/
types.go
151 lines (127 loc) · 5.29 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package handlers
import (
"net/http"
"net/url"
"github.com/google/uuid"
"github.com/ory/fosite"
"github.com/authelia/authelia/v4/internal/authentication"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/model"
"github.com/authelia/authelia/v4/internal/oidc"
"github.com/authelia/authelia/v4/internal/session"
)
// MethodList is the list of available methods.
type MethodList = []string
type authorizationMatching int
// configurationBody the content returned by the configuration endpoint.
type configurationBody struct {
AvailableMethods MethodList `json:"available_methods"`
}
// bodySignTOTPRequest is the model of the request body of TOTP 2FA authentication endpoint.
type bodySignTOTPRequest struct {
Token string `json:"token" valid:"required"`
TargetURL string `json:"targetURL"`
Workflow string `json:"workflow"`
WorkflowID string `json:"workflowID"`
}
// bodySignWebauthnRequest is the model of the request body of WebAuthn 2FA authentication endpoint.
type bodySignWebauthnRequest struct {
TargetURL string `json:"targetURL"`
Workflow string `json:"workflow"`
WorkflowID string `json:"workflowID"`
}
// bodySignDuoRequest is the model of the request body of Duo 2FA authentication endpoint.
type bodySignDuoRequest struct {
TargetURL string `json:"targetURL"`
Passcode string `json:"passcode"`
Workflow string `json:"workflow"`
WorkflowID string `json:"workflowID"`
}
// bodyPreferred2FAMethod the selected 2FA method.
type bodyPreferred2FAMethod struct {
Method string `json:"method" valid:"required"`
}
// bodyFirstFactorRequest represents the JSON body received by the endpoint.
type bodyFirstFactorRequest struct {
Username string `json:"username" valid:"required"`
Password string `json:"password" valid:"required"`
TargetURL string `json:"targetURL"`
Workflow string `json:"workflow"`
WorkflowID string `json:"workflowID"`
RequestMethod string `json:"requestMethod"`
KeepMeLoggedIn *bool `json:"keepMeLoggedIn"`
// KeepMeLoggedIn: Cannot require this field because of https://github.com/asaskevich/govalidator/pull/329
// TODO(c.michaud): add required validation once the above PR is merged.
}
// checkURIWithinDomainRequestBody represents the JSON body received by the endpoint checking if an URI is within
// the configured domain.
type checkURIWithinDomainRequestBody struct {
URI string `json:"uri"`
}
type checkURIWithinDomainResponseBody struct {
OK bool `json:"ok"`
}
// redirectResponse represent the response sent by the first factor endpoint
// when a redirection URL has been provided.
type redirectResponse struct {
Redirect string `json:"redirect"`
}
// TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.
type TOTPKeyResponse struct {
Base32Secret string `json:"base32_secret"`
OTPAuthURL string `json:"otpauth_url"`
}
// DuoDeviceBody the selected Duo device and method.
type DuoDeviceBody struct {
Device string `json:"device" valid:"required"`
Method string `json:"method" valid:"required"`
}
// DuoDevice represents Duo devices and methods.
type DuoDevice struct {
Device string `json:"device"`
DisplayName string `json:"display_name"`
Capabilities []string `json:"capabilities"`
}
// DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.
type DuoDevicesResponse struct {
Result string `json:"result" valid:"required"`
Devices []DuoDevice `json:"devices,omitempty"`
EnrollURL string `json:"enroll_url,omitempty"`
}
// DuoSignResponse represents a result of the preauth and or auth call with further optional info.
type DuoSignResponse struct {
Result string `json:"result" valid:"required"`
Devices []DuoDevice `json:"devices,omitempty"`
Redirect string `json:"redirect,omitempty"`
EnrollURL string `json:"enroll_url,omitempty"`
}
// StateResponse represents the response sent by the state endpoint.
type StateResponse struct {
Username string `json:"username"`
AuthenticationLevel authentication.Level `json:"authentication_level"`
DefaultRedirectionURL string `json:"default_redirection_url"`
}
// resetPasswordStep1RequestBody model of the reset password (step1) request body.
type resetPasswordStep1RequestBody struct {
Username string `json:"username"`
}
// resetPasswordStep2RequestBody model of the reset password (step2) request body.
type resetPasswordStep2RequestBody struct {
Password string `json:"password"`
}
// PasswordPolicyBody represents the response sent by the password reset step 2.
type PasswordPolicyBody struct {
Mode string `json:"mode"`
MinLength int `json:"min_length"`
MaxLength int `json:"max_length"`
MinScore int `json:"min_score"`
RequireUppercase bool `json:"require_uppercase"`
RequireLowercase bool `json:"require_lowercase"`
RequireNumber bool `json:"require_number"`
RequireSpecial bool `json:"require_special"`
}
type handlerAuthorizationConsent func(
ctx *middlewares.AutheliaCtx, issuer *url.URL, client *oidc.Client,
userSession session.UserSession, subject uuid.UUID,
rw http.ResponseWriter, r *http.Request,
requester fosite.AuthorizeRequester) (consent *model.OAuth2ConsentSession, handled bool)