AuthImpl

mogh_auth_server

Trait AuthImpl 

Source 
pub trait AuthImpl:
    Send
    + Sync
    + 'static {

Show 51 methods    // Required methods
    fn new() -> Self
       where Self: Sized;
    fn get_user(&self, user_id: String) -> DynFuture<Result<BoxAuthUser>>;
    fn handle_request_authentication(
        &self,
        auth: RequestAuthentication,
        require_user_enabled: bool,
        req: Request,
    ) -> DynFuture<Result<Request>>;
    fn jwt_provider(&self) -> &JwtProvider;

    // Provided methods
    fn app_name(&self) -> &'static str { ... }
    fn host(&self) -> &str { ... }
    fn registration_disabled(&self) -> bool { ... }
    fn locked_usernames(&self) -> &'static [String] { ... }
    fn check_username_locked(&self, username: &str) -> Result<()> { ... }
    fn no_users_exist(&self) -> DynFuture<Result<bool>> { ... }
    fn get_user_id_from_request_authentication(
        &self,
        auth: RequestAuthentication,
    ) -> DynFuture<Result<String>> { ... }
    fn passkey_provider(&self) -> Option<&PasskeyProvider> { ... }
    fn general_rate_limiter(&self) -> &RateLimiter { ... }
    fn post_link_redirect(&self) -> &str { ... }
    fn local_auth_enabled(&self) -> bool { ... }
    fn local_auth_bcrypt_cost(&self) -> u32 { ... }
    fn local_login_rate_limiter(&self) -> &RateLimiter { ... }
    fn validate_username(&self, username: &str) -> Result<()> { ... }
    fn validate_password(&self, password: &str) -> Result<()> { ... }
    fn sign_up_local_user(
        &self,
        _username: String,
        _hashed_password: String,
        _no_users_exist: bool,
    ) -> DynFuture<Result<String>> { ... }
    fn find_user_with_username(
        &self,
        _username: String,
    ) -> DynFuture<Result<Option<BoxAuthUser>>> { ... }
    fn update_user_username(
        &self,
        _user_id: String,
        _username: String,
    ) -> DynFuture<Result<()>> { ... }
    fn update_user_password(
        &self,
        _user_id: String,
        _hashed_password: String,
    ) -> DynFuture<Result<()>> { ... }
    fn oidc_config(&self) -> Option<&OidcConfig> { ... }
    fn find_user_with_oidc_subject(
        &self,
        _subject: SubjectIdentifier,
    ) -> DynFuture<Result<Option<BoxAuthUser>>> { ... }
    fn sign_up_oidc_user(
        &self,
        _username: String,
        _subject: SubjectIdentifier,
        _no_users_exist: bool,
    ) -> DynFuture<Result<String>> { ... }
    fn link_oidc_login(
        &self,
        _user_id: String,
        _subject: SubjectIdentifier,
    ) -> DynFuture<Result<()>> { ... }
    fn github_config(&self) -> Option<&NamedOauthConfig> { ... }
    fn find_user_with_github_id(
        &self,
        _github_id: String,
    ) -> DynFuture<Result<Option<BoxAuthUser>>> { ... }
    fn sign_up_github_user(
        &self,
        _username: String,
        _github_id: String,
        _avatar_url: String,
        _no_users_exist: bool,
    ) -> DynFuture<Result<String>> { ... }
    fn link_github_login(
        &self,
        _user_id: String,
        _github_id: String,
        _avatar_url: String,
    ) -> DynFuture<Result<()>> { ... }
    fn google_config(&self) -> Option<&NamedOauthConfig> { ... }
    fn find_user_with_google_id(
        &self,
        _google_id: String,
    ) -> DynFuture<Result<Option<BoxAuthUser>>> { ... }
    fn sign_up_google_user(
        &self,
        _username: String,
        _google_id: String,
        _avatar_url: String,
        _no_users_exist: bool,
    ) -> DynFuture<Result<String>> { ... }
    fn link_google_login(
        &self,
        _user_id: String,
        _google_id: String,
        _avatar_url: String,
    ) -> DynFuture<Result<()>> { ... }
    fn unlink_login(
        &self,
        _user_id: String,
        _provider: LoginProvider,
    ) -> DynFuture<Result<()>> { ... }
    fn update_user_stored_passkey(
        &self,
        _user_id: String,
        _passkey: Option<Passkey>,
    ) -> DynFuture<Result<()>> { ... }
    fn update_user_stored_totp(
        &self,
        _user_id: String,
        _encoded_secret: String,
        _hashed_recovery_codes: Vec<String>,
    ) -> DynFuture<Result<()>> { ... }
    fn remove_user_stored_totp(&self, _user_id: String) -> DynFuture<Result<()>> { ... }
    fn make_totp(
        &self,
        secret_bytes: Vec<u8>,
        account_name: Option<String>,
    ) -> Result<TOTP> { ... }
    fn update_user_external_skip_2fa(
        &self,
        _user_id: String,
        _external_skip_2fa: bool,
    ) -> DynFuture<Result<()>> { ... }
    fn validate_api_key_name(&self, api_key_name: &str) -> Result<()> { ... }
    fn api_key_secret_length(&self) -> usize { ... }
    fn api_secret_bcrypt_cost(&self) -> u32 { ... }
    fn create_api_key(
        &self,
        _user_id: String,
        _body: CreateApiKey,
        _key: String,
        _hashed_secret: String,
    ) -> DynFuture<Result<()>> { ... }
    fn get_api_key_user_id(&self, _key: String) -> DynFuture<Result<String>> { ... }
    fn delete_api_key(&self, _key: String) -> DynFuture<Result<()>> { ... }
    fn server_private_key(&self) -> Option<&RotatableKeyPair> { ... }
    fn create_api_key_v2(
        &self,
        _user_id: String,
        _body: CreateApiKey,
        _public_key: String,
    ) -> DynFuture<Result<()>> { ... }
    fn get_api_key_v2_user_id(
        &self,
        _public_key: String,
    ) -> DynFuture<Result<String>> { ... }
    fn delete_api_key_v2(&self, _public_key: String) -> DynFuture<Result<()>> { ... }

