auth

package

v1.4.1 Latest Latest Go to latest Published: Mar 5, 2019 License: AGPL-3.0 Imports: 34 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitproxy.zycloud.tk/pydio/cells

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides tools related to authentication of pydio services

Index ¶

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)
func WithImpersonate(ctx context.Context, user *idm.User) context.Context
type BasicAuthenticator
- func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator
- func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc
type JWTVerifier
- func DefaultJWTVerifier() *JWTVerifier
- func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)
- func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)
type MappingRule
type PydioPW
- func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)
- func (p PydioPW) CreateHash(password string) (base64Pw string)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func SubjectsForResourcePolicyQuery ¶

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func WithImpersonate ¶

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types ¶

type BasicAuthenticator ¶

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator ¶

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap ¶

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type JWTVerifier ¶

type JWTVerifier struct {
	IssuerUrl string
	// contains filtered or unexported fields
}

func DefaultJWTVerifier ¶

func DefaultJWTVerifier() *JWTVerifier

func (*JWTVerifier) PasswordCredentialsToken ¶

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify ¶

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type MappingRule ¶

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, mysql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix ¶

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName ¶

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like:

user01
user02
user03

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg ¶

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat ¶

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape ¶

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues ¶

func (m MappingRule) SanitizeValues(strs []string) []string

type PydioPW ¶

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd ¶

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash ¶

func (p PydioPW) CreateHash(password string) (base64Pw string)

Source Files ¶

basic.go
doc.go
hasher.go
jwt.go
mapping-rule.go

Directories ¶

Path	Synopsis
claim Package claim wraps the JWT claims with util functions	Package claim wraps the JWT claims with util functions
dex Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol	Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL