Skip to content
Snippets Groups Projects
Select Git revision
  • b1b0f1bafe4c8458a11e0b54cbbac849a79e4bc4
  • master default
  • renovate/golang.org-x-crypto-0.x
  • renovate/go-1.x
  • renovate/golang.org-x-sync-0.x
  • renovate/opentelemetry-go-monorepo
  • renovate/github.com-go-webauthn-webauthn-0.x
  • renovate/github.com-mattn-go-sqlite3-1.x
  • renovate/github.com-go-ldap-ldap-v3-3.x
  • renovate/github.com-prometheus-client_golang-1.x
  • renovate/github.com-google-go-cmp-0.x
  • renovate/github.com-lunixbochs-struc-digest
  • renovate/github.com-duo-labs-webauthn-digest
13 results

watcher.go

Blame
  • actions.go 18.57 KiB
    package accountserver
    
    import (
    	"context"
    	"crypto/rand"
    	"encoding/base64"
    	"errors"
    
    	"git.autistici.org/ai3/go-common/pwhash"
    	"git.autistici.org/id/go-sso"
    	"git.autistici.org/id/keystore/userenckey"
    	"github.com/pquerna/otp/totp"
    )
    
    // Backend user database interface.
    //
    // We are using a transactional interface even if the actual backend
    // (LDAP) does not support atomic transactions, just so it is easy to
    // add more backends in the future (like SQL).
    type Backend interface {
    	NewTransaction() (TX, error)
    }
    
    // TX represents a single transaction with the backend and offers a
    // high-level data management abstraction.
    //
    // All methods share similar semantics: Get methods will return nil if
    // the requested object is not found, and only return an error in case
    // of trouble reaching the backend itself.
    //
    // The backend enforces strict public/private data separation by
    // having Get methods return public objects (as defined in types.go),
    // and using specialized methods to modify the private
    // (authentication-related) attributes.
    //
    // We might add more sophisticated resource query methods later, as
    // admin-level functionality.
    //
    type TX interface {
    	Commit(context.Context) error
    
    	GetResource(context.Context, ResourceID) (*Resource, error)
    	UpdateResource(context.Context, *Resource) error
    	SetResourcePassword(context.Context, *Resource, string) error
    
    	GetUser(context.Context, string) (*User, error)
    	SetUserPassword(context.Context, *User, string) error
    	GetUserEncryptionKeys(context.Context, *User) ([]*UserEncryptionKey, error)
    	SetUserEncryptionKeys(context.Context, *User, []*UserEncryptionKey) error
    	SetUserEncryptionPublicKey(context.Context, *User, []byte) error
    	SetApplicationSpecificPassword(context.Context, *User, *AppSpecificPasswordInfo, string) error
    	DeleteApplicationSpecificPassword(context.Context, *User, string) error
    	SetUserTOTPSecret(context.Context, *User, string) error
    	DeleteUserTOTPSecret(context.Context, *User) error
    
    	HasAnyResource(context.Context, []FindResourceRequest) (bool, error)
    }
    
    // FindResourceRequest contains parameters for searching a resource by name.
    type FindResourceRequest struct {
    	Type string
    	Name string
    }
    
    // AccountService implements the business logic and high-level
    // functionality of the user accounts management service.
    type AccountService struct {
    	validator     sso.Validator
    	ssoService    string
    	ssoGroups     []string