}
Expand description

This trait is implemented at the app level to support custom schemas, storage providers, and business logic.

Required Methods§

Source

fn new() -> Self
where Self: Sized,

Construct the auth implementation for extraction. Only use this at the top level of a client request.

Source

fn get_user(&self, user_id: String) -> DynFuture<Result<BoxAuthUser>>

Get’s the user using the user id, returning UNAUTHORIZED if none exists.

Source

fn handle_request_authentication( &self, auth: RequestAuthentication, require_user_enabled: bool, req: Request, ) -> DynFuture<Result<Request>>

Handle incoming request authentication in middleware. Can attach a client struct as request extension here.

Source

fn jwt_provider(&self) -> &JwtProvider

Get the jwt provider.

Provided Methods§

Source

fn app_name(&self) -> &'static str

Provide a static app name for passkeys.

Source

fn host(&self) -> &str

Provide the app ‘host’ config. This should include the path to where the auth server is nested, Ie if it is nested on /auth, this points to https://example.com/auth

Source

fn registration_disabled(&self) -> bool

Disable new user registration.

Source

fn locked_usernames(&self) -> &'static [String]

Provide usernames to lock credential updates for, such as demo users.

Source

fn check_username_locked(&self, username: &str) -> Result<()>

If the locked usernames includes ‘ALL’, this will always error.

Source

fn no_users_exist(&self) -> DynFuture<Result<bool>>

Allow user to register even when registration is disabled when no users exist. If not implemented, this always evaluates to false and does not change any behavior.

Source

fn get_user_id_from_request_authentication( &self, auth: RequestAuthentication, ) -> DynFuture<Result<String>>

Get user id from request authentication. Used by manage auth api. By default, only RequestAuthentication::UserId (callers using JWT) are allowed to call these APIs, but this can be changed here.

Source

fn passkey_provider(&self) -> Option<&PasskeyProvider>

Get the webauthn passkey provider

Source

fn general_rate_limiter(&self) -> &RateLimiter

Provide a rate limiter for general authenticated requests.

Where to default redirect after linking an external login method.

Source

fn local_auth_enabled(&self) -> bool

Whether local auth is enabled.

Source

fn local_auth_bcrypt_cost(&self) -> u32

Set the password hash bcrypt cost.

