2019-04-24 21:52:08 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
2023-01-30 02:47:54 +00:00
|
|
|
"encoding/json"
|
2022-10-20 02:16:36 +00:00
|
|
|
"net/http"
|
|
|
|
"net/url"
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
|
|
|
"github.com/ory/fosite"
|
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/authentication"
|
2022-10-20 02:16:36 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
|
|
|
"github.com/authelia/authelia/v4/internal/model"
|
|
|
|
"github.com/authelia/authelia/v4/internal/oidc"
|
|
|
|
"github.com/authelia/authelia/v4/internal/session"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// MethodList is the list of available methods.
|
|
|
|
type MethodList = []string
|
|
|
|
|
2021-12-01 12:11:29 +00:00
|
|
|
// configurationBody the content returned by the configuration endpoint.
|
|
|
|
type configurationBody struct {
|
2022-03-03 11:20:43 +00:00
|
|
|
AvailableMethods MethodList `json:"available_methods"`
|
2021-12-01 03:32:58 +00:00
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
// bodySignTOTPRequest is the model of the request body of TOTP 2FA authentication endpoint.
|
|
|
|
type bodySignTOTPRequest struct {
|
|
|
|
Token string `json:"token" valid:"required"`
|
|
|
|
TargetURL string `json:"targetURL"`
|
|
|
|
Workflow string `json:"workflow"`
|
|
|
|
WorkflowID string `json:"workflowID"`
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
// bodySignWebAuthnRequest is the model of the request body of WebAuthn 2FA authentication endpoint.
|
|
|
|
type bodySignWebAuthnRequest struct {
|
2022-10-20 02:16:36 +00:00
|
|
|
TargetURL string `json:"targetURL"`
|
|
|
|
Workflow string `json:"workflow"`
|
|
|
|
WorkflowID string `json:"workflowID"`
|
2023-01-30 02:47:54 +00:00
|
|
|
|
|
|
|
Response json.RawMessage `json:"response"`
|
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
type bodyRegisterWebAuthnPUTRequest struct {
|
2023-02-16 19:40:40 +00:00
|
|
|
Description string `json:"description"`
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
type bodyEditWebAuthnDeviceRequest struct {
|
2022-12-31 07:27:43 +00:00
|
|
|
Description string `json:"description"`
|
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
// bodySignDuoRequest is the model of the request body of Duo 2FA authentication endpoint.
|
|
|
|
type bodySignDuoRequest struct {
|
|
|
|
TargetURL string `json:"targetURL"`
|
|
|
|
Passcode string `json:"passcode"`
|
|
|
|
Workflow string `json:"workflow"`
|
|
|
|
WorkflowID string `json:"workflowID"`
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
// bodyPreferred2FAMethod the selected 2FA method.
|
|
|
|
type bodyPreferred2FAMethod struct {
|
2021-12-01 12:11:29 +00:00
|
|
|
Method string `json:"method" valid:"required"`
|
|
|
|
}
|
|
|
|
|
2022-10-20 02:16:36 +00:00
|
|
|
// bodyFirstFactorRequest represents the JSON body received by the endpoint.
|
|
|
|
type bodyFirstFactorRequest struct {
|
2021-03-05 04:18:31 +00:00
|
|
|
Username string `json:"username" valid:"required"`
|
|
|
|
Password string `json:"password" valid:"required"`
|
|
|
|
TargetURL string `json:"targetURL"`
|
2022-07-26 05:43:39 +00:00
|
|
|
Workflow string `json:"workflow"`
|
2022-10-20 02:16:36 +00:00
|
|
|
WorkflowID string `json:"workflowID"`
|
2021-03-05 04:18:31 +00:00
|
|
|
RequestMethod string `json:"requestMethod"`
|
|
|
|
KeepMeLoggedIn *bool `json:"keepMeLoggedIn"`
|
|
|
|
// KeepMeLoggedIn: Cannot require this field because of https://github.com/asaskevich/govalidator/pull/329
|
2019-04-24 21:52:08 +00:00
|
|
|
// TODO(c.michaud): add required validation once the above PR is merged.
|
|
|
|
}
|
|
|
|
|
2021-08-02 06:15:38 +00:00
|
|
|
// checkURIWithinDomainRequestBody represents the JSON body received by the endpoint checking if an URI is within
|
|
|
|
// the configured domain.
