docs: fix rfc references and fix misc issues (#4879)

pull/4886/head
James Elliott 2023-02-05 18:11:30 +11:00 committed by GitHub
parent db2fbabff6
commit a7ccf3652f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
24 changed files with 172 additions and 123 deletions

View File

@ -816,7 +816,7 @@ paths:
summary: OAuth 2.0 Authorization Server Metadata summary: OAuth 2.0 Authorization Server Metadata
description: > description: >
This endpoint retrieves the OAuth 2.0 Authorization Server Metadata document (RFC8414) used by clients to This endpoint retrieves the OAuth 2.0 Authorization Server Metadata document (RFC8414) used by clients to
perform discovery for an OAuth 2.0 Authorization Server. See https://www.rfc-editor.org/rfc/rfc8414. perform discovery for an OAuth 2.0 Authorization Server. See https://datatracker.ietf.org/doc/html/rfc8414.
responses: responses:
"200": "200":
description: OK description: OK
@ -2822,8 +2822,8 @@ components:
description: > description: >
JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the
UserInfo Endpoint to encode the Claims in a JWT [JWT]. The value none MAY be included. See Also: UserInfo Endpoint to encode the Claims in a JWT [JWT]. The value none MAY be included. See Also:
JWS: https://datatracker.ietf.org/doc/html/rfc7515 JWA: https://datatracker.ietf.org/doc/html/rfc7518 JWT: JWS: https://datatracker.ietf.org/doc/html/rfc7515 JWA: https://datatracker.ietf.org/doc/html/rfc7518
https://datatracker.ietf.org/doc/html/rfc7519 JWT: https://datatracker.ietf.org/doc/html/rfc7519
type: array type: array
example: ["none", "RS256"] example: ["none", "RS256"]
items: items:

View File

@ -426,7 +426,7 @@ authentication_backend:
## changed once attributed to a user otherwise it would break the configuration for that user. Technically, ## changed once attributed to a user otherwise it would break the configuration for that user. Technically,
## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use ## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use
## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to ## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to
## follow https://www.ietf.org/rfc/rfc2307.txt. ## follow https://datatracker.ietf.org/doc/html/rfc2307.
# username_attribute: uid # username_attribute: uid
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.

View File

@ -256,8 +256,8 @@ truncation that [Bcrypt] does. It is not supported by many other systems.*
Controls the hashing cost when hashing passwords using [Bcrypt]. Controls the hashing cost when hashing passwords using [Bcrypt].
[Argon2]: https://www.rfc-editor.org/rfc/rfc9106.html [Argon2]: https://datatracker.ietf.org/doc/html/rfc9106
[Scrypt]: https://en.wikipedia.org/wiki/Scrypt [Scrypt]: https://en.wikipedia.org/wiki/Scrypt
[PBKDF2]: https://www.ietf.org/rfc/rfc2898.html [PBKDF2]: https://datatracker.ietf.org/doc/html/rfc2898
[SHA2 Crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt [SHA2 Crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt
[Bcrypt]: https://en.wikipedia.org/wiki/Bcrypt [Bcrypt]: https://en.wikipedia.org/wiki/Bcrypt

View File

@ -316,4 +316,4 @@ for your users.
[username attribute]: #usernameattribute [username attribute]: #usernameattribute
[TechNet wiki]: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx [TechNet wiki]: https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
[RFC2307]: https://www.rfc-editor.org/rfc/rfc2307.html [RFC2307]: https://datatracker.ietf.org/doc/html/rfc2307

