-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
const.go
155 lines (125 loc) · 7.69 KB
/
const.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
package handlers
import (
"errors"
"github.com/valyala/fasthttp"
)
const (
// ActionResetPassword is the string representation of the action for which the token has been produced.
ActionResetPassword = "ResetPassword"
)
const (
anonymous = "<anonymous>"
)
var (
headerAuthorization = []byte(fasthttp.HeaderAuthorization)
headerWWWAuthenticate = []byte(fasthttp.HeaderWWWAuthenticate)
headerProxyAuthorization = []byte(fasthttp.HeaderProxyAuthorization)
headerProxyAuthenticate = []byte(fasthttp.HeaderProxyAuthenticate)
headerSessionUsername = []byte("Session-Username")
headerRemoteUser = []byte("Remote-User")
headerRemoteGroups = []byte("Remote-Groups")
headerRemoteName = []byte("Remote-Name")
headerRemoteEmail = []byte("Remote-Email")
)
const (
headerAuthorizationSchemeBasic = "basic"
)
var (
headerValueAuthenticateBasic = []byte(`Basic realm="Authorization Required"`)
)
const (
queryArgRD = "rd"
queryArgRM = "rm"
queryArgID = "id"
queryArgAuth = "auth"
queryArgConsentID = "consent_id"
queryArgWorkflow = "workflow"
queryArgWorkflowID = "workflow_id"
)
var (
qryArgID = []byte(queryArgID)
qryArgRD = []byte(queryArgRD)
qryArgAuth = []byte(queryArgAuth)
qryArgConsentID = []byte(queryArgConsentID)
)
var (
qryValueBasic = []byte("basic")
qryValueEmpty = []byte("")
)
const (
messageOperationFailed = "Operation failed."
messageAuthenticationFailed = "Authentication failed. Check your credentials."
messageUnableToOptionsOneTimePassword = "Unable to retrieve TOTP registration options." //nolint:gosec
messageUnableToRegisterOneTimePassword = "Unable to set up one-time password." //nolint:gosec
messageUnableToDeleteRegisterOneTimePassword = "Unable to delete one-time password registration session." //nolint:gosec
messageUnableToDeleteOneTimePassword = "Unable to delete one-time password."
messageUnableToRegisterSecurityKey = "Unable to register your security key."
messageSecurityKeyDuplicateName = "Another one of your security keys is already registered with that display name."
messageUnableToResetPassword = "Unable to reset your password."
messageMFAValidationFailed = "Authentication failed, please retry later."
messagePasswordWeak = "Your supplied password does not meet the password policy requirements."
)
const (
workflowOpenIDConnect = "openid_connect"
)
const (
logFmtActionAuthentication = "authentication"
logFmtActionRegistration = "registration"
logFmtErrParseRequestBody = "Failed to parse %s request body"
logFmtErrRegulationFail = "Failed to perform %s authentication regulation for user '%s'"
logFmtErrSessionRegenerate = "Could not regenerate session during %s authentication for user '%s'"
logFmtErrSessionReset = "Could not reset session during %s authentication for user '%s'"
logFmtErrSessionSave = "Could not save session with the %s during %s %s for user '%s'"
logFmtErrObtainProfileDetails = "Could not obtain profile details during %s authentication for user '%s'"
logFmtTraceProfileDetails = "Profile details for user '%s' => groups: %s, emails %s"
)
const (
logFmtAuthzRedirect = "Access to %s (method %s) is not authorized to user %s, responding with status code %d with location redirect to %s"
logFmtAuthorizationPrefix = "Authorization Request with id '%s' on client with id '%s' "
logFmtErrConsentCantDetermineConsentMode = logFmtAuthorizationPrefix + "could not be processed: error occurred generating consent: client consent mode could not be reliably determined"
logFmtConsentPrefix = logFmtAuthorizationPrefix + "using consent mode '%s' "
logFmtErrConsentParseChallengeID = logFmtConsentPrefix + "could not be processed: error occurred parsing the consent id (challenge) '%s': %+v"
