Commit ff08c14b authored by ale's avatar ale

Update internal dependencies

parent 3c1d7b76
Pipeline #10905 passed with stages
in 50 seconds
......@@ -4,8 +4,9 @@ go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
git.autistici.org/id/auth v0.0.0-20210110171913-dd493db32815
git.autistici.org/id/keystore v0.0.0-20210110165905-d5b171e81071
git.autistici.org/id/auth v0.0.0-20210118071252-578ebb56870c
git.autistici.org/id/keystore v0.0.0-20210118071531-7280c2960343
git.autistici.org/id/usermetadb v0.0.0-20210118071138-3ba45fae8f1c
github.com/crewjam/saml v0.4.5
github.com/elazarl/go-bindata-assetfs v1.0.1
github.com/gorilla/csrf v1.7.0
......
This diff is collapsed.
......@@ -9,7 +9,7 @@ import (
"net/http"
"strings"
"git.autistici.org/id/auth"
"git.autistici.org/id/usermetadb"
"github.com/gorilla/securecookie"
"github.com/mssola/user_agent"
)
......@@ -78,7 +78,7 @@ func New(config *Config, urlPrefix string) (*Manager, error) {
// object for the given request. It will always return a valid object.
// The ResponseWriter is needed to store the unique ID on the client
// when a new device info object is created.
func (m *Manager) GetDeviceInfoFromRequest(w http.ResponseWriter, req *http.Request) *auth.DeviceInfo {
func (m *Manager) GetDeviceInfoFromRequest(w http.ResponseWriter, req *http.Request) *usermetadb.DeviceInfo {
devID, ok := m.getDeviceCookie(req)
if !ok || len(devID) == 0 {
// Generate a new Device ID and save it on the client.
......@@ -93,7 +93,7 @@ func (m *Manager) GetDeviceInfoFromRequest(w http.ResponseWriter, req *http.Requ
uaStr := req.UserAgent()
ua := user_agent.New(uaStr)
browser, _ := ua.Browser()
d := auth.DeviceInfo{
d := usermetadb.DeviceInfo{
ID: devID.String(),
UserAgent: uaStr,
Mobile: ua.Mobile(),
......
include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-nextstable.yml"
include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-buster-backports.yml"
......@@ -5,7 +5,7 @@ import (
"net"
"strings"
"github.com/cenkalti/backoff"
"github.com/cenkalti/backoff/v4"
"go.opencensus.io/trace"
"git.autistici.org/id/auth"
......
module git.autistici.org/id/auth
go 1.15
go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210109170950-49f8d26bcc81
git.autistici.org/id/usermetadb v0.0.0-20190209105239-61e5a7b24130
github.com/boombuler/barcode v0.0.0-20170618053812-56ef0af91246 // indirect
github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737
github.com/cenkalti/backoff v2.2.1+incompatible
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
git.autistici.org/id/usermetadb v0.0.0-20210118071138-3ba45fae8f1c
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
github.com/cenkalti/backoff/v4 v4.1.0
github.com/coreos/go-systemd/v22 v22.1.0
github.com/go-ldap/ldap/v3 v3.2.4
github.com/go-sql-driver/mysql v1.4.0
github.com/go-sql-driver/mysql v1.5.0
github.com/google/go-cmp v0.5.4
github.com/lib/pq v0.0.0-20190326042056-d6156e141ac6
github.com/mattn/go-sqlite3 v0.0.0-20180926090220-0a88db3545c4
github.com/lib/pq v1.9.0
github.com/mattn/go-sqlite3 v1.14.6
github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627
github.com/pquerna/otp v1.0.0
github.com/pquerna/otp v1.3.0
github.com/prometheus/client_golang v1.9.0
github.com/theckman/go-flock v0.8.0
github.com/tstranex/u2f v1.0.0
go.opencensus.io v0.22.5
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
google.golang.org/appengine v1.4.0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
gopkg.in/yaml.v2 v2.3.0
gopkg.in/yaml.v2 v2.4.0
)
This diff is collapsed.