View File

@ -170,7 +170,7 @@ encoded PEM format used to sign/encrypt the [OpenID Connect 1.0] [JWT]'s. When c
JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints) JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints)
as per [RFC7517]. as per [RFC7517].
[RFC7517]: https://www.rfc-editor.org/rfc/rfc7517 [RFC7517]: https://datatracker.ietf.org/doc/html/rfc7517
[x5c]: https://datatracker.ietf.org/doc/html/rfc7517#section-4.7 [x5c]: https://datatracker.ietf.org/doc/html/rfc7517#section-4.7
[x5t]: https://datatracker.ietf.org/doc/html/rfc7517#section-4.8 [x5t]: https://datatracker.ietf.org/doc/html/rfc7517#section-4.8
@ -251,7 +251,7 @@ this value.
{{< confkey type="string" default="public_clients_only" required="no" >}} {{< confkey type="string" default="public_clients_only" required="no" >}}
[Proof Key for Code Exchange](https://www.rfc-editor.org/rfc/rfc7636.html) enforcement policy: if specified, must be [Proof Key for Code Exchange](https://datatracker.ietf.org/doc/html/rfc7636) enforcement policy: if specified, must be
either `never`, `public_clients_only` or `always`. either `never`, `public_clients_only` or `always`.
If set to `public_clients_only` (default), [PKCE] will be required for public clients using the If set to `public_clients_only` (default), [PKCE] will be required for public clients using the
@ -530,12 +530,12 @@ To integrate Authelia's [OpenID Connect 1.0] implementation with a relying party
[token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration [token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration
[OpenID Connect 1.0]: https://openid.net/connect/ [OpenID Connect 1.0]: https://openid.net/connect/
[JWT]: https://www.rfc-editor.org/rfc/rfc7519.html [JWT]: https://datatracker.ietf.org/doc/html/rfc7519
[RFC6234]: https://www.rfc-editor.org/rfc/rfc6234.html [RFC6234]: https://datatracker.ietf.org/doc/html/rfc6234
[RFC4648]: https://www.rfc-editor.org/rfc/rfc4648.html [RFC4648]: https://datatracker.ietf.org/doc/html/rfc4648
[RFC7468]: https://www.rfc-editor.org/rfc/rfc7468.html [RFC7468]: https://datatracker.ietf.org/doc/html/rfc7468
[RFC6749 Section 2.1]: https://datatracker.ietf.org/doc/html/rfc6749#section-2.1 [RFC6749 Section 2.1]: https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
[PKCE]: https://www.rfc-editor.org/rfc/rfc7636.html [PKCE]: https://datatracker.ietf.org/doc/html/rfc7636
[Authorization Code Flow]: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth [Authorization Code Flow]: https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
[Subject Identifier Type]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes [Subject Identifier Type]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
[Pairwise Identifier Algorithm]: https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg [Pairwise Identifier Algorithm]: https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg

View File

@ -154,7 +154,7 @@ The value must be one or more certificates encoded in the DER base64 ([RFC4648])
### private_key ### private_key
{{< confkey type="string" required="yes" >}} {{< confkey type="string" required="no" >}}
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__ *__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
especially for containerized deployments.* especially for containerized deployments.*
@ -163,6 +163,8 @@ The private key to be used with the [certificate_chain](#certificatechain) for m
The value must be one private key encoded in the DER base64 ([RFC4648]) encoded PEM format. The value must be one private key encoded in the DER base64 ([RFC4648]) encoded PEM format.
[RFC4648]: https://datatracker.ietf.org/doc/html/rfc4648
## Server Buffers ## Server Buffers
### read ### read

View File

@ -172,5 +172,5 @@ at least a minimal configuration that has the storage backend connection details
See the [CLI Documentation](../../reference/cli/authelia/authelia_storage_user_totp_export.md) for methods to perform See the [CLI Documentation](../../reference/cli/authelia/authelia_storage_user_totp_export.md) for methods to perform
exports. exports.
[RFC4226]: https://www.rfc-editor.org/rfc/rfc4226.html [RFC4226]: https://datatracker.ietf.org/doc/html/rfc4226
[RFC6238]: https://www.rfc-editor.org/rfc/rfc6238.html [RFC6238]: https://datatracker.ietf.org/doc/html/rfc6238

