Skip to content

web.auth.authentication.email #

Email authentication module

Module to verify user email by sending the user a link.The functions in the module can be implemented manually in a web server, but the recommended way is simply to use the API.

API

Examples

  • see publisher/view/auth_controllers

fn new #

fn new(config AuthenticatorConfig) !Authenticator

fn new_controller #

fn new_controller(params ControllerParams) Controller

fn new_database_backend #

fn new_database_backend(config DatabaseBackendConfig) !DatabaseBackend

factory for

fn new_stateless_authenticator #

fn new_stateless_authenticator(authenticator StatelessAuthenticator) !StatelessAuthenticator

fn (DatabaseBackend) create_auth_session #

fn (auth DatabaseBackend) create_auth_session(session_ AuthSession) !

fn (DatabaseBackend) read_auth_session #

fn (auth DatabaseBackend) read_auth_session(email string) ?AuthSession

fn (DatabaseBackend) update_auth_session #

fn (auth DatabaseBackend) update_auth_session(session AuthSession) !

fn (DatabaseBackend) set_session_authenticated #

fn (auth DatabaseBackend) set_session_authenticated(email string) !

fn (DatabaseBackend) delete_auth_session #

fn (auth DatabaseBackend) delete_auth_session(email string) !

struct AttemptResult #

struct AttemptResult {
pub:
	authenticated bool
	attempts_left int
	time_left     time.Time
}

result of an authentication attempt returns time and attempts remaining

struct AuthAttempt #

struct AuthAttempt {
pub:
	ip      string
	address string
	cypher  string
}

struct AuthSession #

struct AuthSession {
pub mut:
	email         string
	timeout       time.Time
	auth_code     string // hex representation of 64 bytes
	attempts_left int = 3
	authenticated bool
}

Is initialized when an auth link is sent Represents the state of the authentication session

struct AuthenticationAttempt #

struct AuthenticationAttempt {
pub:
	email      string
	expiration time.Time
	signature  string
}

struct AuthenticationMail #

struct AuthenticationMail {
	RedirectURLs
pub:
	to          string // email address being authentcated
	from        string = 'email_authenticator@crystallib.tf'
	subject     string = 'Verify your email'
	body        string = 'Please verify your email by clicking the link below'
	callback    string // callback url of authentication link
	success_url string // where the user will be redirected upon successful authentication
	failure_url string // where the user will be redirected upon failed authentication
}

struct Authenticator #

@[noinit]
struct Authenticator {
	secret string
mut:
	config  SmtpConfig @[required]
	backend IBackend // Backend for authenticator
}

Creates and updates, authenticates email authentication sessions

fn (Authenticator) email_authentication #

fn (mut auth Authenticator) email_authentication(config SendMailConfig) !

fn (Authenticator) send_verification_mail #

fn (mut auth Authenticator) send_verification_mail(config SendMailConfig) !

sends mail with verification link

fn (Authenticator) authenticate_login_attempt #

fn (mut auth Authenticator) authenticate_login_attempt(attempt LoginAttempt) !

sends mail with login link

fn (Authenticator) authenticate #

fn (mut auth Authenticator) authenticate(email string, cypher string) !

authenticates if email/cypher combo correct within timeout and remaining attemts

Todo: address based request limits recognition to prevent brute

Todo: max allowed request per seccond to prevent dos

fn (Authenticator) await_authentication #

fn (mut auth Authenticator) await_authentication(params AwaitAuthParams) !

function to check if an email is authenticated

fn (Authenticator) is_authenticated #

fn (mut auth Authenticator) is_authenticated(email string) !bool

function to check if an email is authenticated

struct AuthenticatorConfig #

@[params]
struct AuthenticatorConfig {
	secret  string
	smtp    SmtpConfig
	backend IBackend
}

struct AwaitAuthParams #

struct AwaitAuthParams {
	email   string @[required]
	timeout time.Duration = 3 * time.minute
}

struct Controller #

@[heap]
struct Controller {
	vweb.Context
	callback string @[vweb_global]
mut:
	authenticator Authenticator @[vweb_global]
}

email authentication controller that be be added to vweb projects

fn (Controller) send_verification_mail #

fn (mut app Controller) send_verification_mail() !vweb.Result

route responsible for verifying email, email form should be posted here

fn (Controller) is_verified #

fn (mut app Controller) is_verified() vweb.Result

route responsible for verifying email, email form should be posted here

fn (Controller) email_authentication #

fn (mut app Controller) email_authentication() vweb.Result

route responsible for verifying email, email form should be posted here

fn (Controller) verify #

fn (mut app Controller) verify() vweb.Result

route responsible for verifying email, email form should be posted here

fn (Controller) authenticate #

fn (mut app Controller) authenticate() !vweb.Result

struct ControllerParams #

@[params]
struct ControllerParams {
	logger        &log.Logger
	authenticator Authenticator @[required]
}

struct DatabaseBackendConfig #

@[params]
struct DatabaseBackendConfig {
	db_path string = 'email_authenticator.sqlite'
}

struct EmailClient #

struct EmailClient {
	url string @[required]
}

session controller that be be added to vweb projects

fn (EmailClient) email_authentication #

fn (client EmailClient) email_authentication(params SendMailConfig) !

verify_email posts an email verification req to the email auth controller

fn (EmailClient) is_verified #

fn (client EmailClient) is_verified(address string) !bool

verify_email posts an email verification req to the email auth controller

fn (EmailClient) send_verification_email #

fn (client EmailClient) send_verification_email(params SendMailConfig) !

send_verification_email posts an email verification req to the email auth controller

fn (EmailClient) authenticate #

fn (c EmailClient) authenticate(address string, cypher string) !AttemptResult

authenticate posts an authentication attempt req to the email auth controller

struct LoginAttempt #

struct LoginAttempt {
pub:
	email      string
	expiration time.Time
	signature  string
}

struct RedirectURLs #

@[params]
struct RedirectURLs {
pub:
	success_url string
	failure_url string
}

struct SendMailConfig #

@[params]
struct SendMailConfig {
	email string
	mail  VerificationMail
	link  string
}

struct SmtpConfig #

struct SmtpConfig {
	server   string
	from     string
	port     int
	username string
	password string
}

struct StatelessAuthenticator #

struct StatelessAuthenticator {
pub:
	secret string
pub mut:
	mail_client MailClient
}

fn (StatelessAuthenticator) send_authentication_mail #

fn (mut a StatelessAuthenticator) send_authentication_mail(mail AuthenticationMail) !

fn (StatelessAuthenticator) authenticate #

fn (auth StatelessAuthenticator) authenticate(attempt AuthenticationAttempt) !

sends mail with login link

struct VerificationMail #

struct VerificationMail {
pub:
	from    string = 'email_authenticator@spiderlib.ff'
	subject string = 'Verify your email'
	body    string = 'Please verify your email by clicking the link below'
}