kanidmd_lib::credential

Struct Credential

source
pub struct Credential { /* private fields */ }
Expand description

This is how we store credentials in the server. An account can have many credentials, and a credential can have many factors. Only successful auth to a credential as a whole unit will succeed. For example: A: Credential { password: aaa } B: Credential { password: bbb, otp: … } In this case, if we selected credential B, and then provided password “aaa” we would deny the auth as the password of B was incorrect. Additionally, while A only needs the “password”, B requires both the password and otp to be valid.

In this way, each Credential provides its own password requirements and policy, and requires some metadata to support this such as it’s source and strength etc.

Implementations§

source§

impl Credential

source

pub fn new_password_only( policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>

Create a new credential that contains a CredentialType::Password

source

pub fn new_generatedpassword_only( policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>

Create a new credential that contains a CredentialType::GeneratedPassword

source

pub fn set_password( &self, policy: &CryptoPolicy, cleartext: &str, ) -> Result<Self, OperationError>

Update the state of the Password on this credential, if a password is present. If possible this will convert the credential to a PasswordMFA in some cases, or fail in others.

source

pub fn upgrade_password( &self, policy: &CryptoPolicy, cleartext: &str, ) -> Result<Option<Self>, OperationError>

source

pub fn append_securitykey( &self, label: String, cred: SecurityKey, ) -> Result<Self, OperationError>

Extend this credential with another alternate webauthn credential. This is especially useful for PasswordMfa where you can have many webauthn credentials and a password generally so that one is a backup.

source

pub fn remove_securitykey(&self, label: &str) -> Result<Self, OperationError>

Remove a webauthn token identified by label from this Credential.

source

pub fn update_webauthn_properties( &self, auth_result: &AuthenticationResult, ) -> Result<Option<Self>, OperationError>

After a successful authentication with Webauthn, we need to advance the credentials counter value to prevent certain classes of replay attacks.

source

pub fn securitykey_ref( &self, ) -> Result<&Map<String, SecurityKey>, OperationError>

Get a reference to the contained webuthn credentials, if any.

source

pub fn passkey_ref(&self) -> Result<&Map<String, Passkey>, OperationError>

source

pub fn password_ref(&self) -> Result<&Password, OperationError>

Get a reference to the contained password, if any.

source

pub fn is_mfa(&self) -> bool

source

pub fn to_db_valuev1(&self) -> DbCred

Extract this credential into it’s Serialisable Database form, ready for persistence.

Trait Implementations§

source§

impl Clone for Credential

source§

fn clone(&self) -> Credential

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Credential

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl From<&Credential> for CredentialDetail

source§

fn from(value: &Credential) -> Self

Converts to this type from the input type.
source§

impl PartialEq for Credential

source§

fn eq(&self, other: &Credential) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl StructuralPartialEq for Credential

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> DynClone for T
where T: Clone,

source§

fn __clone_box(&self, _: Private) -> *mut ()

source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FromRef<T> for T
where T: Clone,

§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> IntoRequest<T> for T

source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more