View File

@ -588,7 +588,7 @@ The match type `Equals` matches if the value extracted from the pattern is equal
match value is a list/slice). match value is a list/slice).
The regex groups are case-insensitive due to the fact that the regex groups are used in domain criteria and domain names The regex groups are case-insensitive due to the fact that the regex groups are used in domain criteria and domain names
should not be compared in a case-sensitive way as per the [RFC4343](https://www.rfc-editor.org/rfc/rfc4343.html) should not be compared in a case-sensitive way as per the [RFC4343](https://datatracker.ietf.org/doc/html/rfc4343)
abstract and [RFC3986 Section 3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2). abstract and [RFC3986 Section 3.2.2](https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2).
We do not currently apply any other normalization to usernames or groups when matching these groups. As such it's We do not currently apply any other normalization to usernames or groups when matching these groups. As such it's
@ -664,6 +664,6 @@ access_control:
policy: bypass policy: bypass
``` ```
[RFC7231]: https://www.rfc-editor.org/rfc/rfc7231.html [RFC7231]: https://datatracker.ietf.org/doc/html/rfc7231
[RFC5789]: https://www.rfc-editor.org/rfc/rfc5789.html [RFC5789]: https://datatracker.ietf.org/doc/html/rfc5789
[RFC4918]: https://www.rfc-editor.org/rfc/rfc4918.html [RFC4918]: https://datatracker.ietf.org/doc/html/rfc4918

View File

@ -166,16 +166,16 @@ These endpoints implement OpenID Connect elements.
[OpenID Connect 1.0]: https://openid.net/connect/ [OpenID Connect 1.0]: https://openid.net/connect/
[OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html [OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html
[OAuth 2.0 Authorization Server Metadata]: https://www.rfc-editor.org/rfc/rfc8414.html [OAuth 2.0 Authorization Server Metadata]: https://datatracker.ietf.org/doc/html/rfc8414
[JSON Web Key Sets]: https://datatracker.ietf.org/doc/html/rfc7517#section-5 [JSON Web Key Sets]: https://datatracker.ietf.org/doc/html/rfc7517#section-5
[Authorization]: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint [Authorization]: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
[Token]: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint [Token]: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
[UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo [UserInfo]: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
[Introspection]: https://www.rfc-editor.org/rfc/rfc7662.html [Introspection]: https://datatracker.ietf.org/doc/html/rfc7662
[Revocation]: https://www.rfc-editor.org/rfc/rfc7009.html [Revocation]: https://datatracker.ietf.org/doc/html/rfc7009
[RFC8176]: https://www.rfc-editor.org/rfc/rfc8176.html [RFC8176]: https://datatracker.ietf.org/doc/html/rfc8176
[RFC4122]: https://www.rfc-editor.org/rfc/rfc4122.html [RFC4122]: https://datatracker.ietf.org/doc/html/rfc4122
[Subject Identifier Types]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes [Subject Identifier Types]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes

View File

@ -193,9 +193,9 @@ This table suggests the parameters for the [SHA2 Crypt] algorithm:
| Standard CPU | sha512 | 50000 | 16 | | Standard CPU | sha512 | 50000 | 16 |
| High End CPU | sha512 | 150000 | 16 | | High End CPU | sha512 | 150000 | 16 |
[Argon2]: https://www.rfc-editor.org/rfc/rfc9106.html [Argon2]: https://datatracker.ietf.org/doc/html/rfc9106
[Scrypt]: https://en.wikipedia.org/wiki/Scrypt [Scrypt]: https://en.wikipedia.org/wiki/Scrypt
[PBKDF2]: https://www.ietf.org/rfc/rfc2898.html [PBKDF2]: https://datatracker.ietf.org/doc/html/rfc2898
[SHA2 Crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt [SHA2 Crypt]: https://www.akkadia.org/drepper/SHA-crypt.txt
[Bcrypt]: https://en.wikipedia.org/wiki/Bcrypt [Bcrypt]: https://en.wikipedia.org/wiki/Bcrypt
[FIPS-140 compliance]: https://csrc.nist.gov/publications/detail/fips/140/2/final [FIPS-140 compliance]: https://csrc.nist.gov/publications/detail/fips/140/2/final

View File

@ -46,7 +46,7 @@ utilize these overrides should either check for changes to the files in the
The locales directory holds folders of internationalization locales. This directory can be utilized to override these The locales directory holds folders of internationalization locales. This directory can be utilized to override these
locales. They are the names of locales that are returned by the `navigator.langauge` ECMAScript command. These are locales. They are the names of locales that are returned by the `navigator.langauge` ECMAScript command. These are
generally those in the [RFC5646 / BCP47 Format](https://www.rfc-editor.org/rfc/rfc5646.html) specifically the language generally those in the [RFC5646 / BCP47 Format](https://datatracker.ietf.org/doc/html/rfc5646) specifically the language
