Skip to content
Snippets Groups Projects
Select Git revision
  • e98a25d1f6d44e0ad2b44ab08dd7a3e47d9e33de
  • master default protected
  • lintian-fixes
  • renovate/golang.org-x-crypto-digest
  • renovate/golang.org-x-net-digest
  • renovate/github.com-patrickmn-go-cache-2.x
  • better-validation
7 results

service.go

Blame
    • Forked from ai3 / accountserver
    Source project has a limited visibility.
    service.go 9.69 KiB 
    package accountserver

import (
	"context"
	"errors"
	"fmt"
	"log"
	"time"

	ct "git.autistici.org/ai3/go-common/ldap/compositetypes"
	"git.autistici.org/id/auth"
	authclient "git.autistici.org/id/auth/client"
	"git.autistici.org/id/go-sso"
	umdb "git.autistici.org/id/usermetadb"
	umdbc "git.autistici.org/id/usermetadb/client"
)

// Backend user database interface.
//
// We are using a transactional interface even if the actual backend
// (LDAP) does not support atomic transactions, just so it is easy to
// add more backends in the future (like SQL).
type Backend interface {
	NewTransaction() (TX, error)
}

// TX represents a single transaction with the backend and offers a
// high-level data management abstraction.
//
// All methods share similar semantics: Get methods will return nil if
// the requested object is not found, and only return an error in case
// of trouble reaching the backend itself.
//
// The backend enforces strict public/private data separation by
// having Get methods return public objects (as defined in types.go),
// and using specialized methods to modify the private
// (authentication-related) attributes.
//
// The API passes around the full User object, where a simple username
// would usually suffice, because it needs to synchronize things
// between resources: this is primarily due to the coupling between
// account and email resource.
//
// We might add more sophisticated resource query methods later, as
// admin-level functionality.
//
type TX interface {
	Commit(context.Context) error

	GetResource(context.Context, ResourceID) (*RawResource, error)
	UpdateResource(context.Context, *Resource) error
	CreateResources(context.Context, *User, []*Resource) ([]*Resource, error)
	SetResourcePassword(context.Context, *Resource, string) error
	FindResource(context.Context, FindResourceRequest) (*RawResource, error)
	HasAnyResource(context.Context, []FindResourceRequest) (bool, error)

	GetUser(context.Context, string) (*RawUser, error)
	UpdateUser(context.Context, *User) error
	CreateUser(context.Context, *User) (*User, error)
	SetUserPassword(context.Context, *User, string) error
	SetAccountRecoveryHint(context.Context, *User, string, string) error
	DeleteAccountRecoveryHint(context.Context, *User) error
	SetUserEncryptionKeys(context.Context, *User, []*ct.EncryptedKey) error
	SetUserEncryptionPublicKey(context.Context, *User, []byte) error
	SetApplicationSpecificPassword(context.Context, *User, *AppSpecificPasswordInfo, string) error
	DeleteApplicationSpecificPassword(context.Context, *User, string) error
	SetUserTOTPSecret(context.Context, *User, string) error
	DeleteUserTOTPSecret(context.Context, *User) error

	// Lightweight user search (backend-specific pattern).