Documentation ¶
Index ¶
- Constants
- Variables
- func CleanAndWait(inst *instance.Instance, toClean []CleanEntry) error
- func DecryptBufferWithKey(decryptorKey *keymgmt.NACLKey, encryptedBuffer []byte) ([]byte, error)
- func DecryptCredentials(encryptedData string) (login, password string, err error)
- func DecryptCredentialsData(encryptedData string) (interface{}, error)
- func DecryptCredentialsWithKey(decryptorKey *keymgmt.NACLKey, encryptedCreds []byte) (login, password string, err error)
- func EncryptBufferWithKey(encryptorKey *keymgmt.NACLKey, buf []byte) ([]byte, error)
- func EncryptCredentials(login, password string) (string, error)
- func EncryptCredentialsData(data interface{}) (string, error)
- func EncryptCredentialsWithKey(encryptorKey *keymgmt.NACLKey, login, password string) (string, error)
- func GetTriggers(jobsSystem job.JobSystem, db prefixer.Prefixer, accountID string) ([]job.Trigger, error)
- func PushAccountDeletedJob(jobsSystem job.JobSystem, db prefixer.Prefixer, ...) (*job.Job, error)
- type Account
- type AccountType
- func (at *AccountType) Clone() couchdb.Doc
- func (at *AccountType) DocType() string
- func (at *AccountType) HasSecretGrant() bool
- func (at *AccountType) ID() string
- func (at *AccountType) MakeOauthStartURL(i *instance.Instance, state string, params url.Values) (string, error)
- func (at *AccountType) MakeReconnectURL(i *instance.Instance, state string, params url.Values) (string, error)
- func (at *AccountType) RedirectURI(i *instance.Instance) string
- func (at *AccountType) RefreshAccount(a Account) error
- func (at *AccountType) RequestAccessToken(i *instance.Instance, accessCode, state, nonce string) (*Account, error)
- func (at *AccountType) Rev() string
- func (at *AccountType) ServiceID() string
- func (at *AccountType) SetID(id string)
- func (at *AccountType) SetRev(rev string)
- type BasicInfo
- type CleanEntry
- type OauthInfo
Constants ¶
const ( AuthorizationCode = "authorization_code" ImplicitGrant = "token" ImplicitGrantRedirectURL = "token_redirect_url" BIWebauth = "bi_webauth" BIWebauthAndSecret = "bi_webauth+secret" SecretGrant = "secret" )
Various grant types
- AuthorizationCode is the server-side grant type.
- ImplicitGrant is the implicit grant type
- ImplicitGrantRedirectURL is the implicit grant type but with redirect_url instead of redirect_uri
- BIWebauth is the specific webauth protocol from Budget Insight
- SecretGrant is for other secrets (not OAuth)
- BIWebauthAndSecret is a combination of BIWebauth and SecretGrant
const ( FormTokenAuthMode = "form" BasicTokenAuthMode = "basic" GetTokenAuthMode = "get" )
Token Request authentication modes for AuthorizationCode grant type normal is through form parameters some services requires it as Basic
Variables ¶
var ( // ErrBadCredentials is used when an account credentials cannot be decrypted ErrBadCredentials = errors.New("accounts: bad credentials") )
var ErrUnrefreshable = errors.New("this account can not be refreshed")
ErrUnrefreshable is the error when an account type or information within an account does not allow refreshing it.
var RefreshToken = "refresh_token"
RefreshToken is the refresh grant type
Functions ¶
func CleanAndWait ¶
func CleanAndWait(inst *instance.Instance, toClean []CleanEntry) error
CleanAndWait deletes the accounts. If an account is for a konnector with "on_delete_account", a job is pushed and it waits for the job success to continue. Finally, the associated trigger can be deleted.
func DecryptBufferWithKey ¶
DecryptBufferWithKey takes an encrypted buffer and decrypts it using the given private key.
func DecryptCredentials ¶
DecryptCredentials takes an encrypted credentials, constiting of a login / password pair, and decrypts it using the vault private key.
func DecryptCredentialsData ¶
DecryptCredentialsData takes an encryted buffer and decrypts and decode its content.
func DecryptCredentialsWithKey ¶
func DecryptCredentialsWithKey(decryptorKey *keymgmt.NACLKey, encryptedCreds []byte) (login, password string, err error)
DecryptCredentialsWithKey takes an encrypted credentials, constiting of a login / password pair, and decrypts it using the given private key.
func EncryptBufferWithKey ¶
EncryptBufferWithKey encrypts the given bytee buffer with the specified encryption key.
func EncryptCredentials ¶
EncryptCredentials encrypts the given credentials with the specified encryption key.
func EncryptCredentialsData ¶
EncryptCredentialsData takes any json encodable data and encode and encrypts it using the vault public key.
func EncryptCredentialsWithKey ¶
func EncryptCredentialsWithKey(encryptorKey *keymgmt.NACLKey, login, password string) (string, error)
EncryptCredentialsWithKey takes a login / password and encrypts their values using the vault public key.
func GetTriggers ¶
func GetTriggers(jobsSystem job.JobSystem, db prefixer.Prefixer, accountID string) ([]job.Trigger, error)
GetTriggers returns the list of triggers associated with the given accountID. In particular, the stack will need to remove them when the account is deleted.
func PushAccountDeletedJob ¶
func PushAccountDeletedJob(jobsSystem job.JobSystem, db prefixer.Prefixer, accountID, accountRev, konnector string) (*job.Job, error)
PushAccountDeletedJob adds a job for the given account and konnector with the AccountDeleted flag, to allow the konnector to clear the account remotely.
