrySessionToken struct {
	// Action will always be `set_ory_session_token`
	//
	// required: true
	Action ContinueWithActionSetOrySessionToken `json:"action"`

	// Token is the token of the session
	//
	// required: true
	OrySessionToken string `json:"ory_session_token"`
}

Indicates that a session was issued, and the application should use this token for authenticated requests

swagger:model continueWithSetOrySessionToken

func NewContinueWithSetToken added in v0.13.0 

func NewContinueWithSetToken(t string) *ContinueWithSetOrySessionToken

func (ContinueWithSetOrySessionToken) AppendTo added in v1.1.0 

func (ContinueWithSetOrySessionToken) AppendTo(url.Values) url.Values

type ContinueWithSettingsUI added in v1.1.0 

type ContinueWithSettingsUI struct {
	// Action will always be `show_settings_ui`
	//
	// required: true
	Action ContinueWithActionShowSettingsUI `json:"action"`

	// Flow contains the ID of the verification flow
	//
	// required: true
	Flow ContinueWithSettingsUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a settings ui

swagger:model continueWithSettingsUi

func NewContinueWithSettingsUI added in v1.1.0 

func NewContinueWithSettingsUI(f Flow, redirectTo string) *ContinueWithSettingsUI

type ContinueWithSettingsUIFlow added in v1.1.0 

type ContinueWithSettingsUIFlow struct {
	// The ID of the settings flow
	//
	// required: true
	ID uuid.UUID `json:"id"`

	// The URL of the settings flow
	//
	// If this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.
	//
	// required: false
	URL string `json:"url,omitempty"`
}

swagger:model continueWithSettingsUiFlow

type ContinueWithVerificationUI added in v0.13.0 

type ContinueWithVerificationUI struct {
	// Action will always be `show_verification_ui`
	//
	// required: true
	Action ContinueWithActionShowVerificationUI `json:"action"`
	// Flow contains the ID of the verification flow
	//
	// required: true
	Flow ContinueWithVerificationUIFlow `json:"flow"`
}

Indicates, that the UI flow could be continued by showing a verification ui

swagger:model continueWithVerificationUi

func NewContinueWithVerificationUI added in v0.13.0 

func NewContinueWithVerificationUI(f Flow, address, url string) *ContinueWithVerificationUI

func (ContinueWithVerificationUI) AppendTo added in v0.13.0 

func (c ContinueWithVerificationUI) AppendTo(src *url.URL) *url.URL

type ContinueWithVerificationUIFlow added in v0.13.0 

type ContinueWithVerificationUIFlow struct {
	// The ID of the verification flow
	//
	// required: true
	ID uuid.UUID `json:"id"`

	// The address that should be verified in this flow
	//
	// required: true
	VerifiableAddress string `json:"verifiable_address"`

	// The URL of the verification flow
	//
	// If this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.
	//
	// required: false
	URL string `json:"url,omitempty"`
}

swagger:model continueWithVerificationUiFlow

type DuplicateCredentialsData added in v1.1.0 

type DuplicateCredentialsData struct {
	CredentialsType     identity.CredentialsType
	CredentialsConfig   sqlxx.JSONRawMessage
	DuplicateIdentifier string
}

func DuplicateCredentials added in v1.1.0 

func DuplicateCredentials(flow InternalContexter) (*DuplicateCredentialsData, error)

DuplicateCredentials returns the duplicate credentials data from the flow's internal context.

type ExpiredError 

type ExpiredError struct {
	*herodot.DefaultError `json:"error"`

	// When the flow has expired
	ExpiredAt time.Time `json:"expired_at"`

	// DEPRECATED: Please use the "expired_at" field instead to have a more accurate result.
	Since time.Duration `json:"since"`

	// The flow ID that should be used for the new flow as it contains the correct messages.
	FlowID uuid.UUID `json:"use_flow_id"`
	// contains filtered or unexported fields
}

ExpiredError is sent when a flow is expired

func NewFlowExpiredError 

func NewFlowExpiredError(at time.Time) *ExpiredError

func (*ExpiredError) EnhanceJSONError 

func (e *ExpiredError) EnhanceJSONError() interface{}

func (*ExpiredError) GetFlow 

func (e *ExpiredError) GetFlow() Flow

func (*ExpiredError) Unwrap added in v1.1.0 

func (e *ExpiredError) Unwrap() error

func (*ExpiredError) WithContinueWith added in v1.1.0 

func (e *ExpiredError) WithContinueWith(continueWith ...ContinueWith) *ExpiredError

func (*ExpiredError) WithFlow 

func (e *ExpiredError) WithFlow(flow Flow) *ExpiredError

type Flow 

type Flow interface {
	GetID() uuid.UUID
	GetType() Type
	GetRequestURL() string
	AppendTo(*url.URL) *url.URL
	GetUI() *container.Container
	GetState() State
	SetState(State)
	GetFlowName() FlowName
	GetTransientPayload() json.RawMessage
}

type FlowName added in v1.1.0 

type FlowName string

FlowName is the flow name.

