2019-04-24 21:52:08 +00:00
|
|
|
package session
|
|
|
|
|
|
|
|
import (
|
2020-05-04 19:39:25 +00:00
|
|
|
"time"
|
|
|
|
|
2023-01-12 10:57:44 +00:00
|
|
|
"github.com/fasthttp/session/v2"
|
2022-03-03 23:46:38 +00:00
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
2020-04-05 12:37:21 +00:00
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/authentication"
|
2022-04-01 11:18:58 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/oidc"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ProviderConfig is the configuration used to create the session provider.
|
|
|
|
type ProviderConfig struct {
|
2023-01-12 10:57:44 +00:00
|
|
|
config session.Config
|
|
|
|
providerName string
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// UserSession is the structure representing the session of a user.
|
|
|
|
type UserSession struct {
|
2023-01-25 09:36:40 +00:00
|
|
|
CookieDomain string
|
|
|
|
|
2020-06-19 10:50:21 +00:00
|
|
|
Username string
|
|
|
|
DisplayName string
|
2019-04-24 21:52:08 +00:00
|
|
|
// TODO(c.michaud): move groups out of the session.
|
|
|
|
Groups []string
|
|
|
|
Emails []string
|
|
|
|
|
|
|
|
KeepMeLoggedIn bool
|
|
|
|
AuthenticationLevel authentication.Level
|
|
|
|
LastActivity int64
|
|
|
|
|
feat(oidc): add additional config options, accurate token times, and refactoring (#1991)
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately.
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-03 23:44:30 +00:00
|
|
|
FirstFactorAuthnTimestamp int64
|
|
|
|
SecondFactorAuthnTimestamp int64
|
|
|
|
|
2022-04-01 11:18:58 +00:00
|
|
|
AuthenticationMethodRefs oidc.AuthenticationMethodsReferences
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
// WebAuthn holds the session registration data for this session.
|
|
|
|
WebAuthn *WebAuthn
|
2023-02-13 20:39:46 +00:00
|
|
|
TOTP *TOTP
|
2019-04-24 21:52:08 +00:00
|
|
|
|
|
|
|
// This boolean is set to true after identity verification and checked
|
|
|
|
// while doing the query actually updating the password.
|
|
|
|
PasswordResetUsername *string
|
2020-05-04 19:39:25 +00:00
|
|
|
|
|
|
|
RefreshTTL time.Time
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|
|
|
|
|
2023-02-13 20:39:46 +00:00
|
|
|
// TOTP holds the TOTP registration session data.
|
|
|
|
type TOTP struct {
|
|
|
|
Issuer string
|
|
|
|
Algorithm string
|
|
|
|
Digits uint
|
|
|
|
Period uint
|
|
|
|
Secret string
|
|
|
|
Expires time.Time
|
|
|
|
}
|
|
|
|
|
|
|
|
// WebAuthn holds the standard WebAuthn session data plus some extra.
|
2023-04-11 04:40:09 +00:00
|
|
|
type WebAuthn struct {
|
2023-02-14 02:53:57 +00:00
|
|
|
*webauthn.SessionData
|
2023-02-18 04:36:58 +00:00
|
|
|
Description string
|
2023-02-14 02:53:57 +00:00
|
|
|
}
|
|
|
|
|
2023-02-16 19:40:40 +00:00
|
|
|
// Identity of the user who is being verified.
|
2019-04-24 21:52:08 +00:00
|
|
|
type Identity struct {
|
2022-04-03 12:24:51 +00:00
|
|
|
Username string
|
|
|
|
Email string
|
|
|
|
DisplayName string
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|