|
|
|
|
type checkURIWithinDomainRequestBody struct {
|
|
|
|
URI string `json:"uri"`
|
|
|
|
}
|
|
|
|
|
|
|
|
type checkURIWithinDomainResponseBody struct {
|
|
|
|
OK bool `json:"ok"`
|
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
// redirectResponse represent the response sent by the first factor endpoint
|
|
|
|
// when a redirection URL has been provided.
|
|
|
|
type redirectResponse struct {
|
|
|
|
Redirect string `json:"redirect"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// TOTPKeyResponse is the model of response that is sent to the client up successful identity verification.
|
|
|
|
type TOTPKeyResponse struct {
|
|
|
|
Base32Secret string `json:"base32_secret"`
|
|
|
|
OTPAuthURL string `json:"otpauth_url"`
|
|
|
|
}
|
|
|
|
|
2021-12-01 03:32:58 +00:00
|
|
|
// DuoDeviceBody the selected Duo device and method.
|
|
|
|
type DuoDeviceBody struct {
|
|
|
|
Device string `json:"device" valid:"required"`
|
|
|
|
Method string `json:"method" valid:"required"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// DuoDevice represents Duo devices and methods.
|
|
|
|
type DuoDevice struct {
|
|
|
|
Device string `json:"device"`
|
|
|
|
DisplayName string `json:"display_name"`
|
|
|
|
Capabilities []string `json:"capabilities"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// DuoDevicesResponse represents all available user devices and methods as well as an optional enrollment url.
|
|
|
|
type DuoDevicesResponse struct {
|
|
|
|
Result string `json:"result" valid:"required"`
|
|
|
|
Devices []DuoDevice `json:"devices,omitempty"`
|
|
|
|
EnrollURL string `json:"enroll_url,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// DuoSignResponse represents a result of the preauth and or auth call with further optional info.
|
|
|
|
type DuoSignResponse struct {
|
|
|
|
Result string `json:"result" valid:"required"`
|
|
|
|
Devices []DuoDevice `json:"devices,omitempty"`
|
|
|
|
Redirect string `json:"redirect,omitempty"`
|
|
|
|
EnrollURL string `json:"enroll_url,omitempty"`
|
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
// StateResponse represents the response sent by the state endpoint.
|
|
|
|
type StateResponse struct {
|
|
|
|
Username string `json:"username"`
|
|
|
|
AuthenticationLevel authentication.Level `json:"authentication_level"`
|
|
|
|
DefaultRedirectionURL string `json:"default_redirection_url"`
|
|
|
|
}
|
|
|
|
|
2020-04-20 21:03:38 +00:00
|
|
|
// resetPasswordStep1RequestBody model of the reset password (step1) request body.
|
2019-04-24 21:52:08 +00:00
|
|
|
type resetPasswordStep1RequestBody struct {
|
|
|
|
Username string `json:"username"`
|
|
|
|
}
|
|
|
|
|
2020-04-20 21:03:38 +00:00
|
|
|
// resetPasswordStep2RequestBody model of the reset password (step2) request body.
|
2019-04-24 21:52:08 +00:00
|
|
|
type resetPasswordStep2RequestBody struct {
|
|
|
|
Password string `json:"password"`
|
|
|
|
}
|
2022-04-02 22:32:57 +00:00
|
|
|
|
2022-06-14 07:20:13 +00:00
|
|
|
// PasswordPolicyBody represents the response sent by the password reset step 2.
|
|
|
|
type PasswordPolicyBody struct {
|
2022-04-02 22:32:57 +00:00
|
|
|
Mode string `json:"mode"`
|
|
|
|
MinLength int `json:"min_length"`
|
|
|
|
MaxLength int `json:"max_length"`
|
2022-04-15 09:30:51 +00:00
|
|
|
MinScore int `json:"min_score"`
|
2022-04-02 22:32:57 +00:00
|
|
|
RequireUppercase bool `json:"require_uppercase"`
|
|
|
|
RequireLowercase bool `json:"require_lowercase"`
|
|
|
|
RequireNumber bool `json:"require_number"`
|
|
|
|
RequireSpecial bool `json:"require_special"`
|
|
|
|
}
|
2022-10-20 02:16:36 +00:00
|
|
|
|
|
|
|
type handlerAuthorizationConsent func(
|
|
|
|
ctx *middlewares.AutheliaCtx, issuer *url.URL, client *oidc.Client,
|
|
|
|
userSession session.UserSession, subject uuid.UUID,
|
|
|
|
rw http.ResponseWriter, r *http.Request,
|
|
|
|
requester fosite.AuthorizeRequester) (consent *model.OAuth2ConsentSession, handled bool)
|