Modules§
- Represents a temporary denial of the credential to authenticate. This is used to ratelimit and prevent bruteforcing of accounts. At an initial failure the SoftLock is created and the count set to 1, with a unlock_at set to 1 second later, and a reset_count_at: at a maximum time window for a cycle.
Structs§
- This is how we store credentials in the server. An account can have many credentials, and a credential can have many factors. Only successful auth to a credential as a whole unit will succeed. For example: A: Credential { password: aaa } B: Credential { password: bbb, otp: … } In this case, if we selected credential B, and then provided password “aaa” we would deny the auth as the password of B was incorrect. Additionally, while A only needs the “password”, B requires both the password and otp to be valid.
Enums§
- The type of credential that is stored. Each of these represents a full set of ‘what is required’ to complete an authentication session. The reason to have these typed like this is so we can apply policy later to what classes or levels of credentials can be used. We use these types to also know what type of auth session handler to initiate.