......@@ -3,48 +3,10 @@ package auth
import (
"fmt"
"git.autistici.org/id/usermetadb"
"github.com/tstranex/u2f"
)
// DeviceInfo holds information about the client device. We use a
// simple persistent cookie to track the same client device across
// multiple session.
type DeviceInfo struct {
ID string `json:"id"`
RemoteAddr string `json:"remote_addr"`
RemoteZone string `json:"remote_zone"`
UserAgent string `json:"user_agent"`
Browser string `json:"browser"`
OS string `json:"os"`
Mobile bool `json:"mobile"`
}
func (d *DeviceInfo) encodeToMap(m map[string]string, prefix string) {
m[prefix+"id"] = d.ID
m[prefix+"remote_addr"] = d.RemoteAddr
m[prefix+"remote_zone"] = d.RemoteZone
m[prefix+"browser"] = d.Browser
m[prefix+"os"] = d.OS
m[prefix+"user_agent"] = d.UserAgent
if d.Mobile {
m[prefix+"mobile"] = "true"
} else {
m[prefix+"mobile"] = "false"
}
}
func decodeDeviceInfoFromMap(m map[string]string, prefix string) *DeviceInfo {
return &DeviceInfo{
ID: m[prefix+"id"],
RemoteAddr: m[prefix+"remote_addr"],
RemoteZone: m[prefix+"remote_zone"],
Browser: m[prefix+"browser"],
OS: m[prefix+"os"],
UserAgent: m[prefix+"user_agent"],
Mobile: m[prefix+"mobile"] == "true",
}
}
// Request to authenticate a user. It supports multiple methods for
// authentication including challenge-response 2FA.
type Request struct {
......@@ -54,7 +16,7 @@ type Request struct {
OTP string
U2FAppID string
U2FResponse *u2f.SignResponse
DeviceInfo *DeviceInfo
DeviceInfo *usermetadb.DeviceInfo
}
func (r *Request) EncodeToMap(m map[string]string, prefix string) {
......@@ -72,7 +34,7 @@ func (r *Request) EncodeToMap(m map[string]string, prefix string) {
encodeU2FResponseToMap(r.U2FResponse, m, prefix+"u2f_response.")
}
if r.DeviceInfo != nil {
r.DeviceInfo.encodeToMap(m, prefix+"device.")
r.DeviceInfo.EncodeToMap(m, prefix+"device.")
}
}
......@@ -83,7 +45,7 @@ func (r *Request) DecodeFromMap(m map[string]string, prefix string) {
r.OTP = m[prefix+"otp"]
r.U2FAppID = m[prefix+"u2f_app_id"]
r.U2FResponse = decodeU2FResponseFromMap(m, prefix+"u2f_response.")
r.DeviceInfo = decodeDeviceInfoFromMap(m, prefix+"device.")
r.DeviceInfo = usermetadb.DecodeDeviceInfoFromMap(m, prefix+"device.")
}
// UserInfo contains optional user information that may be useful to
......
