otp

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 27, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

README

OTP One passowrd

build

go get github.com/verystar/otp

Documentation

Overview

Package otp implements both HOTP and TOTP based one time passcodes in a Google Authenticator compatible manner.

When adding a TOTP for a user, you must store the "secret" value persistently. It is recommended to store the secret in an encrypted field in your datastore. Due to how TOTP works, it is not possible to store a hash for the secret value like you would a password.

To enroll a user, you must first generate an OTP for them. Google Authenticator supports using a QR code as an enrollment method:

import (
	"github.com/pquerna/otp/totp"

	"bytes"
	"image/png"
)

key, err := totp.Generate(totp.GenerateOpts{
		Issuer: "Example.com",
		AccountName: "alice@example.com",
})

// Convert TOTP key into a QR code encoded as a PNG image.
var buf bytes.Buffer
img, err := key.Image(200, 200)
png.Encode(&buf, img)

// display the QR code to the user.
display(buf.Bytes())

// Now Validate that the user's successfully added the passcode.
passcode := promptForPasscode()
valid := totp.Validate(passcode, key.Secret())

if valid {
	// User successfully used their TOTP, save it to your backend!
	storeSecret("alice@example.com", key.Secret())
}

Validating a TOTP passcode is very easy, just prompt the user for a passcode and retrieve the associated user's previously stored secret.

import "github.com/pquerna/otp/totp"

passcode := promptForPasscode()
secret := getSecret("alice@example.com")

valid := totp.Validate(passcode, secret)

if valid {
	// Success! continue login process.
}

Index

Constants

This section is empty.

Variables

View Source
var ErrGenerateMissingAccountName = errors.New("AccountName must be set")

ErrGenerateMissingAccountName When generating a Key, the Account Name must be set.

View Source
var ErrGenerateMissingIssuer = errors.New("issuer must be set")

ErrGenerateMissingIssuer When generating a Key, the Issuer must be set.

View Source
var ErrValidateInputInvalidLength = errors.New("input length unexpected")

ErrValidateInputInvalidLength The user provided passcode length was not expected.

View Source
var ErrValidateSecretInvalidBase32 = errors.New("decoding of secret as base32 failed")

ErrValidateSecretInvalidBase32 Error when attempting to convert the secret from base32 to raw bytes.

Functions

This section is empty.

Types

type Algorithm

type Algorithm int

Algorithm represents the hashing function to use in the HMAC operation needed for OTPs.

const (
	// AlgorithmSHA1 should be used for compatibility with Google Authenticator.
	//
	// See https://github.com/pquerna/otp/issues/55 for additional details.
	AlgorithmSHA1 Algorithm = iota
	AlgorithmSHA256
	AlgorithmSHA512
	AlgorithmMD5
)

func (Algorithm) Hash

func (a Algorithm) Hash() hash.Hash

func (Algorithm) String

func (a Algorithm) String() string

type Digits

type Digits int

Digits represents the number of digits present in the user's OTP passcode. Six and Eight are the most common values.

const (
	DigitsSix   Digits = 6
	DigitsEight Digits = 8
)

func (Digits) Format

func (d Digits) Format(in int32) string

Format converts an integer into the zero-filled size for these Digits.

func (Digits) Length

func (d Digits) Length() int

Length returns the number of characters for these Digits.

func (Digits) String

func (d Digits) String() string

type Key

type Key struct {
	// contains filtered or unexported fields
}

Key represents an TOTP or HTOP key.

func NewKeyFromURL

func NewKeyFromURL(orig string) (*Key, error)

NewKeyFromURL creates a new Key from an TOTP or HOTP url.

The URL format is documented here:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

func (*Key) AccountName

func (k *Key) AccountName() string

AccountName returns the name of the user's account.

func (*Key) Algorithm

func (k *Key) Algorithm() Algorithm

Algorithm returns the algorithm used or the default (SHA1).

func (*Key) Digits

func (k *Key) Digits() Digits

Digits returns a tiny int representing the number of OTP digits.

func (*Key) Issuer

func (k *Key) Issuer() string

Issuer returns the name of the issuing organization.

func (*Key) Period

func (k *Key) Period() uint64

Period returns a tiny int representing the rotation time in seconds.

func (*Key) Secret

func (k *Key) Secret() string

Secret returns the opaque secret for this Key.

func (*Key) String

func (k *Key) String() string

func (*Key) Type

func (k *Key) Type() string

Type returns "hotp" or "totp".

func (*Key) URL

func (k *Key) URL() string

URL returns the OTP URL as a string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL