1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
|
package storage
import (
"context"
"database/sql"
"time"
"github.com/google/uuid"
"github.com/ory/fosite/storage"
"github.com/authelia/authelia/v4/internal/model"
)
// Provider is an interface providing storage capabilities for persisting any kind of data related to Authelia.
type Provider interface {
model.StartupCheck
storage.Transactional
// Close the underlying storage provider.
Close() (err error)
/*
Implementation for Basic User Information.
*/
// SavePreferred2FAMethod save the preferred method for 2FA for a username to the storage provider.
SavePreferred2FAMethod(ctx context.Context, username string, method string) (err error)
// LoadPreferred2FAMethod load the preferred method for 2FA for a username from the storage provider.
LoadPreferred2FAMethod(ctx context.Context, username string) (method string, err error)
// LoadUserInfo loads the model.UserInfo from the storage provider.
LoadUserInfo(ctx context.Context, username string) (info model.UserInfo, err error)
/*
Implementation for User Opaque Identifiers.
*/
// SaveUserOpaqueIdentifier saves a new opaque user identifier to the storage provider.
SaveUserOpaqueIdentifier(ctx context.Context, subject model.UserOpaqueIdentifier) (err error)
// LoadUserOpaqueIdentifier selects an opaque user identifier from the storage provider.
LoadUserOpaqueIdentifier(ctx context.Context, identifier uuid.UUID) (subject *model.UserOpaqueIdentifier, err error)
// LoadUserOpaqueIdentifiers selects an opaque user identifiers from the storage provider.
LoadUserOpaqueIdentifiers(ctx context.Context) (identifiers []model.UserOpaqueIdentifier, err error)
// LoadUserOpaqueIdentifierBySignature selects an opaque user identifier from the storage provider given a service
// name, sector id, and username.
LoadUserOpaqueIdentifierBySignature(ctx context.Context, service, sectorID, username string) (subject *model.UserOpaqueIdentifier, err error)
/*
Implementation for User TOTP Configurations.
*/
// SaveTOTPConfiguration save a TOTP configuration of a given user in the storage provider.
SaveTOTPConfiguration(ctx context.Context, config model.TOTPConfiguration) (err error)
// UpdateTOTPConfigurationSignIn updates a registered TOTP configuration in the storage provider with the relevant
// sign in information.
UpdateTOTPConfigurationSignIn(ctx context.Context, id int, lastUsedAt sql.NullTime) (err error)
// DeleteTOTPConfiguration delete a TOTP configuration from the storage provider given a username.
DeleteTOTPConfiguration(ctx context.Context, username string) (err error)
// LoadTOTPConfiguration load a TOTP configuration given a username from the storage provider.
LoadTOTPConfiguration(ctx context.Context, username string) (config *model.TOTPConfiguration, err error)
// LoadTOTPConfigurations load a set of TOTP configurations from the storage provider.
LoadTOTPConfigurations(ctx context.Context, limit, page int) (configs []model.TOTPConfiguration, err error)
/*
Implementation for User TOTP History.
*/
// SaveTOTPHistory saves a TOTP history item in the storage provider.
SaveTOTPHistory(ctx context.Context, username string, step uint64) (err error)
// ExistsTOTPHistory checks if a TOTP history item exists in the storage provider.
ExistsTOTPHistory(ctx context.Context, username string, step uint64) (exists bool, err error)
/*
Implementation for User WebAuthn Information.
*/
// SaveWebAuthnUser saves a registered WebAuthn user to the storage provider.
SaveWebAuthnUser(ctx context.Context, user model.WebAuthnUser) (err error)
// LoadWebAuthnUser loads a registered WebAuthn user from the storage provider.
LoadWebAuthnUser(ctx context.Context, rpid, username string) (user *model.WebAuthnUser, err error)
/*
Implementation for User WebAuthn Device Registrations.
*/
// SaveWebAuthnCredential saves a registered WebAuthn credential to the storage provider.
SaveWebAuthnCredential(ctx context.Context, credential model.WebAuthnCredential) (err error)
// UpdateWebAuthnCredentialDescription updates a registered WebAuthn credential in the storage provider changing the
// description.
UpdateWebAuthnCredentialDescription(ctx context.Context, username string, credentialID int, description string) (err error)
// UpdateWebAuthnCredentialSignIn updates a registered WebAuthn credential in the storage provider changing the
// information that should be changed in the event of a successful sign in.
UpdateWebAuthnCredentialSignIn(ctx context.Context, credential model.WebAuthnCredential) (err error)
// DeleteWebAuthnCredential deletes a registered WebAuthn credential from the storage provider.
DeleteWebAuthnCredential(ctx context.Context, kid string) (err error)
// DeleteWebAuthnCredentialByUsername deletes registered WebAuthn credential from the storage provider by username
// or username and description.
DeleteWebAuthnCredentialByUsername(ctx context.Context, username, description string) (err error)
// LoadWebAuthnCredentials loads WebAuthn credential registrations from the storage provider.
LoadWebAuthnCredentials(ctx context.Context, limit, page int) (credentials []model.WebAuthnCredential, err error)
// LoadWebAuthnCredentialsByUsername loads all WebAuthn credential registrations from the storage provider for a
// given username.
LoadWebAuthnCredentialsByUsername(ctx context.Context, rpid, username string) (credential []model.WebAuthnCredential, err error)
// LoadWebAuthnCredentialByID loads a WebAuthn credential registration from the storage provider for a given id.
LoadWebAuthnCredentialByID(ctx context.Context, id int) (credential *model.WebAuthnCredential, err error)
// SavePreferredDuoDevice saves a Duo device to the storage provider.
SavePreferredDuoDevice(ctx context.Context, device model.DuoDevice) (err error)
// DeletePreferredDuoDevice deletes a Duo device from the storage provider for a given username.
DeletePreferredDuoDevice(ctx context.Context, username string) (err error)
// LoadPreferredDuoDevice loads a Duo device from the storage provider for a given username.
LoadPreferredDuoDevice(ctx context.Context, username string) (device *model.DuoDevice, err error)
/*
Implementation for Identity Verification (JWT).
*/
// SaveIdentityVerification save an identity verification record to the storage provider.
SaveIdentityVerification(ctx context.Context, verification model.IdentityVerification) (err error)
// ConsumeIdentityVerification marks an identity verification record in the storage provider as consumed.
ConsumeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)
// RevokeIdentityVerification marks an identity verification record in the storage provider as revoked.
RevokeIdentityVerification(ctx context.Context, jti string, ip model.NullIP) (err error)
// FindIdentityVerification checks if an identity verification record is in the storage provider and active.
FindIdentityVerification(ctx context.Context, jti string) (found bool, err error)
// LoadIdentityVerification loads an Identity Verification but does not do any validation.
// For easy validation you should use FindIdentityVerification which ensures the JWT is still valid.
LoadIdentityVerification(ctx context.Context, jti string) (verification *model.IdentityVerification, err error)
/*
Implementation for Identity Verification (OTP).
*/
// SaveOneTimeCode saves a one-time code to the storage provider after generating the signature which is returned
// along with any error.
SaveOneTimeCode(ctx context.Context, code model.OneTimeCode) (signature string, err error)
// ConsumeOneTimeCode consumes a one-time code using the signature.
ConsumeOneTimeCode(ctx context.Context, code *model.OneTimeCode) (err error)
// RevokeOneTimeCode revokes a one-time code in the storage provider using the public ID.
RevokeOneTimeCode(ctx context.Context, id uuid.UUID, ip model.IP) (err error)
// LoadOneTimeCode loads a one-time code from the storage provider given a username, intent, and code.
LoadOneTimeCode(ctx context.Context, username, intent, raw string) (code *model.OneTimeCode, err error)
// LoadOneTimeCodeBySignature loads a one-time code from the storage provider given the signature.
// This method should NOT be used to validate a One-Time Code, LoadOneTimeCode should be used instead.
LoadOneTimeCodeBySignature(ctx context.Context, signature string) (code *model.OneTimeCode, err error)
// LoadOneTimeCodeByID loads a one-time code from the storage provider given the id.
// This does not decrypt the code. This method should NOT be used to validate a One-Time Code,
// LoadOneTimeCode should be used instead.
LoadOneTimeCodeByID(ctx context.Context, id int) (code *model.OneTimeCode, err error)
// LoadOneTimeCodeByPublicID loads a one-time code from the storage provider given the public identifier.
// This does not decrypt the code. This method SHOULD ONLY be used to find the One-Time Code for the
// purpose of deletion.
LoadOneTimeCodeByPublicID(ctx context.Context, id uuid.UUID) (code *model.OneTimeCode, err error)
/*
Implementation for OAuth2.0 Consent Pre-Configurations.
*/
// SaveOAuth2ConsentPreConfiguration inserts an OAuth2.0 consent pre-configuration in the storage provider.
SaveOAuth2ConsentPreConfiguration(ctx context.Context, config model.OAuth2ConsentPreConfig) (insertedID int64, err error)
// LoadOAuth2ConsentPreConfigurations returns an OAuth2.0 consents pre-configurations from the storage provider given the consent signature.
LoadOAuth2ConsentPreConfigurations(ctx context.Context, clientID string, subject uuid.UUID) (rows *ConsentPreConfigRows, err error)
/*
Implementation for OAuth2.0 Consent Sessions.
*/
// SaveOAuth2ConsentSession inserts an OAuth2.0 consent session to the storage provider.
SaveOAuth2ConsentSession(ctx context.Context, consent model.OAuth2ConsentSession) (err error)
// SaveOAuth2ConsentSessionSubject updates an OAuth2.0 consent session in the storage provider with the subject.
SaveOAuth2ConsentSessionSubject(ctx context.Context, consent model.OAuth2ConsentSession) (err error)
// SaveOAuth2ConsentSessionResponse updates an OAuth2.0 consent session in the storage provider with the response.
