package auth
import (
"fmt"
"git.phc.dm.unipi.it/phc/website/model"
)
// ErrInvalidSession is thrown when an AuthenticatorService is given a missing
// or invalid session token
var ErrInvalidSession = fmt . Errorf ( ` invalid session token ` )
// Service is an authentication service abstraction. When a user is logged in a
// new session token is returned, this can be used to read and modify user
// properties without having to re-send the user password. (TODO: implement
// token renewal)
type Service interface {
// GetUser retrieves the user info given the username
GetUser ( username string ) ( * model . User , error )
// GetUsers retrieves the full user list from the authentication service
GetUsers ( ) ( [ ] * model . User , error )
// GetSession retrieves the user session associated to a session token
GetSession ( token string ) ( * model . Session , error )
// Login tries to log in a user given username and password and if successful returns a new user session
Login ( username , password string ) ( * model . Session , error )
}
// UserForSession returns the user linked to the given session token, this is just a shortcut for calling [AuthenticatorService.GetSession] and then [AuthenticatorService.GetUser]
func UserForSession ( as Service , token string ) ( * model . User , error ) {
session , err := as . GetSession ( token )
if err != nil {
return nil , err
}
user , err := as . GetUser ( session . Username )
if err != nil {
return nil , err
}
return user , nil
}
// NewDefaultService create an AuthenticatorService given an "host" string,
// If host is ":memory:" then this uses the [auth.Memory] implementation,
// otherwise for now this defaults to [auth.LDAPAuthService]
func NewDefaultService ( host string ) Service {
if host == ":memory:" {
return exampleMemoryUsers
}
return newLDAPAuthService ( host )
}