twofactor

Documentation

Overview

Package twofactor provides authentication strategy, to authenticate HTTP requests based on one time password(otp).

Example

package main

import (
	"context"
	"fmt"
	"net/http"

	"github.com/shaj13/go-guardian/v2/auth"
	"github.com/shaj13/go-guardian/v2/auth/strategies/basic"
	"github.com/shaj13/go-guardian/v2/auth/strategies/twofactor"
	"github.com/shaj13/go-guardian/v2/otp"
)

type OTPManager struct{}

func (OTPManager) Enabled(_ auth.Info) bool { return true }

func (OTPManager) Load(_ auth.Info) (twofactor.Verifier, error) {
	// user otp configuration must be loaded from persistent storage
	key := otp.NewKey(otp.HOTP, "LABEL", "GXNRHI2MFRFWXQGJHWZJFOSYI6E7MEVA")
	ver := otp.New(key)
	return ver, nil
}

func (OTPManager) Store(_ auth.Info, o twofactor.Verifier) error {
	// persist user otp after verification
	fmt.Println("Failures: ", o.(*otp.Verifier).Failures)
	return nil
}

func main() {
	strategy := twofactor.TwoFactor{
		Parser:  twofactor.XHeaderParser("X-Example-OTP"),
		Manager: OTPManager{},
		Primary: basic.New(
			func(ctx context.Context, r *http.Request, userName, password string) (auth.Info, error) {
				return auth.NewDefaultUser("example", "1", nil, nil), nil
			},
		),
	}

	r, _ := http.NewRequest("GET", "/", nil)
	r.SetBasicAuth("example", "example")
	r.Header.Set("X-Example-OTP", "345515")

	info, err := strategy.Authenticate(r.Context(), r)
	fmt.Println(info.GetUserName(), err)

}

Output:

Failures:  0
example <nil>

Index

• Variables
• type Manager
• type Parser
  • func CookieParser(key string) Parser
  • func JSONBodyParser(key string) Parser
  • func QueryParser(key string) Parser
  • func XHeaderParser(header string) Parser
• type TwoFactor
  • func (t TwoFactor) Authenticate(ctx context.Context, r *http.Request) (auth.Info, error)
• type Verifier

Examples

• Package

Variables

var ErrInvalidOTP = errors.New("strategies/twofactor: Invalid one time password")

ErrInvalidOTP is returned by twofactor strategy, When the user-supplied an invalid one time password and verification process failed.

var ErrMissingOTP = errors.New("strategies/twofactor: One-time password missing or empty")

ErrMissingOTP is returned by Parser, When one-time password missing or empty in HTTP request.

Types

type Manager

type Manager interface {
	// Enabled check if two factor for user enabled.
	Enabled(user auth.Info) bool
	// Load return user OTP Verifier or error.
	Load(user auth.Info) (Verifier, error)
	// Store user OTP Verifier.
	Store(user auth.Info, v Verifier) error
}

Manager load and store user OTP Verifier.

type Parser

type Parser interface {
	GetOTP(r *http.Request) (string, error)
}

Parser parse and extract one-time password from incoming HTTP request.

func CookieParser

func CookieParser(key string) Parser

CookieParser return a one-time password parser, where otp extracted form HTTP Cookie.

func JSONBodyParser

func JSONBodyParser(key string) Parser

JSONBodyParser return a one-time password parser, where otp extracted form request body.

func QueryParser

func QueryParser(key string) Parser

QueryParser return a one-time password parser, where otp extracted form HTTP query string.

func XHeaderParser

func XHeaderParser(header string) Parser

XHeaderParser return a one-time password parser, where otp extracted form "X-" header.

type TwoFactor

type TwoFactor struct {
	// Primary strategy that authenticates the user before verifying the one time password.
	// The primary strategy Typically of type basic or LDAP.
	Primary auth.Strategy
	Parser  Parser
	Manager Manager
}

TwoFactor represents two factor authentication strategy.

func (TwoFactor) Authenticate

func (t TwoFactor) Authenticate(ctx context.Context, r *http.Request) (auth.Info, error)

Authenticate returns user info or error by authenticating request using primary strategy, and then verifying one-time password.

type Verifier

type Verifier interface {
	// Verify user one-time password.
	Verify(pin string) (bool, error)
}

Verifier represents one-time password verification.