2021-01-04 13:52:13 +00:00
|
|
|
package domain
|
|
|
|
|
|
|
|
|
|
type UserState int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserStateUnspecified UserState = iota
|
|
|
|
|
UserStateActive
|
|
|
|
|
UserStateInactive
|
|
|
|
|
UserStateDeleted
|
|
|
|
|
UserStateLocked
|
|
|
|
|
UserStateSuspend
|
|
|
|
|
UserStateInitial
|
|
|
|
|
|
|
|
|
|
userStateCount
|
|
|
|
|
)
|
|
|
|
|
|
2021-03-19 10:12:56 +00:00
|
|
|
func (s UserState) Exists() bool {
|
|
|
|
|
return s != UserStateUnspecified && s != UserStateDeleted
|
|
|
|
|
}
|
2021-11-23 09:31:23 +00:00
|
|
|
|
2022-10-07 11:56:50 +00:00
|
|
|
func (s UserState) NotDisabled() bool {
|
|
|
|
|
return s == UserStateActive || s == UserStateInitial
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-23 09:31:23 +00:00
|
|
|
type UserType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserTypeUnspecified UserType = iota
|
|
|
|
|
UserTypeHuman
|
|
|
|
|
UserTypeMachine
|
|
|
|
|
userTypeCount
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-19 13:49:50 +00:00
|
|
|
type UserAuthMethodType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserAuthMethodTypeUnspecified UserAuthMethodType = iota
|
2023-08-02 16:57:53 +00:00
|
|
|
UserAuthMethodTypeTOTP
|
2022-01-19 13:49:50 +00:00
|
|
|
UserAuthMethodTypeU2F
|
|
|
|
|
UserAuthMethodTypePasswordless
|
2023-06-20 16:23:28 +00:00
|
|
|
UserAuthMethodTypePassword
|
|
|
|
|
UserAuthMethodTypeIDP
|
2023-08-02 16:57:53 +00:00
|
|
|
UserAuthMethodTypeOTPSMS
|
|
|
|
|
UserAuthMethodTypeOTPEmail
|
2022-01-19 13:49:50 +00:00
|
|
|
userAuthMethodTypeCount
|
|
|
|
|
)
|
|
|
|
|
|
2023-07-14 11:16:16 +00:00
|
|
|
// HasMFA checks whether the user authenticated with multiple auth factors.
|
|
|
|
|
// This can either be true if the list contains a [UserAuthMethodType] which by itself is MFA (e.g. [UserAuthMethodTypePasswordless])
|
|
|
|
|
// or if multiple factors were used (e.g. [UserAuthMethodTypePassword] and [UserAuthMethodTypeU2F])
|
|
|
|
|
func HasMFA(methods []UserAuthMethodType) bool {
|
|
|
|
|
var factors int
|
|
|
|
|
for _, method := range methods {
|
|
|
|
|
switch method {
|
|
|
|
|
case UserAuthMethodTypePasswordless:
|
|
|
|
|
return true
|
2023-08-02 16:57:53 +00:00
|
|
|
case UserAuthMethodTypePassword,
|
|
|
|
|
UserAuthMethodTypeU2F,
|
|
|
|
|
UserAuthMethodTypeTOTP,
|
|
|
|
|
UserAuthMethodTypeOTPSMS,
|
|
|
|
|
UserAuthMethodTypeOTPEmail,
|
|
|
|
|
UserAuthMethodTypeIDP:
|
2023-07-14 11:16:16 +00:00
|
|
|
factors++
|
|
|
|
|
case UserAuthMethodTypeUnspecified,
|
|
|
|
|
userAuthMethodTypeCount:
|
|
|
|
|
// ignore
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return factors > 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 04:06:16 +00:00
|
|
|
// RequiresMFA checks whether the user requires to authenticate with multiple auth factors based on the LoginPolicy and the authentication type.
|
|
|
|
|
// Internal authentication will require MFA if either option is activated.
|
|
|
|
|
// External authentication will only require MFA if it's forced generally and not local only.
|
|
|
|
|
func RequiresMFA(forceMFA, forceMFALocalOnly, isInternalLogin bool) bool {
|
|
|
|
|
if isInternalLogin {
|
|
|
|
|
return forceMFA || forceMFALocalOnly
|
|
|
|
|
}
|
|
|
|
|
return forceMFA && !forceMFALocalOnly
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-08 08:37:28 +00:00
|
|
|
type PersonalAccessTokenState int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
PersonalAccessTokenStateUnspecified PersonalAccessTokenState = iota
|
|
|
|
|
PersonalAccessTokenStateActive
|
|
|
|
|
PersonalAccessTokenStateRemoved
|
|
|
|
|
|
|
|
|
|
personalAccessTokenStateCount
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (f PersonalAccessTokenState) Valid() bool {
|
|
|
|
|
return f >= 0 && f < personalAccessTokenStateCount
|
|
|
|
|
}
|