Source

fn local_login_rate_limiter(&self) -> &RateLimiter

Local login method can have it’s own rate limiter for 1 to 1 user feedback on remaining attempts. By default uses the general rate limiter.

Source

fn validate_username(&self, username: &str) -> Result<()>

Validate usernames.

Source

fn validate_password(&self, password: &str) -> Result<()>

Validate passwords.

Source

fn sign_up_local_user( &self, _username: String, _hashed_password: String, _no_users_exist: bool, ) -> DynFuture<Result<String>>

Returns created user id, or error. The username and password have already been validated.

Source

fn find_user_with_username( &self, _username: String, ) -> DynFuture<Result<Option<BoxAuthUser>>>

Finds user using the username, returning UNAUTHORIZED if none exists.

Source

fn update_user_username( &self, _user_id: String, _username: String, ) -> DynFuture<Result<()>>

Source

fn update_user_password( &self, _user_id: String, _hashed_password: String, ) -> DynFuture<Result<()>>

Source

fn oidc_config(&self) -> Option<&OidcConfig>

Source

fn find_user_with_oidc_subject( &self, _subject: SubjectIdentifier, ) -> DynFuture<Result<Option<BoxAuthUser>>>

Source

fn sign_up_oidc_user( &self, _username: String, _subject: SubjectIdentifier, _no_users_exist: bool, ) -> DynFuture<Result<String>>

Returns created user id, or error.

Source

fn github_config(&self) -> Option<&NamedOauthConfig>

Source

fn find_user_with_github_id( &self, _github_id: String, ) -> DynFuture<Result<Option<BoxAuthUser>>>

Source

fn sign_up_github_user( &self, _username: String, _github_id: String, _avatar_url: String, _no_users_exist: bool, ) -> DynFuture<Result<String>>

Returns created user id, or error.

Source

fn google_config(&self) -> Option<&NamedOauthConfig>

Source

fn find_user_with_google_id( &self, _google_id: String, ) -> DynFuture<Result<Option<BoxAuthUser>>>

Source

fn sign_up_google_user( &self, _username: String, _google_id: String, _avatar_url: String, _no_users_exist: bool, ) -> DynFuture<Result<String>>

Returns created user id, or error.

Source

fn update_user_stored_passkey( &self, _user_id: String, _passkey: Option<Passkey>, ) -> DynFuture<Result<()>>

If Some(Passkey) is passed, it should be stored, overriding any passkey which was on the User.

If None is passed, the user passkey should be removed, unenrolling the user from passkey 2fa.

Source

fn update_user_stored_totp( &self, _user_id: String, _encoded_secret: String, _hashed_recovery_codes: Vec<String>, ) -> DynFuture<Result<()>>

Source

fn remove_user_stored_totp(&self, _user_id: String) -> DynFuture<Result<()>>

Source

fn make_totp( &self, secret_bytes: Vec<u8>, account_name: Option<String>, ) -> Result<TOTP>

Source

fn update_user_external_skip_2fa( &self, _user_id: String, _external_skip_2fa: bool, ) -> DynFuture<Result<()>>

Source

fn validate_api_key_name(&self, api_key_name: &str) -> Result<()>

Validate api key name.

Source

fn api_key_secret_length(&self) -> usize

Set custom API key length. Default is 40.

Source

fn api_secret_bcrypt_cost(&self) -> u32

Set the api secret hash bcrypt cost.

Source

fn create_api_key( &self, _user_id: String, _body: CreateApiKey, _key: String, _hashed_secret: String, ) -> DynFuture<Result<()>>

Source

fn get_api_key_user_id(&self, _key: String) -> DynFuture<Result<String>>

Source

fn delete_api_key(&self, _key: String) -> DynFuture<Result<()>>

Source

fn server_private_key(&self) -> Option<&RotatableKeyPair>

Pass the server private key to use with api key v2 handshakes.

Source

fn create_api_key_v2( &self, _user_id: String, _body: CreateApiKey, _public_key: String, ) -> DynFuture<Result<()>>

Source

fn get_api_key_v2_user_id( &self, _public_key: String, ) -> DynFuture<Result<String>>

Source

fn delete_api_key_v2(&self, _public_key: String) -> DynFuture<Result<()>>

Implementors§