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}
......@@ -3,18 +3,14 @@ module git.autistici.org/id/keystore
go 1.15
require (
git.autistici.org/ai3/go-common v0.0.0-20210109170950-49f8d26bcc81
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
git.autistici.org/id/go-sso v0.0.0-20181118174541-ad4e62357912
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/coreos/go-systemd/v22 v22.1.0
github.com/go-ldap/ldap/v3 v3.2.4
github.com/go-sql-driver/mysql v1.4.0
github.com/lib/pq v0.0.0-20190326042056-d6156e141ac6
github.com/mattn/go-sqlite3 v0.0.0-20180926090220-0a88db3545c4
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/pierrec/lz4 v2.0.5+incompatible // indirect
github.com/go-sql-driver/mysql v1.5.0
github.com/lib/pq v1.9.0
github.com/mattn/go-sqlite3 v1.14.6
github.com/prometheus/client_golang v1.9.0
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
gopkg.in/yaml.v2 v2.3.0
gopkg.in/yaml.v2 v2.4.0
)
......@@ -2,8 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
contrib.go.opencensus.io/exporter/zipkin v0.1.2 h1:YqE293IZrKtqPnpwDPH/lOqTWD/s3Iwabycam74JV3g=
contrib.go.opencensus.io/exporter/zipkin v0.1.2/go.mod h1:mP5xM3rrgOjpn79MM8fZbj3gsxcuytSqtH0dxSWW1RE=
git.autistici.org/ai3/go-common v0.0.0-20210109170950-49f8d26bcc81 h1:p+NSXGJI+dyXsKHPsyrDeXIDXS0iBqsevv+F1N+eVJA=
git.autistici.org/ai3/go-common v0.0.0-20210109170950-49f8d26bcc81/go.mod h1:nuLJyKZZaC3DBPN4gA1qdGXcm0U5WCcus1z3pI8RdTE=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723 h1:ylA6azCumIJnT7xb5hHrz0At6r1u3zqnugl1gB92KO0=
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723/go.mod h1:T8BS+630KLzy30X2lshL98H0NW3Xuyzs8NI9D6C3New=
git.autistici.org/id/go-sso v0.0.0-20181118174541-ad4e62357912 h1:1amb0pZr7c44TXSpFyb8q4J1+Ie+l7K1hYuXVD4zFrY=
git.autistici.org/id/go-sso v0.0.0-20181118174541-ad4e62357912/go.mod h1:B9omXX7rw0qgWdBoF4RZnM7clwEVejoAe8oNJWETBZ0=
github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
......@@ -38,6 +38,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/cenkalti/backoff/v4 v4.1.0 h1:c8LkOFQTzuO0WBM/ae5HdGQuZPfPxp7lqBRwQRm4fSc=
github.com/cenkalti/backoff/v4 v4.1.0/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
......@@ -47,9 +49,10 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5tgDm3YN7+9dYrpK96E5wFilTFWIDZOM=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg=
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
......@@ -76,6 +79,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-asn1-ber/asn1-ber v1.5.3 h1:u7utq56RUFiynqUzgVMFDymapcOtQ/MZkh3H4QYkxag=
github.com/go-asn1-ber/asn1-ber v1.5.3/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
......@@ -86,7 +91,10 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-sql-driver/mysql v1.4.0 h1:7LxgVwFb2hIQtMm87NdgAVfXjnt4OePseqT1tKx+opk=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gofrs/flock v0.8.0 h1:MSdYClljsF3PbENUUEx85nkWfJSGfzYI9yEBZOJz6CY=
github.com/gofrs/flock v0.8.0/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
......@@ -180,8 +188,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/lib/pq v0.0.0-20190326042056-d6156e141ac6 h1:faSzJmSgOhbgs/gWoEPhVr+mHTZWGFwiBgCW6/P49VM=
github.com/lib/pq v0.0.0-20190326042056-d6156e141ac6/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.9.0 h1:L8nSXQQzAYByakOFMTwpjRoHsMJklur4Gi59b6VivR8=
github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40 h1:EnfXoSqDfSNJv0VBNqY/88RNnhSGYkrHaO0mmFGbVsc=
......@@ -191,8 +199,8 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-sqlite3 v0.0.0-20180926090220-0a88db3545c4 h1:yqLtdnsIwi5hBOhHZyF0JDPMLKiPT3R3rBIND41j7mk=
github.com/mattn/go-sqlite3 v0.0.0-20180926090220-0a88db3545c4/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
......@@ -450,8 +458,6 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
......@@ -470,6 +476,8 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
......
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}
include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-nextstable.yml"
This diff is collapsed.
usermetadb
==========
The *User Metadata Database* (`usermetadb`) stores long-term information
about user access patterns in order to detect anomalous behavior and
implement other safety checks. It strives to do so while respecting
the anonymity of the users, focusing on information that is actually
useful to them.