codes from [Crowdin](https://support.crowdin.com/api/language-codes/). codes from [Crowdin](https://support.crowdin.com/api/language-codes/).
Each directory has JSON files which you can explore the format of in the Each directory has JSON files which you can explore the format of in the

View File

@ -115,7 +115,7 @@ Feature List:
{{< roadmap-status stage="in-progress" version="v4.38.0" >}} {{< roadmap-status stage="in-progress" version="v4.38.0" >}}
* [OAuth 2.0 Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc9126.html) * [OAuth 2.0 Pushed Authorization Requests](https://datatracker.ietf.org/doc/html/rfc9126)
* Per-Client [Proof Key Code Exchange (PKCE)] Policy * Per-Client [Proof Key Code Exchange (PKCE)] Policy
### Beta 7 ### Beta 7
@ -177,7 +177,7 @@ Should be implemented alongside [Dynamic Client Registration](#openid-connect-dy
{{< roadmap-status stage="complete" version="v4.34.0" >}} {{< roadmap-status stage="complete" version="v4.34.0" >}}
See the [IETF Specification RFC8414](https://www.rfc-editor.org/rfc/rfc8414.html) for more information. See the [IETF Specification RFC8414](https://datatracker.ietf.org/doc/html/rfc8414) for more information.
#### OpenID Connect Session Management #### OpenID Connect Session Management
@ -205,9 +205,9 @@ The `preferred_username` claim was missing and was fixed.
[Cross Origin Resource Sharing]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS [Cross Origin Resource Sharing]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
[RFC8176]: https://www.rfc-editor.org/rfc/rfc8176.html [RFC8176]: https://datatracker.ietf.org/doc/html/rfc8176
[RFC8693 Section 4.3]: https://www.rfc-editor.org/rfc/rfc8693.html/#section-4.3 [RFC8693 Section 4.3]: https://datatracker.ietf.org/doc/html/rfc8693/#section-4.3
[RFC4122]: https://www.rfc-editor.org/rfc/rfc4122.html [RFC4122]: https://datatracker.ietf.org/doc/html/rfc4122
[OpenID Connect]: https://openid.net/connect/ [OpenID Connect]: https://openid.net/connect/
[OpenID Connect Front-Channel Logout]: https://openid.net/specs/openid-connect-frontchannel-1_0.html [OpenID Connect Front-Channel Logout]: https://openid.net/specs/openid-connect-frontchannel-1_0.html
@ -219,4 +219,4 @@ The `preferred_username` claim was missing and was fixed.
[OpenID Connect Core (Subject Identifier Types)]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes [OpenID Connect Core (Subject Identifier Types)]: https://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
[OpenID Connect Core (Pairwise Identifier Algorithm)]: https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg [OpenID Connect Core (Pairwise Identifier Algorithm)]: https://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg
[OpenID Connect Core (Mandatory to Implement Features for All OpenID Providers)]: https://openid.net/specs/openid-connect-core-1_0.html#ServerMTI [OpenID Connect Core (Mandatory to Implement Features for All OpenID Providers)]: https://openid.net/specs/openid-connect-core-1_0.html#ServerMTI
[Proof Key Code Exchange (PKCE)]: https://www.rfc-editor.org/rfc/rfc7636.html [Proof Key Code Exchange (PKCE)]: https://datatracker.ietf.org/doc/html/rfc7636

View File

@ -426,7 +426,7 @@ authentication_backend:
## changed once attributed to a user otherwise it would break the configuration for that user. Technically, ## changed once attributed to a user otherwise it would break the configuration for that user. Technically,
## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use ## non-unique attributes like 'mail' can also be used but we don't recommend using them, we instead advise to use
## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to ## a filter to perform alternative lookups and the attributes mentioned above (sAMAccountName and uid) to
## follow https://www.ietf.org/rfc/rfc2307.txt. ## follow https://datatracker.ietf.org/doc/html/rfc2307.
# username_attribute: uid # username_attribute: uid
## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users. ## The additional_users_dn is prefixed to base_dn and delimited by a comma when searching for users.

View File

@ -234,11 +234,11 @@ func (p *CORSPolicy) handleOPTIONS(ctx *fasthttp.RequestCtx) {
/* The OPTIONS method should not return a 204 as per the following specifications when read together: /* The OPTIONS method should not return a 204 as per the following specifications when read together:
RFC7231 (https://www.rfc-editor.org/rfc/rfc7231#section-4.3.7): RFC7231 (https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.7):
A server MUST generate a Content-Length field with a value of "0" if no payload body is to be sent in A server MUST generate a Content-Length field with a value of "0" if no payload body is to be sent in
the response. the response.
