Struct kanidmd_lib::idm::server::IdmServerAuthTransaction
source · [−]pub struct IdmServerAuthTransaction<'a> {
pub qs_read: QueryServerReadTransaction<'a>,
/* private fields */
}Expand description
Contains methods that require writes, but in the context of writing to the idm in memory structures (maybe the query server too). This is things like authentication.
Fields
qs_read: QueryServerReadTransaction<'a>Implementations
sourceimpl<'a> IdmServerAuthTransaction<'a>
impl<'a> IdmServerAuthTransaction<'a>
pub async fn expire_auth_sessions(&mut self, ct: Duration)
pub async fn auth(
&mut self,
ae: &AuthEvent,
ct: Duration
) -> Result<AuthResult, OperationError>
pub async fn auth_unix(
&mut self,
uae: &UnixUserAuthEvent,
ct: Duration
) -> Result<Option<UnixUserToken>, OperationError>
pub async fn token_auth_ldap(
&mut self,
lae: &LdapTokenAuthEvent,
ct: Duration
) -> Result<Option<LdapBoundToken>, OperationError>
pub async fn auth_ldap(
&mut self,
lae: &LdapAuthEvent,
ct: Duration
) -> Result<Option<LdapBoundToken>, OperationError>
pub fn commit(self) -> Result<(), OperationError>
Trait Implementations
sourceimpl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a>
impl<'a> IdmServerTransaction<'a> for IdmServerAuthTransaction<'a>
type QsTransactionType = QueryServerReadTransaction<'a>
fn get_qs_txn(&self) -> &Self::QsTransactionType
fn get_uat_validator_txn(&self) -> &JwsValidator
sourcefn validate_and_parse_token_to_ident(
&self,
token: Option<&str>,
ct: Duration
) -> Result<Identity, OperationError>
fn validate_and_parse_token_to_ident(
&self,
token: Option<&str>,
ct: Duration
) -> Result<Identity, OperationError>
This is the preferred method to transform and securely verify a token into
an identity that can be used for operations and access enforcement. This
function is aware of the various classes of tokens that may exist, and can
appropriately check them. Read more
fn validate_and_parse_token_to_uat(
&self,
token: Option<&str>,
ct: Duration
) -> Result<UserAuthToken, OperationError>
fn validate_and_parse_token_to_token(
&self,
token: Option<&str>,
ct: Duration
) -> Result<Token, OperationError>
fn validate_and_parse_uat(
&self,
token: Option<&str>,
ct: Duration
) -> Result<UserAuthToken, OperationError>
fn check_oauth2_account_uuid_valid(
&self,
uuid: Uuid,
session_id: Uuid,
parent_session_id: Uuid,
iat: i64,
ct: Duration
) -> Result<Option<Account>, OperationError>
sourcefn process_uat_to_identity(
&self,
uat: &UserAuthToken,
ct: Duration
) -> Result<Identity, OperationError>
fn process_uat_to_identity(
&self,
uat: &UserAuthToken,
ct: Duration
) -> Result<Identity, OperationError>
For any event/operation to proceed, we need to attach an identity to the
event for security and access processing. When that event is externally
triggered via one of our various api layers, we process some type of
account token into this identity. In the current server this is the
UserAuthToken. For a UserAuthToken to be provided it MUST have been
cryptographically verified meaning it is now a trusted source of
data that we previously issued. Read more
fn process_apit_to_identity(
&self,
apit: &ApiToken,
entry: Arc<EntrySealedCommitted>,
ct: Duration
) -> Result<Identity, OperationError>
fn validate_ldap_session(
&self,
session: &LdapSession,
ct: Duration
) -> Result<Identity, OperationError>
fn validate_and_parse_sync_token_to_ident(
&self,
token: Option<&str>,
ct: Duration
) -> Result<Identity, OperationError>
Auto Trait Implementations
impl<'a> !RefUnwindSafe for IdmServerAuthTransaction<'a>
impl<'a> Send for IdmServerAuthTransaction<'a>
impl<'a> Sync for IdmServerAuthTransaction<'a>
impl<'a> Unpin for IdmServerAuthTransaction<'a>
impl<'a> !UnwindSafe for IdmServerAuthTransaction<'a>
Blanket Implementations
sourceimpl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more