In practical terms, it stores the following information on every
successful login:
* *timestamps*, quantized/fuzzed to a sufficiently large amount (1h?)
to make correlation difficult
* *location*, stored at the country level based on user IP
* *device information* based on long-term cookies
The idea is that this is enough information to provide users with
meaningful summaries such as "you have just logged in from a
new/unknown device" and "you logged in earlier today with Chrome on a
mobile Android device", without storing de-anonymizing information on
the server side.
The cookie-based device detection might present an issue from this
point of view, because it allows to establish a forensic link between
a specific device and an account if one is in possession of the
server-side log database (only partially mitigated by the fact that
the cookie is encrypted).
`usermetadb` also stores last-login information for internal infrastructure
maintenance. The idea is to retain the minimal amount of information to perform
tasks such as "disable accounts that have not been active for more than N
years".
# API
The server exports an API over HTTP/HTTPS, all requests should be made
using the POST method and an *application/json* Content-Type. The
request body should contain a JSON-encoded request object. Responses
will similarly be JSON-encoded.
The API is split into two conceptually separate sets, the *log* API
and the *analysis* API.
## Log API
`/api/add_log` (*AddLogRequest*)
Stores a new log entry for a user in the database. The request must be
a `LogEntry` object. The method returns an empty response. If the log
entry contains device information, the list of devices for the
specified user is updated with that information.
`/api/get_user_logs` (*GetUserLogsRequest*) -> *GetUserLogsResponse*
Returns recent logs for a specific user.
`/api/get_user_devices` (*GetUserDevicesRequest*) -> *GetUserDevicesResponse*
Returns the list of known devices for a user.
## Analysis API
`/api/check_device` (*CheckDeviceRequest*) -> *CheckDeviceResponse*
Returns information about a device, whether we have seen it before, if
the localization information matches the historical trend, etc.
## Last-login API
`/api/set_last_login` (*SetLastLoginRequest*)
Stores the last login of a user in the database. The request must be a
`LastLoginEntry` object. The method returns an empty response. The service name
must be specified in the last login entry.
`/api/get_last_login` (*GetLastLoginRequest*) -> *GetLastLoginResponse*
Returns the last login of a given user. If the service name is specified it
returns the last login for that specific service, otherwise return last login
for all services.
`/api/get_unused_accounts` (*GetUnusedAccountsRequest*) -> *GetUnusedAccountsResponse*
Returns accounts that have not been used in a specified amount of time.
# Configuration
The configuration is contained in a YAML-encoded file, normally
`/etc/user-meta-server.yml` (this can be changed using the
*--config* command-line flag).
The known attributes are:
* `db_uri` is the database URI. As currently only the *sqlite3* driver
is supported, this is just the path to the database file.
* `http_server` specifies standard parameters for the HTTP server:
* `tls` contains the server-side TLS configuration:
* `cert` is the path to the server certificate
* `key` is the path to the server's private key
* `ca` is the path to the CA used to validate clients
* `acl` specifies TLS-based access controls, a list of entries
with the following attributes:
* `path` is a regular expression to match the request URL path
* `cn` is a regular expression that must match the CommonName
part of the subject of the client certificate
module git.autistici.org/id/usermetadb
go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
github.com/golang-migrate/migrate/v4 v4.14.1
github.com/google/go-cmp v0.5.4
github.com/gorilla/mux v1.8.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/mattn/go-sqlite3 v1.14.6
gopkg.in/yaml.v2 v2.4.0
)
This diff is collapsed.
package usermetadb
//go:generate go-bindata --nocompress --pkg migrations --ignore \.go$ -o migrations/bindata.go -prefix migrations/ ./migrations
import (
"errors"
"time"
)
type CheckDeviceRequest struct {
Username string `json:"username"`
DeviceInfo *DeviceInfo `json:"device_info"`
}
type CheckDeviceResponse struct {
Seen bool `json:"seen"`
}
const (
LogTypeLogin = "login"
LogTypeLogout = "logout"
LogTypePasswordReset = "password_reset"
LogTypePasswordChange = "password_change"
LogTypeOTPEnabled = "otp_enabled"
LogTypeOTPDisabled = "otp_disabled"
)
const (
LoginMethodPassword = "password"
LoginMethodOTP = "otp"
LoginMethodU2F = "u2f"
)
// DeviceInfo holds information about the client device. We use a
// simple persistent cookie to track the same client device across
// multiple session.