Types ¶
type Account ¶
type Account struct { DocID string `json:"_id,omitempty"` DocRev string `json:"_rev,omitempty"` Name string `json:"name"` AccountType string `json:"account_type"` DefaultFolderPath string `json:"defaultFolderPath,omitempty"` FolderPath string `json:"folderPath,omitempty"` // Legacy Token string `json:"token,omitempty"` // Used by bi-aggregator Basic *BasicInfo `json:"auth,omitempty"` Oauth *OauthInfo `json:"oauth,omitempty"` Extras map[string]interface{} `json:"oauth_callback_results,omitempty"` Relationships map[string]interface{} `json:"relationships,omitempty"` Data map[string]interface{} `json:"data,omitempty"` Metadata *metadata.CozyMetadata `json:"cozyMetadata,omitempty"` // When an account is deleted, the stack cleans the triggers and calls its // konnector to clean the account remotely (when available). It is done via // a hook on deletion, but when the konnector is removed, this cleaning is // done manually before uninstalling the konnector, and this flag is used // to not try doing the cleaning in the hook as it is already too late (the // konnector is no longer available). ManualCleaning bool `json:"manual_cleaning,omitempty"` }
Account holds configuration information for an account
type AccountType ¶
type AccountType struct { DocID string `json:"_id,omitempty"` DocRev string `json:"_rev,omitempty"` Slug string `json:"slug,omitempty"` // OAuth parameters GrantMode string `json:"grant_mode,omitempty"` ClientID string `json:"client_id,omitempty"` ClientSecret string `json:"client_secret,omitempty"` AuthEndpoint string `json:"auth_endpoint,omitempty"` ReconnectEndpoint string `json:"reconnect_endpoint,omitempty"` TokenEndpoint string `json:"token_endpoint,omitempty"` TokenAuthMode string `json:"token_mode,omitempty"` RegisteredRedirectURI string `json:"redirect_uri,omitempty"` ExtraAuthQuery map[string]string `json:"extras,omitempty"` SkipRedirectURI bool `json:"skip_redirect_uri_on_authorize,omitempty"` SkipState bool `json:"skip_state_on_token,omitempty"` // Other secrets that can be used by the konnectors Secret interface{} `json:"secret,omitempty"` // For sending notifications via Firebase Cloud Messaging AndroidAPIKey string `json:"android_api_key"` }
AccountType holds configuration information for
func FindAccountTypesBySlug ¶
func FindAccountTypesBySlug(slug, contextName string) ([]*AccountType, error)
FindAccountTypesBySlug returns the AccountType documents for the given slug
func TypeInfo ¶
func TypeInfo(id, contextName string) (*AccountType, error)
TypeInfo returns the AccountType document for a given id
func (*AccountType) DocType ¶
func (at *AccountType) DocType() string
DocType implements couchdb.Doc
func (*AccountType) HasSecretGrant ¶
func (at *AccountType) HasSecretGrant() bool
HasSecretGrant tells if the account type has non-OAuth secrets.
func (*AccountType) ID ¶
func (at *AccountType) ID() string
ID is used to implement the couchdb.Doc interface
func (*AccountType) MakeOauthStartURL ¶
func (at *AccountType) MakeOauthStartURL(i *instance.Instance, state string, params url.Values) (string, error)
MakeOauthStartURL returns the url at which direct the user to start the oauth flow
func (*AccountType) MakeReconnectURL ¶
func (at *AccountType) MakeReconnectURL(i *instance.Instance, state string, params url.Values) (string, error)
MakeReconnectURL returns the url at which the user can be redirected for a BI webauth reconnect flow.
func (*AccountType) RedirectURI ¶
func (at *AccountType) RedirectURI(i *instance.Instance) string
RedirectURI returns the redirectURI for an account, it can be either the
func (*AccountType) RefreshAccount ¶
func (at *AccountType) RefreshAccount(a Account) error
RefreshAccount requires a new AccessToken using the RefreshToken as specified in https://tools.ietf.org/html/rfc6749#section-6
func (*AccountType) RequestAccessToken ¶
func (at *AccountType) RequestAccessToken(i *instance.Instance, accessCode, state, nonce string) (*Account, error)
RequestAccessToken asks the service an access token https://tools.ietf.org/html/rfc6749#section-4
func (*AccountType) Rev ¶
func (at *AccountType) Rev() string
Rev is used to implement the couchdb.Doc interface
func (*AccountType) ServiceID ¶
func (at *AccountType) ServiceID() string
ServiceID is the ID, without the (optional) context prefix
func (*AccountType) SetID ¶
func (at *AccountType) SetID(id string)
SetID is used to implement the couchdb.Doc interface
func (*AccountType) SetRev ¶
func (at *AccountType) SetRev(rev string)
SetRev is used to implement the couchdb.Doc interface
type BasicInfo ¶
type BasicInfo struct { Login string `json:"login,omitempty"` Email string `json:"email,omitempty"` // used in some accounts instead of login Password string `json:"password,omitempty"` // used when no encryption EncryptedCredentials string `json:"credentials_encrypted,omitempty"` }
BasicInfo holds configuration information for an user/pass account
type CleanEntry ¶
type CleanEntry struct { Account *Account Triggers []job.Trigger ManifestOnDelete bool // the manifest of the konnector has a field "on_delete_account" Slug string }
CleanEntry is a struct with an account and its associated trigger.
type OauthInfo ¶
type OauthInfo struct { AccessToken string `json:"access_token,omitempty"` TokenType string `json:"token_type,omitempty"` ExpiresAt time.Time `json:"expires_at,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ClientID string `json:"client_id,omitempty"` ClientSecret string `json:"client_secret,omitempty"` Query *url.Values `json:"query,omitempty"` }
OauthInfo holds configuration information for an oauth account