pub trait AuthManager:
Send
+ Sync
+ 'static {
// Required method
fn user_token_policies(
&self,
endpoint: &ServerEndpoint,
) -> Vec<UserTokenPolicy>;
// Provided methods
fn authenticate_anonymous_token<'life0, 'life1, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait { ... }
fn authenticate_username_identity_token<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
username: &'life2 str,
password: &'life3 Password,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait { ... }
fn authenticate_x509_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
signing_thumbprint: &'life2 Thumbprint,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn authenticate_issued_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
token: &'life2 ByteString,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>
where 'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait { ... }
fn effective_user_access_level(
&self,
token: &UserToken,
user_access_level: AccessLevel,
node_id: &NodeId,
) -> AccessLevel { ... }
fn is_user_executable(&self, token: &UserToken, method_id: &NodeId) -> bool { ... }
fn supports_anonymous(&self, endpoint: &ServerEndpoint) -> bool { ... }
fn supports_user_pass(&self, endpoint: &ServerEndpoint) -> bool { ... }
fn supports_x509(&self, endpoint: &ServerEndpoint) -> bool { ... }
fn supports_issued_token(&self, endpoint: &ServerEndpoint) -> bool { ... }
fn core_permissions(&self, token: &UserToken) -> CoreServerPermissions { ... }
}Expand description
The AuthManager trait is used to let servers control access to the server. It serves two main purposes:
- It validates user credentials and returns a user token. Two clients with the same user token are considered the same user, and have some ability to interfere with each other.
- It uses user tokens to check access levels.
Note that the only async methods are the ones validating access tokens. This means that these methods should load and store any information you need to check user access level down the line.
This is currently the only way to restrict access to core resources. For resources in your own custom node managers you are free to use whatever access regime you want.
Required Methods§
Sourcefn user_token_policies(&self, endpoint: &ServerEndpoint) -> Vec<UserTokenPolicy>
fn user_token_policies(&self, endpoint: &ServerEndpoint) -> Vec<UserTokenPolicy>
Return the valid user token policies for the given endpoint. Only valid tokens will be passed to the authenticator.
Provided Methods§
Sourcefn authenticate_anonymous_token<'life0, 'life1, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
fn authenticate_anonymous_token<'life0, 'life1, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
Self: 'async_trait,
Validate whether an anonymous user is allowed to access the given endpoint. This does not return a user token, all anonymous users share the same special token.
Sourcefn authenticate_username_identity_token<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
username: &'life2 str,
password: &'life3 Password,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
fn authenticate_username_identity_token<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
username: &'life2 str,
password: &'life3 Password,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Self: 'async_trait,
Validate the given username and password for endpoint.
This should return a user token associated with the user, for example the username itself.
Sourcefn authenticate_x509_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
signing_thumbprint: &'life2 Thumbprint,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn authenticate_x509_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
signing_thumbprint: &'life2 Thumbprint,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Validate the signing thumbprint for endpoint.
This should return a user token associated with the user.
Sourcefn authenticate_issued_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
token: &'life2 ByteString,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
fn authenticate_issued_identity_token<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
endpoint: &'life1 ServerEndpoint,
token: &'life2 ByteString,
) -> Pin<Box<dyn Future<Output = Result<UserToken, Error>> + Send + 'async_trait>>where
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Self: 'async_trait,
Validate the given issued identity token for endpoint.
This should return a user token associated with the user.
Sourcefn effective_user_access_level(
&self,
token: &UserToken,
user_access_level: AccessLevel,
node_id: &NodeId,
) -> AccessLevel
fn effective_user_access_level( &self, token: &UserToken, user_access_level: AccessLevel, node_id: &NodeId, ) -> AccessLevel
Return the effective user access level for the given node ID
Sourcefn is_user_executable(&self, token: &UserToken, method_id: &NodeId) -> bool
fn is_user_executable(&self, token: &UserToken, method_id: &NodeId) -> bool
Return whether a method is actually user executable, overriding whatever is returned by the node manager.
Sourcefn supports_anonymous(&self, endpoint: &ServerEndpoint) -> bool
fn supports_anonymous(&self, endpoint: &ServerEndpoint) -> bool
Return whether the endpoint supports anonymous authentication.
Sourcefn supports_user_pass(&self, endpoint: &ServerEndpoint) -> bool
fn supports_user_pass(&self, endpoint: &ServerEndpoint) -> bool
Return whether the endpoint supports username/password authentication.
Sourcefn supports_x509(&self, endpoint: &ServerEndpoint) -> bool
fn supports_x509(&self, endpoint: &ServerEndpoint) -> bool
Return whether the endpoint supports x509-certificate authentication.
Sourcefn supports_issued_token(&self, endpoint: &ServerEndpoint) -> bool
fn supports_issued_token(&self, endpoint: &ServerEndpoint) -> bool
Returns whether the endpoint supports issued-token authentication.
Sourcefn core_permissions(&self, token: &UserToken) -> CoreServerPermissions
fn core_permissions(&self, token: &UserToken) -> CoreServerPermissions
Return the permissions for the core server for the given user.