Struct kanidmd_lib::idm::server::IdmServerAuthTransaction

source · 
pub struct IdmServerAuthTransaction<'a> {
    pub qs_read: QueryServerReadTransaction<'a>,
    /* private fields */
}
Expand description

Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.

Fields§

§qs_read: QueryServerReadTransaction<'a>

Implementations§

source§

impl<'a> IdmServerAuthTransaction<'a>

source

pub async fn application_auth_ldap( &mut self, lae: &LdapApplicationAuthEvent, ct: Duration, ) -> Result<Option<LdapBoundToken>, OperationError>

source§

impl<'a> IdmServerAuthTransaction<'a>

source

pub async fn reauth_init( &mut self, ident: Identity, issue: AuthIssueSession, ct: Duration, client_auth_info: ClientAuthInfo, ) -> Result<AuthResult, OperationError>

source§

impl<'a> IdmServerAuthTransaction<'a>

source

pub fn get_origin(&self) -> &Url

source

pub async fn expire_auth_sessions(&mut self, ct: Duration)

source

pub async fn auth( &mut self, ae: &AuthEvent, ct: Duration, client_auth_info: ClientAuthInfo, ) -> Result<AuthResult, OperationError>

source

pub async fn auth_unix( &mut self, uae: &UnixUserAuthEvent, ct: Duration, ) -> Result<Option<UnixUserToken>, OperationError>

source

pub async fn auth_ldap( &mut self, lae: &LdapAuthEvent, ct: Duration, ) -> Result<Option<LdapBoundToken>, OperationError>

source

pub async fn token_auth_ldap( &mut self, lae: &LdapTokenAuthEvent, ct: Duration, ) -> Result<Option<LdapBoundToken>, OperationError>

source

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations§

source§

impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a>

source§

type QsTransactionType = QueryServerReadTransaction<'a>

source§

fn get_qs_txn(&mut self) -> &mut Self::QsTransactionType

source§

fn validate_client_auth_info_to_ident( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<Identity, OperationError>

This is the preferred method to transform and securely verify a token into an identity that can be used for operations and access enforcement. This function is aware of the various classes of tokens that may exist, and can appropriately check them. Read more
source§

fn validate_client_auth_info_to_uat( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<UserAuthToken, OperationError>

This function is not using in authentication flows - it is a reflector of the current session state to allow a user-auth-token to be presented to the user via the whoami call.
source§

fn validate_and_parse_token_to_token( &mut self, jwsu: &JwsCompact, ct: Duration, ) -> Result<Token, OperationError>

source§

fn check_oauth2_account_uuid_valid( &mut self, uuid: Uuid, session_id: Uuid, parent_session_id: Option<Uuid>, iat: i64, ct: Duration, ) -> Result<Option<Arc<Entry<EntrySealed, EntryCommitted>>>, OperationError>

source§

fn process_uat_to_identity( &mut self, uat: &UserAuthToken, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

For any event/operation to proceed, we need to attach an identity to the event for security and access processing. When that event is externally triggered via one of our various api layers, we process some type of account token into this identity. In the current server this is the UserAuthToken. For a UserAuthToken to be provided it MUST have been cryptographically verified meaning it is now a trusted source of data that we previously issued. Read more
source§

fn process_apit_to_identity( &mut self, apit: &ApiToken, source: Source, entry: Arc<EntrySealedCommitted>, ct: Duration, ) -> Result<Identity, OperationError>

source§

fn client_cert_info_entry( &mut self, client_cert_info: &ClientCertInfo, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

source§

fn client_certificate_to_identity( &mut self, client_cert_info: &ClientCertInfo, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

Given a certificate, validate it and discover the associated entry that the certificate relates to. Currently, this relies on mapping the public key sha256 to a stored client certificate, which then links to the owner. Read more
source§

fn client_certificate_to_user_auth_token( &mut self, client_cert_info: &ClientCertInfo, ct: Duration, ) -> Result<UserAuthToken, OperationError>

source§

fn process_ldap_uuid_to_identity( &mut self, uuid: &Uuid, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

source§

fn validate_ldap_session( &mut self, session: &LdapSession, source: Source, ct: Duration, ) -> Result<Identity, OperationError>

source§

fn validate_sync_client_auth_info_to_ident( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<Identity, OperationError>

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<'a, T> AsTaggedExplicit<'a> for T
where T: 'a,

§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self>

§

impl<'a, T> AsTaggedImplicit<'a> for T
where T: 'a,

§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self>

source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<T> IntoRequest<T> for T

source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more