RFC7230 (https://www.rfc-editor.org/rfc/rfc7230#section-3.3.2): RFC7230 (https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2):
A server MUST NOT send a Content-Length header field in any response with a status code of 1xx (Informational) A server MUST NOT send a Content-Length header field in any response with a status code of 1xx (Informational)
or 204 (No Content). or 204 (No Content).
*/ */

View File

@ -121,33 +121,48 @@ func (mr *MockRandomMockRecorder) IntErr(arg0 interface{}) *gomock.Call {
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntErr", reflect.TypeOf((*MockRandom)(nil).IntErr), arg0) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntErr", reflect.TypeOf((*MockRandom)(nil).IntErr), arg0)
} }
// Integer mocks base method. // Intn mocks base method.
func (m *MockRandom) Integer(arg0 int) int { func (m *MockRandom) Intn(arg0 int) int {
m.ctrl.T.Helper() m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "Integer", arg0) ret := m.ctrl.Call(m, "Intn", arg0)
ret0, _ := ret[0].(int) ret0, _ := ret[0].(int)
return ret0 return ret0
} }
// Integer indicates an expected call of Integer. // Intn indicates an expected call of Intn.
func (mr *MockRandomMockRecorder) Integer(arg0 interface{}) *gomock.Call { func (mr *MockRandomMockRecorder) Intn(arg0 interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper() mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Integer", reflect.TypeOf((*MockRandom)(nil).Integer), arg0) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Intn", reflect.TypeOf((*MockRandom)(nil).Intn), arg0)
} }
// IntegerErr mocks base method. // IntnErr mocks base method.
func (m *MockRandom) IntegerErr(arg0 int) (int, error) { func (m *MockRandom) IntnErr(arg0 int) (int, error) {
m.ctrl.T.Helper() m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "IntegerErr", arg0) ret := m.ctrl.Call(m, "IntnErr", arg0)
ret0, _ := ret[0].(int) ret0, _ := ret[0].(int)
ret1, _ := ret[1].(error) ret1, _ := ret[1].(error)
return ret0, ret1 return ret0, ret1
} }
// IntegerErr indicates an expected call of IntegerErr. // IntnErr indicates an expected call of IntnErr.
func (mr *MockRandomMockRecorder) IntegerErr(arg0 interface{}) *gomock.Call { func (mr *MockRandomMockRecorder) IntnErr(arg0 interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper() mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntegerErr", reflect.TypeOf((*MockRandom)(nil).IntegerErr), arg0) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntnErr", reflect.TypeOf((*MockRandom)(nil).IntnErr), arg0)
}
// Prime mocks base method.
func (m *MockRandom) Prime(arg0 int) (*big.Int, error) {
m.ctrl.T.Helper()
ret := m.ctrl.Call(m, "Prime", arg0)
ret0, _ := ret[0].(*big.Int)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// Prime indicates an expected call of Prime.
func (mr *MockRandomMockRecorder) Prime(arg0 interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Prime", reflect.TypeOf((*MockRandom)(nil).Prime), arg0)
} }
// Read mocks base method. // Read mocks base method.

View File

@ -163,8 +163,8 @@ func (n *SMTPNotifier) Send(ctx context.Context, recipient mail.Address, subject
} }
func (n *SMTPNotifier) setMessageID(msg *gomail.Msg, domain string) { func (n *SMTPNotifier) setMessageID(msg *gomail.Msg, domain string) {
rn := n.random.Integer(100000000) rn := n.random.Intn(100000000)
rm := n.random.Integer(10000) rm := n.random.Intn(10000)
rs := n.random.StringCustom(17, random.CharSetAlphaNumeric) rs := n.random.StringCustom(17, random.CharSetAlphaNumeric)
pid := os.Getpid() + rm pid := os.Getpid() + rm

View File

@ -180,7 +180,7 @@ func (s *Store) DeleteAccessTokenSession(ctx context.Context, signature string)
return s.revokeSessionBySignature(ctx, storage.OAuth2SessionTypeAccessToken, signature) return s.revokeSessionBySignature(ctx, storage.OAuth2SessionTypeAccessToken, signature)
} }
// RevokeAccessToken revokes an access token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 // RevokeAccessToken revokes an access token as specified in: https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
// If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well. // If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well.
// This implements a portion of oauth2.TokenRevocationStorage. // This implements a portion of oauth2.TokenRevocationStorage.
func (s *Store) RevokeAccessToken(ctx context.Context, requestID string) (err error) { func (s *Store) RevokeAccessToken(ctx context.Context, requestID string) (err error) {
@ -205,7 +205,7 @@ func (s *Store) DeleteRefreshTokenSession(ctx context.Context, signature string)
return s.revokeSessionBySignature(ctx, storage.OAuth2SessionTypeRefreshToken, signature) return s.revokeSessionBySignature(ctx, storage.OAuth2SessionTypeRefreshToken, signature)
} }
