techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
c5c6bda8b0
authelia/internal/session/user_session.go
James Elliott ef549f851d
feat(oidc): add additional config options, accurate token times, and refactoring (#1991) 
* This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes.
* Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. 
* Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-04 09:44:30 +10:00

52 lines
1.6 KiB
Go
Raw Blame History

package session
import (
"errors"
"time"
"github.com/authelia/authelia/internal/authentication"
"github.com/authelia/authelia/internal/authorization"
)
// NewDefaultUserSession create a default user session.
func NewDefaultUserSession() UserSession {
return UserSession{
KeepMeLoggedIn: false,
AuthenticationLevel: authentication.NotAuthenticated,
LastActivity: 0,
}
}
// SetOneFactor sets the expected property values for one factor authentication.
func (s *UserSession) SetOneFactor(now time.Time, details *authentication.UserDetails, keepMeLoggedIn bool) {
s.FirstFactorAuthnTimestamp = now.Unix()
s.LastActivity = now.Unix()
s.AuthenticationLevel = authentication.OneFactor
s.KeepMeLoggedIn = keepMeLoggedIn
s.Username = details.Username
s.DisplayName = details.DisplayName
s.Groups = details.Groups
s.Emails = details.Emails
}
// SetTwoFactor sets the expected property values for two factor authentication.
func (s *UserSession) SetTwoFactor(now time.Time) {
s.SecondFactorAuthnTimestamp = now.Unix()
s.LastActivity = now.Unix()
s.AuthenticationLevel = authentication.TwoFactor
}
// AuthenticatedTime returns the unix timestamp this session authenticated successfully at the given level.
func (s UserSession) AuthenticatedTime(level authorization.Level) (authenticatedTime time.Time, err error) {
switch level {
case authorization.OneFactor:
return time.Unix(s.FirstFactorAuthnTimestamp, 0), nil
case authorization.TwoFactor:
return time.Unix(s.SecondFactorAuthnTimestamp, 0), nil
default:
return time.Unix(0, 0), errors.New("invalid authorization level")
}
}
Reference in New Issue View Git Blame Copy Permalink