Struct kanidmd_lib::idm::server::IdmServerProxyReadTransaction

pub struct IdmServerProxyReadTransaction<'a> {
    pub qs_read: QueryServerReadTransaction<'a>,
    /* private fields */
}

This contains read-only methods, like getting users, groups and other structured content.

Fields

qs_read: QueryServerReadTransaction<'a>

Implementations

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn account_list_user_auth_tokens( &mut self, lte: &ListUserAuthTokenEvent, ) -> Result<Vec<UatStatus>, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn list_applinks( &mut self, ident: &Identity, ) -> Result<Vec<AppLink>, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn handle_identify_user_start( &mut self, _: &IdentifyUserStartEvent, ) -> Result<IdentifyUserResponse, OperationError>

pub fn handle_identify_user_display_code( &mut self, _: &IdentifyUserDisplayCodeEvent, ) -> Result<IdentifyUserResponse, OperationError>

pub fn handle_identify_user_submit_code( &mut self, _: &IdentifyUserSubmitCodeEvent, ) -> Result<IdentifyUserResponse, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn check_oauth2_authorisation( &self, maybe_ident: Option<&Identity>, auth_req: &AuthorisationRequest, ct: Duration, ) -> Result<AuthoriseResponse, Oauth2Error>

pub fn check_oauth2_authorise_reject( &self, ident: &Identity, consent_token: &str, ct: Duration, ) -> Result<Url, OperationError>

pub fn check_oauth2_token_introspect( &mut self, client_auth_info: &ClientAuthInfo, intr_req: &AccessTokenIntrospectRequest, ct: Duration, ) -> Result<AccessTokenIntrospectResponse, Oauth2Error>

pub fn oauth2_openid_userinfo( &mut self, client_id: &str, token: JwsCompact, ct: Duration, ) -> Result<OidcToken, Oauth2Error>

pub fn oauth2_rfc8414_metadata( &self, client_id: &str, ) -> Result<Oauth2Rfc8414MetadataResponse, OperationError>

pub fn oauth2_openid_discovery( &self, client_id: &str, ) -> Result<OidcDiscoveryResponse, OperationError>

pub fn oauth2_openid_publickey( &self, client_id: &str, ) -> Result<JwkKeySet, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn scim_sync_get_state( &mut self, ident: &Identity, ) -> Result<ScimSyncState, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn jws_public_jwk(&mut self, key_id: &str) -> Result<Jwk, OperationError>

pub fn get_radiusauthtoken( &mut self, rate: &RadiusAuthTokenEvent, ct: Duration, ) -> Result<RadiusAuthToken, OperationError>

pub fn get_unixusertoken( &mut self, uute: &UnixUserTokenEvent, ct: Duration, ) -> Result<UnixUserToken, OperationError>

pub fn get_unixgrouptoken( &mut self, uute: &UnixGroupTokenEvent, ) -> Result<UnixGroupToken, OperationError>

pub fn get_credentialstatus( &mut self, cse: &CredentialStatusEvent, ) -> Result<CredentialStatus, OperationError>

pub fn get_backup_codes( &mut self, rbce: &ReadBackupCodeEvent, ) -> Result<BackupCodesView, OperationError>

impl<'a> IdmServerProxyReadTransaction<'a>

pub fn service_account_list_api_token( &mut self, lte: &ListApiTokenEvent, ) -> Result<Vec<ProtoApiToken>, OperationError>

Trait Implementations

impl<'a> IdmServerTransaction<'a> for IdmServerProxyReadTransaction<'a>

type QsTransactionType = QueryServerReadTransaction<'a>

fn get_qs_txn(&mut self) -> &mut Self::QsTransactionType

fn validate_client_auth_info_to_ident( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<Identity, OperationError>

This is the preferred method to transform and securely verify a token into an identity that can be used for operations and access enforcement. This function is aware of the various classes of tokens that may exist, and can appropriately check them.

fn validate_client_auth_info_to_uat( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<UserAuthToken, OperationError>

This function is not using in authentication flows - it is a reflector of the current session state to allow a user-auth-token to be presented to the user via the whoami call.

fn validate_and_parse_token_to_token( &mut self, jwsu: &JwsCompact, ct: Duration, ) -> Result<Token, OperationError>

fn check_oauth2_account_uuid_valid( &mut self, uuid: Uuid, session_id: Uuid, parent_session_id: Option<Uuid>, iat: i64, ct: Duration, ) -> Result<Option<Arc<Entry<EntrySealed, EntryCommitted>>>, OperationError>

fn process_uat_to_identity( &mut self, uat: &UserAuthToken, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

For any event/operation to proceed, we need to attach an identity to the event for security and access processing. When that event is externally triggered via one of our various api layers, we process some type of account token into this identity. In the current server this is the UserAuthToken. For a UserAuthToken to be provided it MUST have been cryptographically verified meaning it is now a trusted source of data that we previously issued.

fn process_apit_to_identity( &mut self, apit: &ApiToken, source: Source, entry: Arc<EntrySealedCommitted>, ct: Duration, ) -> Result<Identity, OperationError>

fn client_cert_info_entry( &mut self, client_cert_info: &ClientCertInfo, ) -> Result<Arc<EntrySealedCommitted>, OperationError>

fn client_certificate_to_identity( &mut self, client_cert_info: &ClientCertInfo, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

Given a certificate, validate it and discover the associated entry that the certificate relates to. Currently, this relies on mapping the public key sha256 to a stored client certificate, which then links to the owner.

fn client_certificate_to_user_auth_token( &mut self, client_cert_info: &ClientCertInfo, ct: Duration, ) -> Result<UserAuthToken, OperationError>

fn process_ldap_uuid_to_identity( &mut self, uuid: &Uuid, ct: Duration, source: Source, ) -> Result<Identity, OperationError>

fn validate_ldap_session( &mut self, session: &LdapSession, source: Source, ct: Duration, ) -> Result<Identity, OperationError>

fn validate_sync_client_auth_info_to_ident( &mut self, client_auth_info: ClientAuthInfo, ct: Duration, ) -> Result<Identity, OperationError>