// RevokeRefreshToken revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 // RevokeRefreshToken revokes a refresh token as specified in: https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
// If the particular token is a refresh token and the authorization server supports the revocation of access tokens, // If the particular token is a refresh token and the authorization server supports the revocation of access tokens,
// then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note). // then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).
// This implements a portion of oauth2.TokenRevocationStorage. // This implements a portion of oauth2.TokenRevocationStorage.
@ -213,7 +213,7 @@ func (s *Store) RevokeRefreshToken(ctx context.Context, requestID string) (err e
return s.provider.DeactivateOAuth2SessionByRequestID(ctx, storage.OAuth2SessionTypeRefreshToken, requestID) return s.provider.DeactivateOAuth2SessionByRequestID(ctx, storage.OAuth2SessionTypeRefreshToken, requestID)
} }
// RevokeRefreshTokenMaybeGracePeriod revokes an access token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 // RevokeRefreshTokenMaybeGracePeriod revokes an access token as specified in: https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
// If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well. // If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well.
// This implements a portion of oauth2.TokenRevocationStorage. // This implements a portion of oauth2.TokenRevocationStorage.
func (s *Store) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) (err error) { func (s *Store) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) (err error) {

View File

@ -25,7 +25,7 @@ const (
CharSetSymbolic = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~" CharSetSymbolic = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~"
// CharSetSymbolicRFC3986Unreserved are RFC3986 unreserved symbol characters. // CharSetSymbolicRFC3986Unreserved are RFC3986 unreserved symbol characters.
// See https://www.rfc-editor.org/rfc/rfc3986#section-2.3. // See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3.
CharSetSymbolicRFC3986Unreserved = "-._~" CharSetSymbolicRFC3986Unreserved = "-._~"
// CharSetAlphaNumeric are literally just valid alphanumeric printable ASCII chars. // CharSetAlphaNumeric are literally just valid alphanumeric printable ASCII chars.
@ -35,7 +35,7 @@ const (
CharSetASCII = CharSetAlphabetic + CharSetNumeric + CharSetSymbolic CharSetASCII = CharSetAlphabetic + CharSetNumeric + CharSetSymbolic
// CharSetRFC3986Unreserved are RFC3986 unreserved characters. // CharSetRFC3986Unreserved are RFC3986 unreserved characters.
// See https://www.rfc-editor.org/rfc/rfc3986#section-2.3. // See https://datatracker.ietf.org/doc/html/rfc3986#section-2.3.
CharSetRFC3986Unreserved = CharSetAlphabetic + CharSetNumeric + CharSetSymbolicRFC3986Unreserved CharSetRFC3986Unreserved = CharSetAlphabetic + CharSetNumeric + CharSetSymbolicRFC3986Unreserved
// CharSetUnambiguousUpper are a set of unambiguous uppercase characters. // CharSetUnambiguousUpper are a set of unambiguous uppercase characters.

View File

@ -18,11 +18,7 @@ func (r *Cryptographical) Read(p []byte) (n int, err error) {
// BytesErr returns random data as bytes with the standard random.DefaultN length and can contain any byte values // BytesErr returns random data as bytes with the standard random.DefaultN length and can contain any byte values
// (including unreadable byte values). If an error is returned from the random read this function returns it. // (including unreadable byte values). If an error is returned from the random read this function returns it.
func (r *Cryptographical) BytesErr() (data []byte, err error) { func (r *Cryptographical) BytesErr() (data []byte, err error) {
data = make([]byte, DefaultN) return r.BytesCustomErr(0, nil)
_, err = rand.Read(data)
return data, err
} }
// Bytes returns random data as bytes with the standard random.DefaultN length and can contain any byte values // Bytes returns random data as bytes with the standard random.DefaultN length and can contain any byte values
@ -49,8 +45,10 @@ func (r *Cryptographical) BytesCustomErr(n int, charset []byte) (data []byte, er
t := len(charset) t := len(charset)
for i := 0; i < n; i++ { if t > 0 {
data[i] = charset[data[i]%byte(t)] for i := 0; i < n; i++ {
data[i] = charset[data[i]%byte(t)]
}
} }
return data, nil return data, nil
@ -81,6 +79,36 @@ func (r *Cryptographical) StringCustom(n int, characters string) (data string) {
return string(r.BytesCustom(n, []byte(characters))) return string(r.BytesCustom(n, []byte(characters)))
} }
// IntnErr returns a random int error combination with a maximum of n.
func (r *Cryptographical) IntnErr(n int) (value int, err error) {
if n <= 0 {
return 0, fmt.Errorf("n must be more than 0")
}
max := big.NewInt(int64(n))
var result *big.Int
if result, err = r.IntErr(max); err != nil {
