BasicOIDC/src/constants.rs

use std::time::Duration;

/// File in storage containing users list
pub const USERS_LIST_FILE: &str = "users.json";

/// File in storage containing clients list
pub const CLIENTS_LIST_FILE: &str = "clients.yaml";

/// File in storage containing providers list
pub const PROVIDERS_LIST_FILE: &str = "providers.yaml";

/// Default built-in credentials
pub const DEFAULT_ADMIN_USERNAME: &str = "admin";
pub const DEFAULT_ADMIN_PASSWORD: &str = "admin";

/// App name
pub const APP_NAME: &str = "Basic OIDC";

/// Maximum session duration after inactivity, in seconds
pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;

/// Maximum session duration (6 hours)
pub const MAX_SESSION_DURATION: u64 = 3600 * 6;

/// Maximum length of a second factor name
pub const MAX_SECOND_FACTOR_NAME_LEN: usize = 25;

/// When the user successfully authenticate using 2FA, period of time during which the user is
/// exempted from this IP address to use 2FA
pub const SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN: u64 = 7 * 24 * 3600;

/// The maximum acceptable interval of time between last two factors authentication of a user and
/// access to a critical route / a critical client
pub const SECOND_FACTOR_EXPIRATION_FOR_CRITICAL_OPERATIONS: u64 = 60 * 10;

/// Minimum password length
pub const MIN_PASS_LEN: usize = 4;

/// The name of the cookie used to store session information
pub const SESSION_COOKIE_NAME: &str = "auth-cookie";

/// Authenticated routes prefix
pub const AUTHENTICATED_ROUTES: &str = "/settings";

/// Admin routes prefix
pub const ADMIN_ROUTES: &str = "/admin";

/// Auth route
pub const LOGIN_ROUTE: &str = "/login";

/// Bruteforce protection
pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;
pub const MAX_FAILED_LOGIN_ATTEMPTS: usize = 15;
pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);

/// Temporary password length
pub const TEMPORARY_PASSWORDS_LEN: usize = 20;

/// Open ID routes
pub const AUTHORIZE_URI: &str = "/openid/authorize";
pub const TOKEN_URI: &str = "/openid/token";
pub const CERT_URI: &str = "/openid/jwks_uri";
pub const USERINFO_URI: &str = "/openid/userinfo";

/// Open ID constants
pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const OPEN_ID_SESSION_LEN: usize = 40;
pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;
pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;
pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;
pub const OPEN_ID_ACCESS_TOKEN_TIMEOUT: u64 = 3600;
pub const OPEN_ID_REFRESH_TOKEN_LEN: usize = 120;
pub const OPEN_ID_REFRESH_TOKEN_TIMEOUT: u64 = 360000;

/// Webauthn constants
pub const WEBAUTHN_REGISTER_CHALLENGE_EXPIRE: u64 = 3600;
pub const WEBAUTHN_LOGIN_CHALLENGE_EXPIRE: u64 = 3600;

/// OpenID providers login state constants
pub const OIDC_STATES_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);
pub const MAX_OIDC_PROVIDERS_STATES: usize = 10;
pub const OIDC_PROVIDERS_STATE_LEN: usize = 40;
pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;

/// OpenID providers configuration constants
pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;

/// OpenID provider callback URI
pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";
Automatically clean failed login attempts 2022-04-03 14:45:25 +00:00			`use std::time::Duration;`

Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`/// File in storage containing users list`
			`pub const USERS_LIST_FILE: &str = "users.json";`

Load a list of clients 2022-04-06 15:18:06 +00:00			`/// File in storage containing clients list`
			`pub const CLIENTS_LIST_FILE: &str = "clients.yaml";`

Add authentication from upstream providers (#107) Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...) Reviewed-on: https://gitea.communiquons.org/pierre/BasicOIDC/pulls/107 2023-04-27 10:10:28 +00:00			`/// File in storage containing providers list`
			`pub const PROVIDERS_LIST_FILE: &str = "providers.yaml";`

Automatically create admin on first start 2022-03-29 17:32:31 +00:00			`/// Default built-in credentials`
			`pub const DEFAULT_ADMIN_USERNAME: &str = "admin";`
Ready to implement login page 2022-03-30 08:29:10 +00:00			`pub const DEFAULT_ADMIN_PASSWORD: &str = "admin";`

			`/// App name`
Refactor sessions management 2022-04-01 20:51:33 +00:00			`pub const APP_NAME: &str = "Basic OIDC";`

			`/// Maximum session duration after inactivity, in seconds`
Update actix_identity 2022-07-22 10:21:38 +00:00			`pub const MAX_INACTIVITY_DURATION: u64 = 60 * 30;`
Refactor sessions management 2022-04-01 20:51:33 +00:00
Delegate session lifetime to `actix-identity` crate 2022-04-02 15:17:54 +00:00			`/// Maximum session duration (6 hours)`
Update actix_identity 2022-07-22 10:21:38 +00:00			`pub const MAX_SESSION_DURATION: u64 = 3600 * 6;`
Can request new user password on login 2022-04-02 06:30:01 +00:00
Log all user actions on stdout 2022-11-19 12:38:24 +00:00			`/// Maximum length of a second factor name`
			`pub const MAX_SECOND_FACTOR_NAME_LEN: usize = 25;`

