1
0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-28 08:58:38 +02:00
Commit Graph

286 Commits

Author SHA1 Message Date
Aaron L
d752b6bb98 Doc fixes and ensure proper default config 2018-03-09 14:46:33 -08:00
Aaron L
ee4b2658d5 Finish TODOs 2018-03-09 13:11:08 -08:00
Aaron L
e9631e54b7 Remove commented tests 2018-03-08 18:41:44 -08:00
Aaron L
1112987bce Rewrite oauth module
- Tried to be clear about OAuth2 vs OAuth in all places.
- Allow users to be locked from OAuth logins (if done manually for some
  reason other than failed logins)
- Cleaned up some docs and wording around the previously very confusing
  (now hopefully only somewhat confusing) oauth2 module.
2018-03-08 18:39:51 -08:00
Aaron L
634892e29c Fix breakages from last commit 2018-03-07 16:41:58 -08:00
Aaron L
37ace55579 Clean up context and client state
- Remove extraneous http.ResponseWriter from all read-only queries
  against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
  just store variables for the things we'd like to store, it should be
  less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
  the Request context, the ResponseWriter will store them simply to send
  them into the WriteState() method later on, the Request will store
  them to be able to query data.
2018-03-07 16:21:37 -08:00
Aaron L
ce2d3dac09 Make "remember" value passing unobtrusive
- Remove RM context key for Values.
- Add values types and code to be able to pull the remember me bool
  checkbox from the user.
2018-03-07 15:17:22 -08:00
Aaron L
ac3d2846f8 Rewrite the remember module
- Add context keys and storage pieces for remember
2018-03-07 15:13:06 -08:00
Aaron L
792f7381fd Change the form of Middleware functions
- Make this change to make it a bit more chi/alice friendly
  since this is typically the form of middlewares to be constructed
  and then turn into a "middleware" function/type.
2018-03-07 13:01:35 -08:00
Aaron L
ef172b3b37 Extract logout to it's own module
- This may seems silly but the functionality is shared
  between oauth2 and auth with no changes so it makes it nicer
  not to have an oauth2/logout route like before
2018-03-07 11:41:14 -08:00
Aaron L
f071b741da Fix some tests 2018-03-07 11:15:00 -08:00
Aaron L
0eff53792f Fully re-implement recover
- Add back the feature to log in after password recovery
- Add new storer functionality to mocks
- Add RecoveringServerStorer
- Add RecoverableUser
- Add RecoverStartValuer, RecoverMiddleValuer, RecoverEndValuer
- Change storers to differentiate between tokens (recover vs confirm)
- Change BCryptCost to be a generic module configuration (doesn't belong
  to register)
2018-03-05 17:47:11 -08:00
Aaron L
9ef2a06dcb Rewrite the lock module
- Add lock module pieces to those that needed it (mocks/user)
2018-02-27 21:20:55 -08:00
Aaron L
62dd36b71e Remove commented tests 2018-02-27 08:03:47 -08:00
Aaron L
38268f7a6b Finish unfinished middleware 2018-02-27 07:41:01 -08:00
Aaron L
982025bbc3 Finish implementing and testing confirm
- Rejig tests to remember to test the smtp mailer
2018-02-27 07:14:30 -08:00
Aaron L
3638e4f047 Split up users and storers into separate files
- Add storers & users for confirm module
2018-02-25 15:32:27 -08:00
Aaron L
dcd439e45a Adjust mocks and code to fit new register
- Document various gotchas about Preserve fields.
- Move configuration around to the proper modules.
2018-02-25 15:20:57 -08:00
Aaron L
948aa8a115 Finish register module 2018-02-25 15:19:43 -08:00
Aaron L
1068509540 Make auth tests more solid 2018-02-21 12:10:18 -08:00
Aaron L
d4f8d2f292 Finish auth module 2018-02-20 08:58:59 -08:00
Aaron L
77987afb8a Add formatting helpers to loggers 2018-02-16 11:56:47 -08:00
Aaron L
c89ca29827 Remove context and errors from get/set
I have a feeling that I wrote all this fanciness in when the
user was still able to fetch himself from the database. But since
that's been dropped I don't think any of this stuff is necessary.

In terms of setting without an error, we should do validation before
an attempt to save, not every time we set a field. This will just end
up being much nicer error handling, and the database is going to do
it's own validation and we can handle that error in the same way.
2018-02-16 11:27:22 -08:00
Aaron L
7f97d632d0 Clean up defaults package a bit 2018-02-16 09:55:45 -08:00
Aaron L
9eb5731a3d Redo events again
- The purpose of this change is to make it so that a different module
  can hijack the response to the client.
2018-02-16 09:49:07 -08:00
Aaron L
2137c827d3 Fix tests back up again.
- Remove a test that was obsoleted by optimizations. Not 100% sure this
  is correct, but it seems like if nothing has changed since the
  previous session/cookie read then we shouldn't need to write any new
  headers for them. This is especially true in the typical "I use
  cookies for everything" use case, but may not be true of other use
  cases... Remains to be seen. Since they're optimizations they should
  be able to removed "safely" later.
2018-02-14 15:16:44 -08:00
Aaron L
f585b35cfb Move docs in defaults to defaults.go 2018-02-14 15:11:59 -08:00
Aaron L
23e1e849d3 Move expiry module
- Remove the errors from User interfaces
2018-02-14 14:18:03 -08:00
Aaron L
726204d809 Fix some inconsistencies in clientstate
- Add a ClientStateMiddleware that loads the client state into the
  request context and prepares a ClientStateResponseWriter for
  downstream handlers
- Clean up some of the handling around session and cookie state, for
  example don't write if there are no events to be processed
- Redo the Defaultts() method for config to be useful again.
- Prefix LogoutMethod with Auth to be consistent
2018-02-04 23:28:31 -08:00
Aaron L
d4f4f6c443 Rewrite auth module
Discovered many problems with the abstractions along the way
and did small fixes to get to the end of the auth module.