The flow name can be one of: - 'login' - 'registration' - 'settings' - 'recovery' - 'verification'

swagger:ignore 

const (
	LoginFlow        FlowName = "login"
	RegistrationFlow FlowName = "registration"
	SettingsFlow     FlowName = "settings"
	RecoveryFlow     FlowName = "recovery"
	VerificationFlow FlowName = "verification"
)

type FlowWithContinueWith added in v0.13.0 

type FlowWithContinueWith interface {
	Flow
	AddContinueWith(ContinueWith)
	ContinueWith() []ContinueWith
}

type FlowWithRedirect added in v1.0.0 

type FlowWithRedirect interface {
	SecureRedirectToOpts(ctx context.Context, cfg config.Provider) (opts []x.SecureRedirectOption)
}

type InternalContexter added in v1.1.0 

type InternalContexter interface {
	EnsureInternalContext()
	GetInternalContext() sqlxx.JSONRawMessage
	SetInternalContext(sqlxx.JSONRawMessage)
}

type MethodConfigurator 

type MethodConfigurator interface {
	container.NodeGetter

	container.ErrorParser

	// form.NodeSetter
	// form.NodeUnsetter
	container.ValueSetter

	container.Resetter
	container.MessageResetter
	container.CSRFSetter
	container.FieldSorter
}

swagger:ignore

type ReplacedError added in v0.11.0 

type ReplacedError struct {
	*herodot.DefaultError `json:"error"`

	// The flow ID that should be used for the new flow as it contains the correct messages.
	FlowID uuid.UUID `json:"use_flow_id"`
	// contains filtered or unexported fields
}

ReplacedError is sent when a flow is replaced by a different flow of the same class

func NewFlowReplacedError added in v0.11.0 

func NewFlowReplacedError(message *text.Message) *ReplacedError

func (*ReplacedError) EnhanceJSONError added in v0.11.0 

func (e *ReplacedError) EnhanceJSONError() interface{}

func (*ReplacedError) GetFlow added in v0.11.0 

func (e *ReplacedError) GetFlow() Flow

func (*ReplacedError) WithFlow added in v0.11.0 

func (e *ReplacedError) WithFlow(flow Flow) *ReplacedError

type State added in v1.1.0 

type State string

Flow State

The state represents the state of the verification flow.

- choose_method: ask the user to choose a method (e.g. recover account via email) - sent_email: the email has been sent to the user - passed_challenge: the request was successful and the recovery challenge was passed. - show_form: a form is shown to the user to perform the flow - success: the flow has been completed successfully

swagger:enum selfServiceFlowState 

const (
	StateChooseMethod    State = "choose_method"
	StateEmailSent       State = "sent_email"
	StatePassedChallenge State = "passed_challenge"
	StateShowForm        State = "show_form"
	StateSuccess         State = "success"
)

#nosec G101 -- only a key constant

func NextState added in v1.1.0 

func NextState(current State) State

func (State) MarshalJSON added in v1.1.0 

func (ns State) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*State) Scan added in v1.1.0 

func (ns *State) Scan(value interface{}) error

Scan implements the Scanner interface.

func (State) String added in v1.1.0 

func (ns State) String() string

String implements the Stringer interface.

func (*State) UnmarshalJSON added in v1.1.0 

func (ns *State) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (State) Value added in v1.1.0 

func (ns State) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type Type 

type Type string

Type is the flow type.

The flow type can either be `api` or `browser`.

swagger:model selfServiceFlowType 

const (
	TypeAPI     Type = "api"
	TypeBrowser Type = "browser"
)

func (Type) IsAPI added in v0.11.0 

func (t Type) IsAPI() bool

func (Type) IsBrowser added in v0.11.0 

func (t Type) IsBrowser() bool

func (Type) String added in v1.1.0 

func (t Type) String() string

func (Type) Valid added in v1.2.0 

func (t Type) Valid() bool

Source Files

View all Source files

Directories

Path Synopsis
test
test
test
test
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.