logFmtErrConsentPreConfLookup = logFmtConsentPrefix + "had error looking up pre-configured consent sessions: %+v"
logFmtErrConsentPreConfRowsClose = logFmtConsentPrefix + "had error closing rows while looking up pre-configured consent sessions: %+v"
logFmtErrConsentZeroID = logFmtConsentPrefix + "could not be processed: the consent id had a zero value"
logFmtErrConsentCantGetSubject = logFmtConsentPrefix + "could not be processed: error occurred retrieving subject identifier for user '%s' and sector identifier '%s': %+v"
logFmtErrConsentGenerateError = logFmtConsentPrefix + "could not be processed: error occurred %s consent: %+v"
logFmtDbgConsentGenerate = logFmtConsentPrefix + "proceeding to generate a new consent session"
logFmtDbgConsentAuthenticationSufficiency = logFmtConsentPrefix + "authentication level '%s' is %s for client level '%s'"
logFmtDbgConsentRedirect = logFmtConsentPrefix + "is being redirected to '%s'"
logFmtDbgConsentPreConfSuccessfulLookup = logFmtConsentPrefix + "successfully looked up pre-configured consent with signature of client id '%s' and subject '%s' and scopes '%s' with id '%d'"
logFmtDbgConsentPreConfUnsuccessfulLookup = logFmtConsentPrefix + "unsuccessfully looked up pre-configured consent with signature of client id '%s' and subject '%s' and scopes '%s' and audience '%s'"
logFmtDbgConsentPreConfTryingLookup = logFmtConsentPrefix + "attempting to discover pre-configurations with signature of client id '%s' and subject '%s' and scopes '%s'"
logFmtErrConsentWithIDCouldNotBeProcessed = logFmtConsentPrefix + "could not be processed: error occurred performing consent for consent session with id '%s': "
logFmtErrConsentLookupLoadingSession = logFmtErrConsentWithIDCouldNotBeProcessed + "error occurred while loading session: %+v"
logFmtErrConsentSessionSubjectNotAuthorized = logFmtErrConsentWithIDCouldNotBeProcessed + "user '%s' with subject '%s' is not authorized to consent for subject '%s'"
logFmtErrConsentCantGrant = logFmtErrConsentWithIDCouldNotBeProcessed + "the session does not appear to be valid for %s consent: either the subject is null, the consent has already been granted, or the consent session is a pre-configured session"
logFmtErrConsentCantGrantPreConf = logFmtErrConsentWithIDCouldNotBeProcessed + "the session does not appear to be valid for pre-configured consent: either the subject is null, the consent has been granted and is either not pre-configured, or the pre-configuration is expired"
logFmtErrConsentCantGrantRejected = logFmtErrConsentWithIDCouldNotBeProcessed + "the user explicitly rejected this consent session"
logFmtErrConsentSaveSessionResponse = logFmtErrConsentWithIDCouldNotBeProcessed + "error occurred saving consent session response: %+v"
logFmtErrConsentSaveSession = logFmtErrConsentWithIDCouldNotBeProcessed + "error occurred saving consent session: %+v"
)
// Duo constants.
const (
allow = "allow"
deny = "deny"
enroll = "enroll"
auth = "auth"
)
const ldapPasswordComplexityCode = "0000052D."
var ldapPasswordComplexityCodes = []string{
"0000052D", "SynoNumber", "SynoMixedCase", "SynoExcludeNameDesc", "SynoSpecialChar",
}
var ldapPasswordComplexityErrors = []string{
"LDAP Result Code 19 \"Constraint Violation\": Password fails quality checking policy",
"LDAP Result Code 19 \"Constraint Violation\": Password is too young to change",
}
const (
errStrReqBodyParse = "error parsing the request body"
errStrRespBody = "error occurred writing the response body"
errStrUserSessionData = "error occurred retrieving the user session data"
errStrUserSessionDataSave = "error occurred saving the user session data"
)
var (
errUserAnonymous = errors.New("user is anonymous")
)