auth

package
v1.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 9, 2019 License: AGPL-3.0 Imports: 35 Imported by: 0

Documentation

Overview

Package auth provides tools related to authentication of pydio services

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FromMetadata added in v1.6.1 

func FromMetadata(ctx context.Context) (c claim.Claims, o bool)

FromMetadata loads Claims from metadata (be passed along by grpc queries)

func SubjectsForResourcePolicyQuery 

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func ToMetadata added in v1.6.1 

func ToMetadata(ctx context.Context, claims claim.Claims) context.Context

ToMetadata stores Claims in metadata (to be passed along by grpc queries)

func WithImpersonate 

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types

type BasicAuthenticator 

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator 

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap 

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type JWTVerifier 

type JWTVerifier struct {
	IssuerUrl string
	// contains filtered or unexported fields
}

func DefaultJWTVerifier 

func DefaultJWTVerifier() *JWTVerifier

func (*JWTVerifier) PasswordCredentialsToken 

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify 

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type MappingRule 

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, sql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix 

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName 

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like: 

user01
user02
user03

func (MappingRule) FilterList 

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg 

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat 

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape 

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues 

func (m MappingRule) SanitizeValues(strs []string) []string

type PydioPW 

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd 

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash 

func (p PydioPW) CreateHash(password string) (base64Pw string)

Source Files

  • basic.go
  • doc.go
  • hasher.go
  • jwt.go
  • mapping-rule.go
  • metadata.go

Directories

Path Synopsis
Package claim wraps the JWT claims with util functions
 Package claim wraps the JWT claims with util functions
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol
 Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.