Skip to content
Snippets Groups Projects
Select Git revision
  • b1b0f1bafe4c8458a11e0b54cbbac849a79e4bc4
  • master default
  • renovate/golang.org-x-crypto-0.x
  • renovate/go-1.x
  • renovate/golang.org-x-sync-0.x
  • renovate/opentelemetry-go-monorepo
  • renovate/github.com-go-webauthn-webauthn-0.x
  • renovate/github.com-mattn-go-sqlite3-1.x
  • renovate/github.com-go-ldap-ldap-v3-3.x
  • renovate/github.com-prometheus-client_golang-1.x
  • renovate/github.com-google-go-cmp-0.x
  • renovate/github.com-lunixbochs-struc-digest
  • renovate/github.com-duo-labs-webauthn-digest
13 results

watcher.go

Blame
    • actions.go 18.57 KiB 
    package accountserver

import (
	"context"
	"crypto/rand"
	"encoding/base64"
	"errors"

	"git.autistici.org/ai3/go-common/pwhash"
	"git.autistici.org/id/go-sso"
	"git.autistici.org/id/keystore/userenckey"
	"github.com/pquerna/otp/totp"
)

// Backend user database interface.
//
// We are using a transactional interface even if the actual backend
// (LDAP) does not support atomic transactions, just so it is easy to
// add more backends in the future (like SQL).
type Backend interface {
	NewTransaction() (TX, error)
}

// TX represents a single transaction with the backend and offers a
// high-level data management abstraction.
//
// All methods share similar semantics: Get methods will return nil if
// the requested object is not found, and only return an error in case
// of trouble reaching the backend itself.
//
// The backend enforces strict public/private data separation by
// having Get methods return public objects (as defined in types.go),
// and using specialized methods to modify the private
// (authentication-related) attributes.
//
// We might add more sophisticated resource query methods later, as
// admin-level functionality.
//
type TX interface {
	Commit(context.Context) error

	GetResource(context.Context, ResourceID) (*Resource, error)
	UpdateResource(context.Context, *Resource) error
	SetResourcePassword(context.Context, *Resource, string) error

	GetUser(context.Context, string) (*User, error)
	SetUserPassword(context.Context, *User, string) error
	GetUserEncryptionKeys(context.Context, *User) ([]*UserEncryptionKey, error)
	SetUserEncryptionKeys(context.Context, *User, []*UserEncryptionKey) error
	SetUserEncryptionPublicKey(context.Context, *User, []byte) error
	SetApplicationSpecificPassword(context.Context, *User, *AppSpecificPasswordInfo, string) error
	DeleteApplicationSpecificPassword(context.Context, *User, string) error
	SetUserTOTPSecret(context.Context, *User, string) error
	DeleteUserTOTPSecret(context.Context, *User) error

	HasAnyResource(context.Context, []FindResourceRequest) (bool, error)
}

// FindResourceRequest contains parameters for searching a resource by name.
type FindResourceRequest struct {
	Type string
	Name string
}

// AccountService implements the business logic and high-level
// functionality of the user accounts management service.
type AccountService struct {
	validator     sso.Validator
	ssoService    string
	ssoGroups     []string