return 0, err
}
value = int(result.Int64())
if value < 0 {
return 0, fmt.Errorf("generated number is too big for int")
}
return value, nil
}
// Intn returns a random int with a maximum of n.
func (r *Cryptographical) Intn(n int) (value int) {
value, _ = r.IntnErr(n)
return value
}
// IntErr returns a random *big.Int error combination with a maximum of max. // IntErr returns a random *big.Int error combination with a maximum of max.
func (r *Cryptographical) IntErr(max *big.Int) (value *big.Int, err error) { func (r *Cryptographical) IntErr(max *big.Int) (value *big.Int, err error) {
if max == nil { if max == nil {
@ -105,32 +133,8 @@ func (r *Cryptographical) Int(max *big.Int) (value *big.Int) {
return value return value
} }
// IntegerErr returns a random int error combination with a maximum of n. // Prime returns a number of the given bit length that is prime with high probability. Prime will return error for any
func (r *Cryptographical) IntegerErr(n int) (value int, err error) { // error returned by rand.Read or if bits < 2.
if n <= 0 { func (r *Cryptographical) Prime(bits int) (prime *big.Int, err error) {
return 0, fmt.Errorf("n must be more than 0") return rand.Prime(rand.Reader, bits)
}
max := big.NewInt(int64(n))
var result *big.Int
if result, err = r.IntErr(max); err != nil {
return 0, err
}
value = int(result.Int64())
if value < 0 {
return 0, fmt.Errorf("generated number is too big for int")
}
return value, nil
}
// Integer returns a random int with a maximum of n.
func (r *Cryptographical) Integer(n int) (value int) {
value, _ = r.IntegerErr(n)
return value
} }

View File

@ -1,26 +1,36 @@
package random package random
import ( import (
crand "crypto/rand"
"fmt" "fmt"
"math/big" "math/big"
"math/rand" "math/rand"
"sync"
"time" "time"
) )
// NewMathematical runs rand.Seed with the current time and returns a random.Provider, specifically *random.Mathematical. // NewMathematical runs rand.Seed with the current time and returns a random.Provider, specifically *random.Mathematical.
func NewMathematical() *Mathematical { func NewMathematical() *Mathematical {
rand.Seed(time.Now().UnixNano()) return &Mathematical{
rand: rand.New(rand.NewSource(time.Now().UnixNano())), //nolint:gosec
return &Mathematical{} lock: &sync.Mutex{},
}
} }
// Mathematical is the random.Provider which uses math/rand and is COMPLETELY UNSAFE FOR PRODUCTION IN MOST SITUATIONS. // Mathematical is the random.Provider which uses math/rand and is COMPLETELY UNSAFE FOR PRODUCTION IN MOST SITUATIONS.
// Use random.Cryptographical instead. // Use random.Cryptographical instead.
type Mathematical struct{} type Mathematical struct {
rand *rand.Rand
lock *sync.Mutex
}
// Read implements the io.Reader interface. // Read implements the io.Reader interface.
func (r *Mathematical) Read(p []byte) (n int, err error) { func (r *Mathematical) Read(p []byte) (n int, err error) {
return rand.Read(p) //nolint:gosec r.lock.Lock()
defer r.lock.Unlock()
return r.rand.Read(p)
} }
// BytesErr returns random data as bytes with the standard random.DefaultN length and can contain any byte values // BytesErr returns random data as bytes with the standard random.DefaultN length and can contain any byte values
@ -28,7 +38,7 @@ func (r *Mathematical) Read(p []byte) (n int, err error) {
func (r *Mathematical) BytesErr() (data []byte, err error) { func (r *Mathematical) BytesErr() (data []byte, err error) {
data = make([]byte, DefaultN) data = make([]byte, DefaultN)
if _, err = rand.Read(data); err != nil { //nolint:gosec if _, err = r.Read(data); err != nil {
return nil, err return nil, err
} }
@ -53,7 +63,7 @@ func (r *Mathematical) BytesCustomErr(n int, charset []byte) (data []byte, err e
data = make([]byte, n) data = make([]byte, n)
if _, err = rand.Read(data); err != nil { //nolint:gosec if _, err = r.Read(data); err != nil {
return nil, err return nil, err
} }
@ -91,17 +101,18 @@ func (r *Mathematical) StringCustom(n int, characters string) (data string) {
return string(r.BytesCustom(n, []byte(characters))) return string(r.BytesCustom(n, []byte(characters)))
} }
// IntErr returns a random *big.Int error combination with a maximum of max. // Intn returns a random int with a maximum of n.
func (r *Mathematical) IntErr(max *big.Int) (value *big.Int, err error) { func (r *Mathematical) Intn(n int) int {
if max == nil { r.lock.Lock()
return nil, fmt.Errorf("max is required")
}
if max.Sign() <= 0 { defer r.lock.Unlock()
return nil, fmt.Errorf("max must be 1 or more")
}
return big.NewInt(int64(rand.Intn(max.Sign()))), nil //nolint:gosec return r.rand.Intn(n)
}
// IntnErr returns a random int error combination with a maximum of n.
func (r *Mathematical) IntnErr(n int) (output int, err error) {
return r.Intn(n), nil
} }
// Int returns a random *big.Int with a maximum of max. // Int returns a random *big.Int with a maximum of max.
