authelia/internal/authentication/const.go

package authentication

// Level is the type representing a level of authentication
type Level int

const (
	// NotAuthenticated if the user is not authenticated yet.
	NotAuthenticated Level = iota
	// OneFactor if the user has passed first factor only.
	OneFactor Level = iota
	// TwoFactor if the user has passed two factors.
	TwoFactor Level = iota
)

const (
	// TOTP Method using Time-Based One-Time Password applications like Google Authenticator
	TOTP = "totp"
	// U2F Method using U2F devices like Yubikeys
	U2F = "u2f"
	// Push Method using Duo application to receive push notifications.
	Push = "mobile_push"
)

// PossibleMethods is the set of all possible 2FA methods.
var PossibleMethods = []string{TOTP, U2F, Push}

const (
	//Argon2id Hash Identifier
	HashingAlgorithmArgon2id = "argon2id"
	//SHA512 Hash Identifier
	HashingAlgorithmSHA512 = "6"
)

// These are the default values from the upstream crypt module, we use them to for GetInt, and they need to be checked when updating  github.com/simia-tech/crypt
const (
	HashingDefaultArgon2idTime        = 1
	HashingDefaultArgon2idMemory      = 32 * 1024
	HashingDefaultArgon2idParallelism = 4
	HashingDefaultArgon2idKeyLength   = 32
	HashingDefaultSHA512Iterations    = 5000
)

// Valid Hashing runes
var HashingPossibleSaltCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/")
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package authentication`

			`// Level is the type representing a level of authentication`
			`type Level int`

			`const (`
			`// NotAuthenticated if the user is not authenticated yet.`
			`NotAuthenticated Level = iota`
			`// OneFactor if the user has passed first factor only.`
			`OneFactor Level = iota`
			`// TwoFactor if the user has passed two factors.`
			`TwoFactor Level = iota`
			`)`

			`const (`
			`// TOTP Method using Time-Based One-Time Password applications like Google Authenticator`
			`TOTP = "totp"`
			`// U2F Method using U2F devices like Yubikeys`
			`U2F = "u2f"`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 11:18:22 +00:00			`// Push Method using Duo application to receive push notifications.`
			`Push = "mobile_push"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

			`// PossibleMethods is the set of all possible 2FA methods.`
Introduce hasU2F and hasTOTP in user info. 2019-12-07 11:18:22 +00:00			`var PossibleMethods = []string{TOTP, U2F, Push}`
[FEATURE] Support Argon2id password hasing and improved entropy (#679) * [FEATURE] Support Argon2id Passwords - Updated go module github.com/simia-tech/crypt - Added Argon2id support for file based authentication backend - Made it the default method - Made it so backwards compatibility with SHA512 exists - Force seeding of the random string generator used for salts to ensure they are all different - Added command params to the authelia hash-password command - Automatically remove {CRYPT} from hashes as they are updated - Automatically change hashes when they are updated to the configured algorithm - Made the hashing algorithm parameters completely configurable - Added reasonably comprehensive test suites - Updated docs - Updated config template * Adjust error output * Fix unit test * Add unit tests and argon2 version check * Fix new unit tests * Update docs, added tests * Implement configurable values and more comprehensive testing * Added cmd params to hash_password, updated docs, misc fixes * More detailed error for cmd, fixed a typo * Fixed cmd flag error, minor refactoring * Requested Changes and Minor refactoring * Increase entropy * Update docs for entropy changes * Refactor to reduce nesting and easier code maintenance * Cleanup Errors (uniformity for the function call) * Check salt length, fix docs * Add Base64 string validation for argon2id * Cleanup and Finalization - Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go - Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len - Fixed an error in validator that would allow a zero salt length - Added a test to verify the upstream crypt module supports our defined random salt chars - Updated docs - Removed unused "HashingAlgorithm" string type * Update crypt go mod, support argon2id key length and major refactor * Config Template Update, Final Tests * Use schema defaults for hash-password cmd * Iterations check * Docs requested changes * Test Coverage, suggested edits * Wording edit * Doc changes * Default sanity changes * Default sanity changes - docs * CI Sanity changes * Memory in MB 2020-03-06 01:38:02 +00:00
			`const (`
			`//Argon2id Hash Identifier`
			`HashingAlgorithmArgon2id = "argon2id"`
			`//SHA512 Hash Identifier`
			`HashingAlgorithmSHA512 = "6"`
			`)`

			`// These are the default values from the upstream crypt module, we use them to for GetInt, and they need to be checked when updating github.com/simia-tech/crypt`
			`const (`
			`HashingDefaultArgon2idTime = 1`
			`HashingDefaultArgon2idMemory = 32 * 1024`
			`HashingDefaultArgon2idParallelism = 4`
			`HashingDefaultArgon2idKeyLength = 32`
			`HashingDefaultSHA512Iterations = 5000`
			`)`

			`// Valid Hashing runes`
			`var HashingPossibleSaltCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/")`