type DeviceInfo struct {
ID string `json:"id"`
RemoteAddr string `json:"remote_addr"`
RemoteZone string `json:"remote_zone"`
UserAgent string `json:"user_agent"`
Browser string `json:"browser"`
OS string `json:"os"`
Mobile bool `json:"mobile"`
}
func (d *DeviceInfo) EncodeToMap(m map[string]string, prefix string) {
m[prefix+"id"] = d.ID
m[prefix+"remote_addr"] = d.RemoteAddr
m[prefix+"remote_zone"] = d.RemoteZone
m[prefix+"browser"] = d.Browser
m[prefix+"os"] = d.OS
m[prefix+"user_agent"] = d.UserAgent
if d.Mobile {
m[prefix+"mobile"] = "true"
} else {
m[prefix+"mobile"] = "false"
}
}
func DecodeDeviceInfoFromMap(m map[string]string, prefix string) *DeviceInfo {
return &DeviceInfo{
ID: m[prefix+"id"],
RemoteAddr: m[prefix+"remote_addr"],
RemoteZone: m[prefix+"remote_zone"],
Browser: m[prefix+"browser"],
OS: m[prefix+"os"],
UserAgent: m[prefix+"user_agent"],
Mobile: m[prefix+"mobile"] == "true",
}
}
// LogEntry represents an authentication event in the user-specific log.
type LogEntry struct {
Timestamp time.Time `json:"timestamp"`
Username string `json:"username"`
Type string `json:"log_type"`
Message string `json:"message,omitempty"`
Service string `json:"service,omitempty"`
LoginMethod string `json:"login_method,omitempty"`
DeviceInfo *DeviceInfo `json:"device_info,omitempty"`
}
func (e *LogEntry) Validate() error {
if e.Username == "" {
return errors.New("invalid log entry: missing username")
}
switch e.Type {
case LogTypeLogin, LogTypeLogout, LogTypePasswordReset, LogTypePasswordChange, LogTypeOTPEnabled, LogTypeOTPDisabled:
default:
return errors.New("invalid log entry: unknown log type")
}
if e.DeviceInfo != nil {
if e.DeviceInfo.ID == "" {
return errors.New("invalid device info in log entry")
}
}
return nil
}
type AddLogRequest struct {
Log *LogEntry `json:"log"`
}
type AddLogResponse struct{}
type GetUserDevicesRequest struct {
Username string `json:"username"`
}
type MetaDeviceInfo struct {
DeviceInfo *DeviceInfo `json:"device_info"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
NumLogins int `json:"num_logins"`
}
type GetUserDevicesResponse struct {
Devices []*MetaDeviceInfo `json:"devices"`
}
type GetUserLogsRequest struct {
Username string `json:"username"`
MaxDays int `json:"max_days"`
Limit int `json:"limit"`
}
type GetUserLogsResponse struct {
Results []*LogEntry `json:"result"`
}
type LastLoginEntry struct {
Timestamp time.Time `json:"timestamp"`
Username string `json:"username"`
Service string `json:"service"`
}
func (e *LastLoginEntry) Validate() error {
if e.Username == "" {
return errors.New("invalid last login entry: missing username")
}
if e.Service == "" {
return errors.New("invalid last login entry: missing service")
}
return nil
}
type SetLastLoginRequest struct {
LastLogin *LastLoginEntry `json:"last_login"`
}
type SetLastLoginResponse struct{}
type GetLastLoginRequest struct {
Username string `json:"username"`
Service string `json:"service,omitempty"`
}
type GetLastLoginResponse struct {
Results []*LastLoginEntry `json:"result"`
}
type GetUnusedAccountsRequest struct {
Usernames []string `json:"usernames"`
Days int `json:"days"`
}
type GetUnusedAccountsResponse struct {
UnusedUsernames []string `json:"unused_usernames"`
}
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",