- Use more constants for random strings
- Create forcing functions to deal with the upgrades to different
  interfaces
2018-02-04 21:24:55 -08:00
Aaron L
386133a84b Add a way to read values and validate
In order to support multiple different types of requests, there needed
to be an interface to be able to read values from a request, and
subsequently validate them to return any errors.

So we've adjusted the Validator interface to no longer validate a
request but instead validate the object it lives on.

And we've created a new BodyReader interface.
2018-02-04 18:39:25 -08:00
Aaron L
7119b3a90e Delete now-unused code
- This may come back in a separated default Renderer of some kind.
2018-02-02 15:41:43 -08:00
Aaron L
cf05c8d36b Work on logging and error handling some more 2018-02-02 15:41:24 -08:00
Aaron L
27010d9fe4 Abstract logger and error handling
- Replace the old logging mechanisms with a leveled one. This is
  important as authboss needs to start saying a lot more about what's
  happening in the Info log, which will end up like Debug but that's
  okay.
- Replace the error handling mechanisms with something different. This
  allows people to define their own error handlers.
2018-02-02 12:11:47 -08:00
Aaron L
22e99a9921 Work on the auth module
- Move more *User interfaces into storage.go, no need for them to be in
  each individual module.
2018-02-01 17:23:31 -08:00
Aaron L
8f546fdd7c Revert a change to removing some code
- This code is useful and this commit adds a comment to say why
2018-02-01 17:10:26 -08:00
Aaron L
ad5230a303 Bring back events
- Rename callbacks -> events
- Regenerate stringers.go with later version of stringer
2018-02-01 16:31:08 -08:00
Aaron L
de1c2ed081 Get tests working after latest refactors
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
  pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
  way we don't ever have to refer to one or the other, we just always
  assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
  or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
2018-02-01 15:42:48 -08:00
Aaron L
cbfc1d8388 Fix authboss core tests
- Delete callbacks tests
- Remove some useless code (SendMail), as well as some extra arguments
  in certain functions that didn't require them.
- Remove tests for more code that has been moved to default
  implementations
2018-02-01 11:51:43 -08:00
Aaron L
2db3a3f782 Fix the tests in defaults package
- Make the default responder aggregate data, this allows aggregation of
  data from various middlewares like csrf or extra data for the layout
  without having to have an extra callback function like LayoutDataMaker
  or CRSFMaker
2018-02-01 10:25:54 -08:00
Aaron L
b33e47a97c Re(move) swaths of code
- Document more things
- Remove module code
- Remove callbacks code
- Remove data makers, flash messages, and context providers in exchange
  for middlewares that use context (unwritten)
- Move more implementations (responses, redirector, router) to defaults
  package
- Rename key interfaces (again), Storer -> User, StoreLoader ->
  ServerStorer (opposite of ClientStateStorer) if this is the last time
  I rename these I'll be shocked
2018-01-31 17:07:11 -08:00
Aaron L
59b2874bcd Move validation implementations to defaults
- Add more interfaces for validation
2018-01-29 16:24:42 -08:00
Aaron L
0e9761ddf5 Start moving default implementations 2018-01-29 13:14:55 -08:00
Aaron L
c8457d818d Add ability to wrap responsewriters indefinitely 2018-01-29 11:35:47 -08:00
Aaron L
2b5c85ee16 Import path fixes 2017-07-30 19:42:05 -07:00
Aaron L
a92fb4d069 Re-enable tests, add more tests 2017-03-05 10:03:22 -08:00
Aaron L
24fc6196c7 Introduce new type of client storage
- This addresses the problem of having to update multiple times during
  one request. It's hard to have a nice interface especially with JWT
  because you always end up having to decode the request, encode new
  response, write header, then a second write to it comes, and where do
  you grab the value from? Often you don't have access to the response
  as a "read" structure. So we store it as events instead, and play
  those events against the original data right before the response is
  written to set the headers.
2017-02-24 16:45:47 -08:00
Aaron L
3170cb8068 Ensure we don't re-lookup, cache in context 2017-02-23 16:29:58 -08:00
Aaron L
fa6ba517db More gigantic edits.
- Change response to be more central to Authboss. Make sure it has
  useful methods and works with the new rendering idioms.
- Change the load user methods to all work with context keys, and even
  be able to set context keys on the current request to avoid setting
  contexts everywhere in the code base.
2017-02-23 16:13:25 -08:00
Aaron L
f65d9f6bb6 Fix errors package
- Fix many compilation errors
2017-02-21 15:04:30 -08:00