authelia/internal/handlers/const.go

99 lines
3.4 KiB
Go

package handlers
const (
// ActionTOTPRegistration is the string representation of the action for which the token has been produced.
ActionTOTPRegistration = "RegisterTOTPDevice"
// ActionU2FRegistration is the string representation of the action for which the token has been produced.
ActionU2FRegistration = "RegisterU2FDevice"
// ActionResetPassword is the string representation of the action for which the token has been produced.
ActionResetPassword = "ResetPassword"
)
const (
// HeaderProxyAuthorization is the basic-auth HTTP header Authelia utilises.
HeaderProxyAuthorization = "Proxy-Authorization"
// HeaderAuthorization is the basic-auth HTTP header Authelia utilises with "auth=basic" query param.
HeaderAuthorization = "Authorization"
// HeaderSessionUsername is used as additional protection to validate a user for things like pam_exec.
HeaderSessionUsername = "Session-Username"
headerRemoteUser = "Remote-User"
headerRemoteName = "Remote-Name"
headerRemoteEmail = "Remote-Email"
headerRemoteGroups = "Remote-Groups"
)
const (
// Forbidden means the user is forbidden the access to a resource.
Forbidden authorizationMatching = iota
// NotAuthorized means the user can access the resource with more permissions.
NotAuthorized authorizationMatching = iota
// Authorized means the user is authorized given her current permissions.
Authorized authorizationMatching = iota
)
const (
messageOperationFailed = "Operation failed."
messageAuthenticationFailed = "Authentication failed. Check your credentials."
messageUnableToRegisterOneTimePassword = "Unable to set up one-time passwords." //nolint:gosec
messageUnableToRegisterSecurityKey = "Unable to register your security key."
messageUnableToResetPassword = "Unable to reset your password."
messageMFAValidationFailed = "Authentication failed, please retry later."
)
const (
testInactivity = "10"
testRedirectionURL = "http://redirection.local"
testResultAllow = "allow"
testUsername = "john"
)
const (
loginDelayMovingAverageWindow = 10
loginDelayMinimumDelayMilliseconds = float64(250)
loginDelayMaximumRandomDelayMilliseconds = int64(85)
)
// OIDC constants.
const (
pathOpenIDConnectWellKnown = "/.well-known/openid-configuration"
pathOpenIDConnectJWKs = "/api/oidc/jwks"
pathOpenIDConnectAuthorization = "/api/oidc/authorize"
pathOpenIDConnectToken = "/api/oidc/token" //nolint:gosec // This is not a hard coded credential, it's a path.
pathOpenIDConnectIntrospection = "/api/oidc/introspect"
pathOpenIDConnectRevocation = "/api/oidc/revoke"
pathOpenIDConnectUserinfo = "/api/oidc/userinfo"
// Note: If you change this const you must also do so in the frontend at web/src/services/Api.ts.
pathOpenIDConnectConsent = "/api/oidc/consent"
)
const (
totpAlgoSHA1 = "SHA1"
totpAlgoSHA256 = "SHA256"
totpAlgoSHA512 = "SHA512"
)
const (
accept = "accept"
reject = "reject"
)
const authPrefix = "Basic "
const ldapPasswordComplexityCode = "0000052D."
var ldapPasswordComplexityCodes = []string{
"0000052D", "SynoNumber", "SynoMixedCase", "SynoExcludeNameDesc", "SynoSpecialChar",
}
var ldapPasswordComplexityErrors = []string{
"LDAP Result Code 19 \"Constraint Violation\": Password fails quality checking policy",
"LDAP Result Code 19 \"Constraint Violation\": Password is too young to change",
}