@ -115,12 +126,25 @@ func (r *Mathematical) Int(max *big.Int) (value *big.Int) {
return value return value
} }
// IntegerErr returns a random int error combination with a maximum of n. // IntErr returns a random *big.Int error combination with a maximum of max.
func (r *Mathematical) IntegerErr(n int) (output int, err error) { func (r *Mathematical) IntErr(max *big.Int) (value *big.Int, err error) {
return r.Integer(n), nil if max == nil {
return nil, fmt.Errorf("max is required")
}
if max.Sign() <= 0 {
return nil, fmt.Errorf("max must be 1 or more")
}
r.lock.Lock()
defer r.lock.Unlock()
return big.NewInt(int64(r.Intn(max.Sign()))), nil
} }
// Integer returns a random int with a maximum of n. // Prime returns a number of the given bit length that is prime with high probability. Prime will return error for any
func (r *Mathematical) Integer(n int) int { // error returned by rand.Read or if bits < 2.
return rand.Intn(n) //nolint:gosec func (r *Mathematical) Prime(bits int) (prime *big.Int, err error) {
return crand.Prime(r, bits)
} }

View File

@ -32,15 +32,19 @@ type Provider interface {
// StringCustom is an overload of GenerateCustom which takes a characters string and returns a string. // StringCustom is an overload of GenerateCustom which takes a characters string and returns a string.
StringCustom(n int, characters string) (data string) StringCustom(n int, characters string) (data string)
// Intn returns a random integer with a maximum of n.
Intn(n int) (value int)
// IntnErr returns a random int error combination with a maximum of n.
IntnErr(n int) (value int, err error)
// IntErr returns a random *big.Int error combination with a maximum of max. // IntErr returns a random *big.Int error combination with a maximum of max.
IntErr(max *big.Int) (value *big.Int, err error) IntErr(max *big.Int) (value *big.Int, err error)
// Int returns a random *big.Int with a maximum of max. // Int returns a random *big.Int with a maximum of max.
Int(max *big.Int) (value *big.Int) Int(max *big.Int) (value *big.Int)
// IntegerErr returns a random int error combination with a maximum of n. // Prime returns a number of the given bit length that is prime with high probability. Prime will return error for any
IntegerErr(n int) (value int, err error) // error returned by rand.Read or if bits < 2.
Prime(bits int) (prime *big.Int, err error)
// Integer returns a random integer with a maximum of n.
Integer(n int) (value int)
} }

View File

@ -752,9 +752,9 @@ M.base64 = {}
--- URL safe base64 encoder --- URL safe base64 encoder
-- --
-- Padding ('=') is omited, as permited per RFC -- Padding ('=') is omited, as permited per RFC
-- https://tools.ietf.org/html/rfc4648 -- https://datatracker.ietf.org/doc/html/rfc4648
-- in order to follow JSON Web Signature RFC -- in order to follow JSON Web Signature RFC
-- https://tools.ietf.org/html/rfc7515 -- https://datatracker.ietf.org/doc/html/rfc7515
-- --
-- @param s String (can be binary data) to encode -- @param s String (can be binary data) to encode
-- @param enc Function which implements base64 encoder (e.g. HAProxy base64 fetch) -- @param enc Function which implements base64 encoder (e.g. HAProxy base64 fetch)

View File

@ -1617,7 +1617,7 @@ notify-keyspace-events ""
############################### GOPHER SERVER ################################# ############################### GOPHER SERVER #################################
# Redis contains an implementation of the Gopher protocol, as specified in # Redis contains an implementation of the Gopher protocol, as specified in
# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt). # the RFC 1436 (https://datatracker.ietf.org/doc/html/rfc1436).
# #
# The Gopher protocol was very popular in the late '90s. It is an alternative # The Gopher protocol was very popular in the late '90s. It is an alternative
# to the web, and the implementation both server and client side is so simple # to the web, and the implementation both server and client side is so simple

View File

@ -1617,7 +1617,7 @@ notify-keyspace-events ""
############################### GOPHER SERVER ################################# ############################### GOPHER SERVER #################################
# Redis contains an implementation of the Gopher protocol, as specified in # Redis contains an implementation of the Gopher protocol, as specified in
# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt). # the RFC 1436 (https://datatracker.ietf.org/doc/html/rfc1436).
# #
# The Gopher protocol was very popular in the late '90s. It is an alternative # The Gopher protocol was very popular in the late '90s. It is an alternative
# to the web, and the implementation both server and client side is so simple # to the web, and the implementation both server and client side is so simple