Start to create 2FA exemption after successful 2FA login 2022-11-12 09:24:00 +00:00			`/// When the user successfully authenticate using 2FA, period of time during which the user is`
			`/// exempted from this IP address to use 2FA`
			`pub const SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN: u64 = 7 * 24 * 3600;`

Need to perform 2FA before modifying factors 2024-03-27 18:26:07 +00:00			`/// The maximum acceptable interval of time between last two factors authentication of a user and`
			`/// access to a critical route / a critical client`
			`pub const SECOND_FACTOR_EXPIRATION_FOR_CRITICAL_OPERATIONS: u64 = 60 * 10;`

Can request new user password on login 2022-04-02 06:30:01 +00:00			`/// Minimum password length`
Add max session duration 2022-04-02 13:30:08 +00:00			`pub const MIN_PASS_LEN: usize = 4;`

Get identity from middleware 2022-04-02 15:03:51 +00:00			`/// The name of the cookie used to store session information`
Redirect anonymous user from authenticated pages 2022-04-02 15:44:10 +00:00			`pub const SESSION_COOKIE_NAME: &str = "auth-cookie";`

			`/// Authenticated routes prefix`
			`pub const AUTHENTICATED_ROUTES: &str = "/settings";`

			`/// Admin routes prefix`
			`pub const ADMIN_ROUTES: &str = "/admin";`

			`/// Auth route`
Format code 2022-04-03 13:50:49 +00:00			`pub const LOGIN_ROUTE: &str = "/login";`
Start to implement brute force protection 2022-04-03 14:21:09 +00:00
			`/// Bruteforce protection`
			`pub const KEEP_FAILED_LOGIN_ATTEMPTS_FOR: u64 = 3600;`
Enable bruteforce protection on login endpoint 2022-04-03 15:33:01 +00:00			`pub const MAX_FAILED_LOGIN_ATTEMPTS: usize = 15;`
Can create user accounts 2022-04-07 16:59:48 +00:00			`pub const FAIL_LOGIN_ATTEMPT_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);`

			`/// Temporary password length`
Check OpenID request parameters 2022-04-09 09:30:23 +00:00			`pub const TEMPORARY_PASSWORDS_LEN: usize = 20;`

			`/// Open ID routes`
Save open id session 2022-04-09 10:18:59 +00:00			`pub const AUTHORIZE_URI: &str = "/openid/authorize";`
Add `/openid/token` route 2022-04-12 18:40:44 +00:00			`pub const TOKEN_URI: &str = "/openid/token";`
Emit id_token 2022-04-13 17:07:58 +00:00			`pub const CERT_URI: &str = "/openid/jwks_uri";`
Start to build userinfo endpoint 2022-04-14 16:39:18 +00:00			`pub const USERINFO_URI: &str = "/openid/userinfo";`
Save open id session 2022-04-09 10:18:59 +00:00
			`/// Open ID constants`
			`pub const OPEN_ID_SESSION_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);`
			`pub const OPEN_ID_SESSION_LEN: usize = 40;`
			`pub const OPEN_ID_AUTHORIZATION_CODE_LEN: usize = 120;`
			`pub const OPEN_ID_AUTHORIZATION_CODE_TIMEOUT: u64 = 300;`
Reduce access tokens length 2022-04-15 18:16:02 +00:00			`pub const OPEN_ID_ACCESS_TOKEN_LEN: usize = 50;`
Add `/openid/token` route 2022-04-12 18:40:44 +00:00			`pub const OPEN_ID_ACCESS_TOKEN_TIMEOUT: u64 = 3600;`
			`pub const OPEN_ID_REFRESH_TOKEN_LEN: usize = 120;`
Add expiration to webauthn challenges 2022-04-23 18:22:32 +00:00			`pub const OPEN_ID_REFRESH_TOKEN_TIMEOUT: u64 = 360000;`

			`/// Webauthn constants`
			`pub const WEBAUTHN_REGISTER_CHALLENGE_EXPIRE: u64 = 3600;`
Merge factors type for authentication 2022-11-11 11:26:02 +00:00			`pub const WEBAUTHN_LOGIN_CHALLENGE_EXPIRE: u64 = 3600;`
Add authentication from upstream providers (#107) Let BasicOIDC delegate authentication to upstream providers (Google, GitHub, GitLab, Keycloak...) Reviewed-on: https://gitea.communiquons.org/pierre/BasicOIDC/pulls/107 2023-04-27 10:10:28 +00:00
			`/// OpenID providers login state constants`
			`pub const OIDC_STATES_CLEANUP_INTERVAL: Duration = Duration::from_secs(60);`
			`pub const MAX_OIDC_PROVIDERS_STATES: usize = 10;`
			`pub const OIDC_PROVIDERS_STATE_LEN: usize = 40;`
			`pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;`

			`/// OpenID providers configuration constants`
			`pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;`

			`/// OpenID provider callback URI`
			`pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";`