1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-12-04 10:24:52 +02:00
Commit Graph

305 Commits

Author SHA1 Message Date
Aaron L
48b33b0217 Add a few convenience pieces
- Add helper to directly merge data into a request (common use case)
- Allow parsing of OAuth2PID without panic
- Add oauth2.* strings to the modules list in case people want to be
  able to switch on which oauth2 providers are available in their
  views.
2018-05-08 20:40:55 -07:00
Aaron L
2399b4c089 Fix bug where remember didn't log you in
- The current request needed a pid set, the session sets that existed in
  the current code would only log you in the next request.
2018-05-08 18:11:13 -07:00
Aaron L
06630eda7b Make sure recover allows form validation
This allows validation of password complexity or confirm_password form
fields.
2018-05-07 12:34:22 -07:00
Aaron L
5973fa9bd0 Make lock do what it's supposed to
Inverted the test data, which inverted the logic
2018-05-07 12:33:58 -07:00
Aaron L
1afc6fcb01 Change loaded modules middleware
It was simply too ugly to have a giant data structure for debugging.
This middleware should also basically never be used outside authboss
views so the allocation means nothing.
2018-05-07 12:33:02 -07:00
Aaron L
3ab0effe9c Fix unused variable in test 2018-05-03 10:10:17 -07:00
Aaron L
5d2a5bd564 Update documentation 2018-04-30 18:25:34 -07:00
Aaron L
d9b0dfd51c Change register and recover to use error maps 2018-04-30 18:25:30 -07:00
Aaron L
a9c161e940 Add module list middleware 2018-04-30 18:21:56 -07:00
Aaron L
563fd622be Add mock logger 2018-04-30 18:21:28 -07:00
Aaron L
f594d1d556 Add some validation helpers 2018-04-30 18:21:12 -07:00
Aaron L
08645c0811 Flush out default valuer implementations 2018-04-30 18:18:30 -07:00
Aaron L
ec8be783fd Add some basic pluralization to rules 2018-04-30 18:18:03 -07:00
Aaron L
3c6c19e2e8 Fix nil bug in responder 2018-04-30 18:17:40 -07:00
Aaron L
4aa961f758 Load and verify user logged in middleware 2018-04-30 18:17:07 -07:00
Aaron L
6dee0259e1 Add logouts module registration 2018-03-20 17:03:44 -07:00
Aaron L
f7f6244070 Small changes to docs 2018-03-09 16:18:16 -08:00
Aaron L
889ef76f9c Fix some links 2018-03-09 16:06:12 -08:00
Aaron L
b500555dda First draft docs 2018-03-09 16:02:35 -08:00
Aaron L
d752b6bb98 Doc fixes and ensure proper default config 2018-03-09 14:46:33 -08:00
Aaron L
ee4b2658d5 Finish TODOs 2018-03-09 13:11:08 -08:00
Aaron L
e9631e54b7 Remove commented tests 2018-03-08 18:41:44 -08:00
Aaron L
1112987bce Rewrite oauth module
- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
  reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
  (now hopefully only somewhat confusing) oauth2 module.
2018-03-08 18:39:51 -08:00
Aaron L
634892e29c Fix breakages from last commit 2018-03-07 16:41:58 -08:00
Aaron L
37ace55579 Clean up context and client state
- Remove extraneous http.ResponseWriter from all read-only queries
  against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
  just store variables for the things we'd like to store, it should be
  less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
  the Request context, the ResponseWriter will store them simply to send
  them into the WriteState() method later on, the Request will store
  them to be able to query data.
2018-03-07 16:21:37 -08:00
Aaron L
ce2d3dac09 Make "remember" value passing unobtrusive
- Remove RM context key for Values.
- Add values types and code to be able to pull the remember me bool
  checkbox from the user.
2018-03-07 15:17:22 -08:00
Aaron L
ac3d2846f8 Rewrite the remember module
- Add context keys and storage pieces for remember
2018-03-07 15:13:06 -08:00
Aaron L
792f7381fd Change the form of Middleware functions
- Make this change to make it a bit more chi/alice friendly
  since this is typically the form of middlewares to be constructed
  and then turn into a "middleware" function/type.
2018-03-07 13:01:35 -08:00
Aaron L
ef172b3b37 Extract logout to it's own module
- This may seems silly but the functionality is shared
  between oauth2 and auth with no changes so it makes it nicer
  not to have an oauth2/logout route like before
2018-03-07 11:41:14 -08:00
Aaron L
f071b741da Fix some tests 2018-03-07 11:15:00 -08:00
Aaron L
0eff53792f Fully re-implement recover
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
  to register)
2018-03-05 17:47:11 -08:00
Aaron L
9ef2a06dcb Rewrite the lock module
- Add lock module pieces to those that needed it (mocks/user)
2018-02-27 21:20:55 -08:00
Aaron L
62dd36b71e Remove commented tests 2018-02-27 08:03:47 -08:00
Aaron L
38268f7a6b Finish unfinished middleware 2018-02-27 07:41:01 -08:00
Aaron L
982025bbc3 Finish implementing and testing confirm
- Rejig tests to remember to test the smtp mailer
2018-02-27 07:14:30 -08:00
Aaron L
3638e4f047 Split up users and storers into separate files
- Add storers & users for confirm module
2018-02-25 15:32:27 -08:00
Aaron L
dcd439e45a Adjust mocks and code to fit new register
- Document various gotchas about Preserve fields.
- Move configuration around to the proper modules.
2018-02-25 15:20:57 -08:00
Aaron L
948aa8a115 Finish register module 2018-02-25 15:19:43 -08:00
Aaron L
1068509540 Make auth tests more solid 2018-02-21 12:10:18 -08:00
Aaron L
d4f8d2f292 Finish auth module 2018-02-20 08:58:59 -08:00
Aaron L
77987afb8a Add formatting helpers to loggers 2018-02-16 11:56:47 -08:00
Aaron L
c89ca29827 Remove context and errors from get/set
I have a feeling that I wrote all this fanciness in when the
user was still able to fetch himself from the database. But since
that's been dropped I don't think any of this stuff is necessary.