SaveOAuth2ConsentSessionResponse(ctx context.Context, consent model.OAuth2ConsentSession, rejection bool) (err error)
// SaveOAuth2ConsentSessionGranted updates an OAuth2.0 consent session in the storage provider recording that it
// has been granted by the authorization endpoint.
SaveOAuth2ConsentSessionGranted(ctx context.Context, id int) (err error)
// LoadOAuth2ConsentSessionByChallengeID returns an OAuth2.0 consent session in the storage provider given the
// challenge ID.
LoadOAuth2ConsentSessionByChallengeID(ctx context.Context, challengeID uuid.UUID) (consent *model.OAuth2ConsentSession, err error)
/*
Implementation for OAuth2.0 General Sessions.
*/
// SaveOAuth2Session saves an OAut2.0 session to the storage provider.
SaveOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, session model.OAuth2Session) (err error)
// RevokeOAuth2Session marks an OAuth2.0 session as revoked in the storage provider.
RevokeOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)
// RevokeOAuth2SessionByRequestID marks an OAuth2.0 session as revoked in the storage provider.
RevokeOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)
// DeactivateOAuth2Session marks an OAuth2.0 session as inactive in the storage provider.
DeactivateOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (err error)
// DeactivateOAuth2SessionByRequestID marks an OAuth2.0 session as inactive in the storage provider.
DeactivateOAuth2SessionByRequestID(ctx context.Context, sessionType OAuth2SessionType, requestID string) (err error)
// LoadOAuth2Session saves an OAuth2.0 session from the storage provider.
LoadOAuth2Session(ctx context.Context, sessionType OAuth2SessionType, signature string) (session *model.OAuth2Session, err error)
/*
Implementation for OAuth2.0 PAR Contexts.
*/
// SaveOAuth2PARContext save an OAuth2.0 PAR context to the storage provider.
SaveOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)
// LoadOAuth2PARContext loads an OAuth2.0 PAR context from the storage provider.
LoadOAuth2PARContext(ctx context.Context, signature string) (par *model.OAuth2PARContext, err error)
// RevokeOAuth2PARContext marks an OAuth2.0 PAR context as revoked in the storage provider.
RevokeOAuth2PARContext(ctx context.Context, signature string) (err error)
// UpdateOAuth2PARContext updates an existing OAuth2.0 PAR context in the storage provider.
UpdateOAuth2PARContext(ctx context.Context, par model.OAuth2PARContext) (err error)
/*
Implementation for OAuth2.0 Blacklisted JTI's.
*/
// SaveOAuth2BlacklistedJTI saves an OAuth2.0 blacklisted JTI to the storage provider.
SaveOAuth2BlacklistedJTI(ctx context.Context, blacklistedJTI model.OAuth2BlacklistedJTI) (err error)
// LoadOAuth2BlacklistedJTI loads an OAuth2.0 blacklisted JTI from the storage provider.
LoadOAuth2BlacklistedJTI(ctx context.Context, signature string) (blacklistedJTI *model.OAuth2BlacklistedJTI, err error)
/*
Implementation for Schema controls.
*/
// SchemaTables returns a list of tables from the storage provider.
SchemaTables(ctx context.Context) (tables []string, err error)
// SchemaVersion returns the version of the schema from the storage provider.
SchemaVersion(ctx context.Context) (version int, err error)
// SchemaLatestVersion returns the latest version available for migration for the storage provider.
SchemaLatestVersion() (version int, err error)
// SchemaMigrationHistory returns the storage provider migration history rows.
SchemaMigrationHistory(ctx context.Context) (migrations []model.Migration, err error)
// SchemaMigrationsUp returns a list of storage provider up migrations available between the current version
// and the provided version.
SchemaMigrationsUp(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)
// SchemaMigrationsDown returns a list of storage provider down migrations available between the current version
// and the provided version.
SchemaMigrationsDown(ctx context.Context, version int) (migrations []model.SchemaMigration, err error)
// SchemaMigrate migrates from the storage provider's current schema version to the provided schema version.
SchemaMigrate(ctx context.Context, up bool, version int) (err error)
// SchemaEncryptionChangeKey uses the currently configured key to decrypt values in the storage provider and the key
// provided by this command to encrypt the values again and update them using a transaction.
SchemaEncryptionChangeKey(ctx context.Context, key string) (err error)
// SchemaEncryptionCheckKey checks the encryption key configured is valid for the storage provider.
SchemaEncryptionCheckKey(ctx context.Context, verbose bool) (result EncryptionValidationResult, err error)
RegulatorProvider
}
// RegulatorProvider is an interface providing storage capabilities for persisting any kind of data related to the regulator.
type RegulatorProvider interface {
// AppendAuthenticationLog saves an authentication attempt to the storage provider.
AppendAuthenticationLog(ctx context.Context, attempt model.AuthenticationAttempt) (err error)
// LoadAuthenticationLogs loads authentication attempts from the storage provider (paginated).
LoadAuthenticationLogs(ctx context.Context, username string, fromDate time.Time, limit, page int) (attempts []model.AuthenticationAttempt, err error)
}
|
