auth

package
v2.0.8+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2020 License: AGPL-3.0 Imports: 41 Imported by: 0

Documentation

Overview

Package auth provides tools related to authentication of pydio services

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddContextVerifier 

func AddContextVerifier(v ContextVerifier)

AddContextVerifier registers an additional verifier

func FromMetadata added in v1.6.1 

func FromMetadata(ctx context.Context) (c claim.Claims, o bool)

FromMetadata loads Claims from metadata (be passed along by grpc queries)

func RegisterDexProvider 

func RegisterDexProvider(c common.ConfigValues)

func RegisterGRPCProvider 

func RegisterGRPCProvider(service string)

func RegisterOryProvider 

func RegisterOryProvider(o fosite.OAuth2Provider)

func SubjectsForResourcePolicyQuery 

func SubjectsForResourcePolicyQuery(ctx context.Context, q *rest.ResourcePolicyQuery) (subjects []string, err error)

SubjectsForResourcePolicyQuery prepares a slice of strings that will be used to check for resource ownership. Can be extracted either from context or by loading a given user ID from database.

func ToMetadata added in v1.6.1 

func ToMetadata(ctx context.Context, claims claim.Claims) context.Context

ToMetadata stores Claims in metadata (to be passed along by grpc queries)

func VerifyContext 

func VerifyContext(ctx context.Context, user *idm.User) error

func WithImpersonate 

func WithImpersonate(ctx context.Context, user *idm.User) context.Context

Add a fake Claims in context to impersonate user

Types

type BasicAuthenticator 

type BasicAuthenticator struct {
	TTL   time.Duration
	Realm string
	// contains filtered or unexported fields
}

func NewBasicAuthenticator 

func NewBasicAuthenticator(realm string, ttl time.Duration) *BasicAuthenticator

func (*BasicAuthenticator) Wrap 

func (b *BasicAuthenticator) Wrap(handler http.Handler) http.HandlerFunc

type ContextVerifier 

type ContextVerifier interface {
	Verify(ctx context.Context, user *idm.User) error
}

type Exchanger 

type Exchanger interface {
	Exchange(context.Context, string) (*oauth2.Token, error)
}

type IDToken 

type IDToken interface {
	Claims(interface{}) error
}

type JWTVerifier 

type JWTVerifier struct{}

func DefaultJWTVerifier 

func DefaultJWTVerifier() *JWTVerifier

DefaultJWTVerifier creates a ready to use JWTVerifier

func (*JWTVerifier) Exchange 

func (j *JWTVerifier) Exchange(ctx context.Context, code string) (*oauth2.Token, error)

Exchange retrives a oauth2 Token from a code

func (*JWTVerifier) PasswordCredentialsToken 

func (j *JWTVerifier) PasswordCredentialsToken(ctx context.Context, userName string, password string) (context.Context, claim.Claims, error)

PasswordCredentialsToken will perform a call to the OIDC service with grantType "password" to get a valid token from a given user/pass credentials

func (*JWTVerifier) Verify 

func (j *JWTVerifier) Verify(ctx context.Context, rawIDToken string) (context.Context, claim.Claims, error)

Verify validates an existing JWT token against the OIDC service that issued it

type LockVerifier 

type LockVerifier struct{}

func (LockVerifier) Verify 

func (l LockVerifier) Verify(ctx context.Context, user *idm.User) error

type MappingRule 

type MappingRule struct {
	RuleName string

	// Left Attribute is attribute of external user (ldap, sql, api ...)
	// For example: displayName, mail, memberOf
	LeftAttribute string

	// Right Attribute is attribute of standard user
	// For example: displayName, email
	// Two reserved attributes: Roles, GroupPath
	RightAttribute string

	// Rule string define an acceptable list of right value
	// It can be:
	// * Empty
	// * A list of accepted values separated by comma , . For example: teacher,researcher,employee
	// * preg string
	RuleString string

	// RolePrefix
	// AuthSourceName_Prefix_RoleID
	RolePrefix string
}

func (MappingRule) AddPrefix 

func (m MappingRule) AddPrefix(prefix string, strs []string) []string

func (MappingRule) ConvertDNtoName 

func (m MappingRule) ConvertDNtoName(strs []string) []string

ConvertDNtoName tries to extract value from distinguishedName For example: member: uid=user01,dc=com,dc=fr member: uid=user02,dc=com,dc=fr member: uid=user03,dc=com,dc=fr return an array like: 

user01
user02
user03

func (MappingRule) FilterList 

func (m MappingRule) FilterList(list []string, strs []string) []string

func (MappingRule) FilterPreg 

func (m MappingRule) FilterPreg(preg string, strs []string) []string

func (MappingRule) IsDnFormat 

func (m MappingRule) IsDnFormat(str string) bool

IsDnFormat simply checks if the passed string is valid. See: https://www.ietf.org/rfc/rfc2253.txt

func (MappingRule) RemoveLdapEscape 

func (m MappingRule) RemoveLdapEscape(strs []string) []string

RemoveLdapEscape remove LDAP escape characters but except '\,'.

func (MappingRule) SanitizeValues 

func (m MappingRule) SanitizeValues(strs []string) []string

type OIDCPoliciesVerifier 

type OIDCPoliciesVerifier struct{}

func (OIDCPoliciesVerifier) Verify 

func (O OIDCPoliciesVerifier) Verify(ctx context.Context, user *idm.User) error

type PasswordCredentialsTokenExchanger 

type PasswordCredentialsTokenExchanger interface {
	PasswordCredentialsToken(context.Context, string, string) (*oauth2.Token, error)
	PasswordCredentialsTokenVerify(context.Context, string) (IDToken, error)
}

type Provider 

type Provider interface {
	GetType() ProviderType
}

type ProviderType 

type ProviderType int
const (
	ProviderTypeDex ProviderType = iota
	ProviderTypeOry
	ProviderTypeGrpc
)

type PydioPW 

type PydioPW struct {
	PBKDF2_HASH_ALGORITHM string
	PBKDF2_ITERATIONS     int
	PBKDF2_SALT_BYTE_SIZE int
	PBKDF2_HASH_BYTE_SIZE int
	HASH_SECTIONS         int
	HASH_ALGORITHM_INDEX  int
	HASH_ITERATION_INDEX  int
	HASH_SALT_INDEX       int
	HASH_PBKDF2_INDEX     int
}

func (PydioPW) CheckDBKDF2PydioPwd 

func (p PydioPW) CheckDBKDF2PydioPwd(password string, hashedPw string, legacySalt ...bool) (bool, error)

func (PydioPW) CreateHash 

func (p PydioPW) CreateHash(password string) (base64Pw string)

type Verifier 

type Verifier interface {
	Verify(context.Context, string) (IDToken, error)
}

Source Files

  • basic.go
  • ctx-verifiers.go
  • doc.go
  • hasher.go
  • jwt.go
  • jwt_dex.go
  • jwt_grpc.go
  • jwt_ory.go
  • mapping-rule.go
  • metadata.go
  • policies.go

Directories

Path Synopsis
Package claim wraps the JWT claims with util functions
 Package claim wraps the JWT claims with util functions
Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol
 Package dex provides specific connectors for the CoreOS/Dex implementation of OpenID Connect protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.