The LDAP authentication package forwards the credentials in the user session request for authentication with a configured upstream LDAP server This package relies on the two following local database tables: ldap_sessions: Upon successful LDAP response, creates a keyed local copy of the user email ldap_user_api_tokens: User created API tokens, tied to the node, storing user email.

AuthenticateUserByToken returns true on successful authentication of the user against the given Authentication Token.

GetUserRole is the single point of logic for mapping role string to UserRole.

NewSession returns a session instance with ID set to a random ID and LastUsed to now.

NewUser creates a new user by hashing the passed plainPwd with bcrypt.

NewWebAuthnSessionStore returns a new session store.

ValidateAndHashPassword is the single point of logic for user password validations.

ValidateEmail is the single point of logic for user email validations.

https://security.stackexchange.com/questions/39849/does-bcrypt-have-a-maximum-password-length.

ErrEmptySessionID captures the empty case error message.

ErrNotSupported defines the error where interface functionality doesn't align with the underlying Auth Provider.

ErrUserSessionExpired defines the error triggered when the user session has expired.

Changeauth.TokenRequest is sent when updating a User's authentication token.

Session holds the unique id for the authenticated session.

SessionRequest encapsulates the fields needed to generate a new SessionID, including the hashed password.

User holds the credentials for API user.

WebAuthn holds the credentials for API user.

WebAuthnSessionStore is a wrapper around an in memory key value store which provides some helper methods related to webauthn operations.

WebAuthnUser implements the required duo-labs/webauthn/ 'User' interface kept separate from our internal 'User' struct.

AuthenticationProvider is an interface that abstracts the required application calls to a user management backend Currently localauth (users table DB) or LDAP server (readonly).

BasicAdminUsersORM is the interface that defines the functionality required for supporting basic admin functionality adjacent to the identity provider authentication provider implementation.

Application config constant options.