2021-01-04 14:52:13 +01:00
|
|
|
package domain
|
|
|
|
|
|
|
|
|
|
type UserState int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserStateUnspecified UserState = iota
|
|
|
|
|
UserStateActive
|
|
|
|
|
UserStateInactive
|
|
|
|
|
UserStateDeleted
|
|
|
|
|
UserStateLocked
|
|
|
|
|
UserStateSuspend
|
|
|
|
|
UserStateInitial
|
|
|
|
|
|
|
|
|
|
userStateCount
|
|
|
|
|
)
|
|
|
|
|
|
2021-03-19 11:12:56 +01:00
|
|
|
func (s UserState) Exists() bool {
|
|
|
|
|
return s != UserStateUnspecified && s != UserStateDeleted
|
|
|
|
|
}
|
2021-11-23 10:31:23 +01:00
|
|
|
|
2022-10-07 13:56:50 +02:00
|
|
|
func (s UserState) NotDisabled() bool {
|
|
|
|
|
return s == UserStateActive || s == UserStateInitial
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-23 10:31:23 +01:00
|
|
|
type UserType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserTypeUnspecified UserType = iota
|
|
|
|
|
UserTypeHuman
|
|
|
|
|
UserTypeMachine
|
|
|
|
|
userTypeCount
|
|
|
|
|
)
|
|
|
|
|
|
2022-01-19 14:49:50 +01:00
|
|
|
type UserAuthMethodType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
UserAuthMethodTypeUnspecified UserAuthMethodType = iota
|
2023-08-02 18:57:53 +02:00
|
|
|
UserAuthMethodTypeTOTP
|
2022-01-19 14:49:50 +01:00
|
|
|
UserAuthMethodTypeU2F
|
|
|
|
|
UserAuthMethodTypePasswordless
|
2023-06-20 18:23:28 +02:00
|
|
|
UserAuthMethodTypePassword
|
|
|
|
|
UserAuthMethodTypeIDP
|
2023-08-02 18:57:53 +02:00
|
|
|
UserAuthMethodTypeOTPSMS
|
|
|
|
|
UserAuthMethodTypeOTPEmail
|
2022-01-19 14:49:50 +01:00
|
|
|
userAuthMethodTypeCount
|
|
|
|
|
)
|
|
|
|
|
|
2023-07-14 13:16:16 +02:00
|
|
|
// HasMFA checks whether the user authenticated with multiple auth factors.
|
|
|
|
|
// This can either be true if the list contains a [UserAuthMethodType] which by itself is MFA (e.g. [UserAuthMethodTypePasswordless])
|
|
|
|
|
// or if multiple factors were used (e.g. [UserAuthMethodTypePassword] and [UserAuthMethodTypeU2F])
|
|
|
|
|
func HasMFA(methods []UserAuthMethodType) bool {
|
|
|
|
|
var factors int
|
|
|
|
|
for _, method := range methods {
|
|
|
|
|
switch method {
|
|
|
|
|
case UserAuthMethodTypePasswordless:
|
|
|
|
|
return true
|
2023-08-02 18:57:53 +02:00
|
|
|
case UserAuthMethodTypePassword,
|
|
|
|
|
UserAuthMethodTypeU2F,
|
|
|
|
|
UserAuthMethodTypeTOTP,
|
|
|
|
|
UserAuthMethodTypeOTPSMS,
|
|
|
|
|
UserAuthMethodTypeOTPEmail,
|
|
|
|
|
UserAuthMethodTypeIDP:
|
2023-07-14 13:16:16 +02:00
|
|
|
factors++
|
|
|
|
|
case UserAuthMethodTypeUnspecified,
|
|
|
|
|
userAuthMethodTypeCount:
|
|
|
|
|
// ignore
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return factors > 1
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-20 06:06:16 +02:00
|
|
|
// RequiresMFA checks whether the user requires to authenticate with multiple auth factors based on the LoginPolicy and the authentication type.
|
|
|
|
|
// Internal authentication will require MFA if either option is activated.
|
|
|
|
|
// External authentication will only require MFA if it's forced generally and not local only.
|
|
|
|
|
func RequiresMFA(forceMFA, forceMFALocalOnly, isInternalLogin bool) bool {
|
|
|
|
|
if isInternalLogin {
|
|
|
|
|
return forceMFA || forceMFALocalOnly
|
|
|
|
|
}
|
|
|
|
|
return forceMFA && !forceMFALocalOnly
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-08 09:37:28 +01:00
|
|
|
type PersonalAccessTokenState int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
PersonalAccessTokenStateUnspecified PersonalAccessTokenState = iota
|
|
|
|
|
PersonalAccessTokenStateActive
|
|
|
|
|
PersonalAccessTokenStateRemoved
|
|
|
|
|
|
|
|
|
|
personalAccessTokenStateCount
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func (f PersonalAccessTokenState) Valid() bool {
|
|
|
|
|
return f >= 0 && f < personalAccessTokenStateCount
|
|
|
|
|
}
|