In terms of setting without an error, we should do validation before
an attempt to save, not every time we set a field. This will just end
up being much nicer error handling, and the database is going to do
it's own validation and we can handle that error in the same way.
2018-02-16 11:27:22 -08:00
Aaron L
7f97d632d0 Clean up defaults package a bit 2018-02-16 09:55:45 -08:00
Aaron L
9eb5731a3d Redo events again
- The purpose of this change is to make it so that a different module
  can hijack the response to the client.
2018-02-16 09:49:07 -08:00
Aaron L
2137c827d3 Fix tests back up again.
- Remove a test that was obsoleted by optimizations. Not 100% sure this
  is correct, but it seems like if nothing has changed since the
  previous session/cookie read then we shouldn't need to write any new
  headers for them. This is especially true in the typical "I use
  cookies for everything" use case, but may not be true of other use
  cases... Remains to be seen. Since they're optimizations they should
  be able to removed "safely" later.
2018-02-14 15:16:44 -08:00
Aaron L
f585b35cfb Move docs in defaults to defaults.go 2018-02-14 15:11:59 -08:00
Aaron L
23e1e849d3 Move expiry module
- Remove the errors from User interfaces
2018-02-14 14:18:03 -08:00
Aaron L
726204d809 Fix some inconsistencies in clientstate
- Add a ClientStateMiddleware that loads the client state into the
  request context and prepares a ClientStateResponseWriter for
  downstream handlers
- Clean up some of the handling around session and cookie state, for
  example don't write if there are no events to be processed
- Redo the Defaultts() method for config to be useful again.
- Prefix LogoutMethod with Auth to be consistent
2018-02-04 23:28:31 -08:00
Aaron L
d4f4f6c443 Rewrite auth module
Discovered many problems with the abstractions along the way
and did small fixes to get to the end of the auth module.

- Use more constants for random strings
- Create forcing functions to deal with the upgrades to different
  interfaces
2018-02-04 21:24:55 -08:00
Aaron L
386133a84b Add a way to read values and validate
In order to support multiple different types of requests, there needed
to be an interface to be able to read values from a request, and
subsequently validate them to return any errors.

So we've adjusted the Validator interface to no longer validate a
request but instead validate the object it lives on.

And we've created a new BodyReader interface.
2018-02-04 18:39:25 -08:00