1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-24 05:17:10 +02:00

23 Commits

Author SHA1 Message Date
Aaron L
9dc8f7711c Add DeleteAllSession to mock 2019-07-11 00:47:56 -07:00
frederikhors
7e3ad2a691
Update client_state.go 2019-01-08 13:47:18 +01:00
Aaron L
ca3933ab81 Merge remote-tracking branch 'offline-gmbh/master' into dev 2018-12-31 09:53:08 -08:00
Tobias Kündig
74d60ddf98
Forward call to Hijack()
This change makes sure that the `http.Hijacker` interface remains implemented
when using the `LoadClientStateMiddleware`.
2018-12-31 17:01:12 +01:00
Aaron L
ca066a55b5 Add DelAllSession method
In order to prevent leaking of session values (and to avoid the mess of
deleting the entire session cookie which could still have values we want
in it) this nuclear method is now called by expire/logout with a
whitelist of keys to keep (passed in from
Config.Storage.SessionWhitelistKeys).
2018-12-17 23:03:55 -08:00
Aaron L
931ccfba1f Add twofactor setup e-mail validation options 2018-11-01 22:49:25 -07:00
Aaron L
8213e87e83 Rewrite docs to 80 cols
- Fix #183
2018-09-15 15:39:26 -07:00
Aaron L
ff72602e76 Merge branch 'otp-twofactor' into v2 2018-08-31 11:44:00 -07:00
Aaron L
735cbb1ec5 Add totp2fa module 2018-08-22 21:34:38 -07:00
Aaron L
0085c8354b Fix error handling in client state middleware
- Fix #181
2018-08-16 09:35:33 -07:00
Aaron L
d14fcc14d9 Change error message to be more clear 2018-08-16 08:25:30 -07:00
Aaron L
48e83e1a2a WIP 2018-07-17 07:09:38 -07:00
Aaron L
c38f79490b Increase testing coverage.
- Missed some actual tests, added them.
- Added a bunch of useless tests to increase coverage. Guilty as
  charged.
2018-05-14 14:27:33 -07:00
Aaron L
ee4b2658d5 Finish TODOs 2018-03-09 13:11:08 -08:00
Aaron L
634892e29c Fix breakages from last commit 2018-03-07 16:41:58 -08:00
Aaron L
37ace55579 Clean up context and client state
- Remove extraneous http.ResponseWriter from all read-only queries
  against the request context (for the ClientState)
- Instead of using a context.Context on the ClientStateResponseWriter
  just store variables for the things we'd like to store, it should be
  less expensive and it's much easier to work with and more clear.
- Save the loaded client state into both the ResponseWriter itself and
  the Request context, the ResponseWriter will store them simply to send
  them into the WriteState() method later on, the Request will store
  them to be able to query data.
2018-03-07 16:21:37 -08:00
Aaron L
2137c827d3 Fix tests back up again.
- Remove a test that was obsoleted by optimizations. Not 100% sure this
  is correct, but it seems like if nothing has changed since the
  previous session/cookie read then we shouldn't need to write any new
  headers for them. This is especially true in the typical "I use
  cookies for everything" use case, but may not be true of other use
  cases... Remains to be seen. Since they're optimizations they should
  be able to removed "safely" later.
2018-02-14 15:16:44 -08:00
Aaron L
23e1e849d3 Move expiry module
- Remove the errors from User interfaces
2018-02-14 14:18:03 -08:00
Aaron L
726204d809 Fix some inconsistencies in clientstate
- Add a ClientStateMiddleware that loads the client state into the
  request context and prepares a ClientStateResponseWriter for
  downstream handlers
- Clean up some of the handling around session and cookie state, for
  example don't write if there are no events to be processed
- Redo the Defaultts() method for config to be useful again.
- Prefix LogoutMethod with Auth to be consistent
2018-02-04 23:28:31 -08:00
Aaron L
de1c2ed081 Get tests working after latest refactors
- Change changelog format to use keepachangelog standard
- Refactor the config to be made of substructs to help organize all the
  pieces
- Add the new interfaces to the configuration
- Clean up module loading (no unnecessary reflection to create new value)
- Change User interface to have a Get/SetPID not E-mail/Username, this
  way we don't ever have to refer to one or the other, we just always
  assume pid. In the case of Confirm/Recover we'll have to make a GetEmail
  or there won't be a way for us to get the e-mail to send to.
- Delete the xsrf nonsense in the core
2018-02-01 15:42:48 -08:00
Aaron L
b33e47a97c Re(move) swaths of code
- Document more things
- Remove module code
- Remove callbacks code
- Remove data makers, flash messages, and context providers in exchange
  for middlewares that use context (unwritten)
- Move more implementations (responses, redirector, router) to defaults
  package
- Rename key interfaces (again), Storer -> User, StoreLoader ->
  ServerStorer (opposite of ClientStateStorer) if this is the last time
  I rename these I'll be shocked
2018-01-31 17:07:11 -08:00
Aaron L
c8457d818d Add ability to wrap responsewriters indefinitely 2018-01-29 11:35:47 -08:00
Aaron L
24fc6196c7 Introduce new type of client storage
- This addresses the problem of having to update multiple times during
  one request. It's hard to have a nice interface especially with JWT
  because you always end up having to decode the request, encode new
  response, write header, then a second write to it comes, and where do
  you grab the value from? Often you don't have access to the response
  as a "read" structure. So we store it as events instead, and play
  those events against the original data right before the response is
  written to set the headers.
2017-02-24 16:45:47 -08:00