otp

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2025 License: AGPL-3.0, MIT Imports: 16 Imported by: 0

Documentation

Overview

Package otp (one-time passwords) provides a simple, clean, and idiomatic way for generating and verifying one-time passwords for both HOTP and TOTP defined in RFC 4226 and 6238.

Example
package main

import (
	"fmt"

	"github.com/shaj13/go-guardian/v2/otp"
)

func main() {
	key, _ := otp.NewKeyFromRaw("otpauth://hotp/TEST?secret=GXNRHI2MFRFWXQGJHWZJFOSYI6E7MEVA")
	verifier := otp.New(key)
	ok, err := verifier.Verify("345515")
	fmt.Println(ok, err)
}
Output:

true <nil>

Index

Examples

Constants

View Source
const (
	// SHA1 represents the SHA1 algorithm name.
	SHA1 = HashAlgorithm("SHA1")
	// SHA256 represents the SHA256 algorithm name.
	SHA256 = HashAlgorithm("SHA256")
	// SHA512 represents the SHA512 algorithm name.
	SHA512 = HashAlgorithm("SHA512")
)
View Source
const (
	// TOTP represents totp, defined in RFC 6238
	TOTP = Type("totp")
	// HOTP represents hotp, defined in RFC 4266
	HOTP = Type("hotp")
)

Variables

View Source
var ErrMaxAttempts = errors.New("OTP: Max attempts reached, Account locked out")

ErrMaxAttempts is returned by Verifier, When the verification failures count equal the max attempts.

View Source
var ErrWeakSecretSize = errors.New("Weak secret size, The shared secret MUST be at least 128 bits")

ErrWeakSecretSize is returned by GenerateSecret, when input secret size does not meet RFC 4226 requirements.

Functions

func GenerateOTP

func GenerateOTP(secret string, counter uint64, algo HashAlgorithm, dig Digits) (string, error)

GenerateOTP return one time password or an error if occurs The function compliant with RFC 4226, and implemented as mentioned in section 5.3 See https://tools.ietf.org/html/rfc4226#section-5.3

func GenerateSecret

func GenerateSecret(size uint) (string, error)

GenerateSecret return base32 random generated secret. Size must be in bytes length, if size does not meet RFC 4226 requirements ErrWeakSecretSize returned.

Types

type Digits

type Digits int

Digits represents the length of OTP.

const (
	// SixDigits of OTP.
	SixDigits Digits = 6
	// EightDigits of OTP
	EightDigits Digits = 8
)

func (Digits) String

func (d Digits) String() string

String describe Digits as a string

type HashAlgorithm

type HashAlgorithm string

HashAlgorithm represents the hashing function to use in the HMAC

func (HashAlgorithm) Hasher

func (h HashAlgorithm) Hasher() func() hash.Hash

Hasher returns a function create new hash.Hash.

func (HashAlgorithm) String

func (h HashAlgorithm) String() string

String describe HashAlgorithm as string

type Key

type Key struct{ *url.URL }

Key represnt Uri Format for OTP See https://github.com/google/google-authenticator/wiki/Key-Uri-Format

func NewKey

func NewKey(t Type, label, secret string) *Key

NewKey return's new Key.

func NewKeyFromRaw

func NewKeyFromRaw(raw string) (*Key, error)

NewKeyFromRaw return's key from raw string.

func (*Key) AccountName

func (k *Key) AccountName() string

AccountName returns the name of the user's account.

func (*Key) Algorithm

func (k *Key) Algorithm() HashAlgorithm

Algorithm return the hashing Algorithm name

func (*Key) Counter

func (k *Key) Counter() uint64

Counter return initial counter value. for provisioning a key for use with HOTP // if type not a hopt the returned value is 0

func (*Key) Digits

func (k *Key) Digits() Digits

Digits returns the length of pin code.

func (*Key) Issuer

func (k *Key) Issuer() string

Issuer returns a string value indicating the provider or service.

func (*Key) IssuerLabelPrefix

func (k *Key) IssuerLabelPrefix() string

IssuerLabelPrefix returns a string value indicating the provider or service extracted from label.

func (*Key) Label

func (k *Key) Label() string

Label returns the label for the Key.

func (*Key) Period

func (k *Key) Period() uint64

Period that a TOTP code will be valid for, in seconds. The default value is 30. if type not a topt the returned value is 0

func (*Key) Secret

func (k *Key) Secret() string

Secret returns the secret for the Key.

func (*Key) SetAlgorithm

func (k *Key) SetAlgorithm(algo HashAlgorithm)

SetAlgorithm set hash algorithm in key.

func (*Key) SetCounter

func (k *Key) SetCounter(count uint64)

SetCounter value in key . if type not a hopt the set operation ignored.

func (*Key) SetDigits

func (k *Key) SetDigits(d Digits)

SetDigits value in key.

func (*Key) SetIssuer

func (k *Key) SetIssuer(issuer string)

SetIssuer value in key.

func (*Key) SetLabel

func (k *Key) SetLabel(label string)

SetLabel value in key.

func (*Key) SetPeriod

func (k *Key) SetPeriod(p uint64)

SetPeriod value in key. if type not a hopt the set operation ignored.

func (*Key) SetSecret

func (k *Key) SetSecret(secret string)

SetSecret value in key.

func (*Key) SetType

func (k *Key) SetType(t Type)

SetType vaule in key.

func (*Key) Type

func (k *Key) Type() Type

Type returns the type for the Key (totp, hotp).

type Type

type Type string

Type represent OTP type (TOTP, HOTP)

type VerificationDisabledError

type VerificationDisabledError time.Duration

VerificationDisabledError is returned by Verifier when the password verification process disabled for a period of time.

func (VerificationDisabledError) Error

Error returns string describe verification process disabled for a period of time.

type Verifier

type Verifier struct {
	// EnableLockout enable or disable lockout mechanism
	// Default true
	EnableLockout bool
	// LockOutStartAt define in what attempt number, lockout mechanism start to work.
	// Default  0
	LockOutStartAt uint
	// LockOutDelay define delay window to disable password verification process default 30
	// the formula is delay * failed Attempts as described in RFC 4226 section-7.3.
	LockOutDelay uint
	// MaxAttempts define max attempts of verification failures to lock the account default 3.
	MaxAttempts uint

	// Failures represents the count of verification failures.
	Failures uint
	// Skew define periods before or after the current counter to allow,
	// which allow compare OTPs not only with,
	// the receiving timestamp but also the past timestamps that are within,
	// the transmission delay, as described in RFC 6238 section-5.2
	// Default 1.
	//
	// Warning: A larger Skew would expose a larger window for attacks.
	Skew uint
	// DealyTime represents time until password verification process re-enabled.
	DealyTime time.Time
	// Key represnt Uri Format for OTP.
	Key *Key
	// contains filtered or unexported fields
}

Verifier represents one-time password verification for both HOTP and TOTP.

func New

func New(key *Key) *Verifier

New return's new Verifier, with defaults values.

func (*Verifier) GenerateOTP

func (v *Verifier) GenerateOTP() (string, error)

GenerateOTP return one time password or an error if occurs The Method is alias for GenerateOTP Function.

func (*Verifier) Verify

func (v *Verifier) Verify(otp string) (bool, error)

Verify one-time password.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL