Struct kanidmd_lib::idm::server::IdmServerAuthTransaction

pub struct IdmServerAuthTransaction<'a> {
    pub qs_read: QueryServerReadTransaction<'a>,
    /* private fields */
}

Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.

Fields

qs_read: QueryServerReadTransaction<'a>

Implementations

impl<'a> IdmServerAuthTransaction<'a>

pub async fn expire_auth_sessions(&mut self, ct: Duration)

pub async fn auth(
    &mut self,
    ae: &AuthEvent,
    ct: Duration
) -> Result<AuthResult, OperationError>

pub async fn auth_unix(
    &mut self,
    uae: &UnixUserAuthEvent,
    ct: Duration
) -> Result<Option<UnixUserToken>, OperationError>

pub async fn token_auth_ldap(
    &mut self,
    lae: &LdapTokenAuthEvent,
    ct: Duration
) -> Result<Option<LdapBoundToken>, OperationError>

pub async fn auth_ldap(
    &mut self,
    lae: &LdapAuthEvent,
    ct: Duration
) -> Result<Option<LdapBoundToken>, OperationError>

pub fn commit(self) -> Result<(), OperationError>

Trait Implementations

impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a>

type QsTransactionType = QueryServerReadTransaction<'a>

fn get_qs_txn(&self) -> &Self::QsTransactionType

fn get_uat_validator_txn(&self) -> &JwsValidator

fn validate_and_parse_token_to_ident(
    &self,
    token: Option<&str>,
    ct: Duration
) -> Result<Identity, OperationError>

This is the preferred method to transform and securely verify a token into an identity that can be used for operations and access enforcement. This function is aware of the various classes of tokens that may exist, and can appropriately check them.

fn validate_and_parse_token_to_uat(
    &self,
    token: Option<&str>,
    ct: Duration
) -> Result<UserAuthToken, OperationError>

fn validate_and_parse_token_to_token(
    &self,
    token: Option<&str>,
    ct: Duration
) -> Result<Token, OperationError>

fn validate_and_parse_uat(
    &self,
    token: Option<&str>,
    ct: Duration
) -> Result<UserAuthToken, OperationError>

fn check_account_uuid_valid(
    &self,
    uuid: &Uuid,
    ct: Duration
) -> Result<Option<Account>, OperationError>

fn process_uat_to_identity(
    &self,
    uat: &UserAuthToken,
    ct: Duration
) -> Result<Identity, OperationError>

For any event/operation to proceed, we need to attach an identity to the event for security and access processing. When that event is externally triggered via one of our various api layers, we process some type of account token into this identity. In the current server this is the UserAuthToken. For a UserAuthToken to be provided it MUST have been cryptographically verified meaning it is now a trusted source of data that we previously issued.

fn process_apit_to_identity(
    &self,
    apit: &ApiToken,
    entry: Arc<EntrySealedCommitted>,
    ct: Duration
) -> Result<Identity, OperationError>

fn validate_ldap_session(
    &self,
    session: &LdapSession,
    ct: Duration
) -> Result<Identity, OperationError>

fn validate_and_parse_sync_token_to_ident(
    &self,
    token: Option<&str>,
    ct: Duration
) -> Result<Identity, OperationError>