twofactor

package
v2.4.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 19, 2020 License: MIT Imports: 13 Imported by: 33

Documentation

Overview

Package twofactor allows authentication via one time passwords

Index

Constants

View Source
const (
	PageRecovery2FA  = "recovery2fa"
	PageVerify2FA    = "twofactor_verify"
	PageVerifyEnd2FA = "twofactor_verify_end"
)

Page constants

View Source
const (
	EmailVerifyHTML = "twofactor_verify_email_html"
	EmailVerifyTxt  = "twofactor_verify_email_txt"
)

Email constants

View Source
const (
	DataRecoveryCode     = "recovery_code"
	DataRecoveryCodes    = "recovery_codes"
	DataNumRecoveryCodes = "n_recovery_codes"
	DataVerifyEmail      = "email"
	DataVerifyURL        = "url"
)

Data constants

View Source
const (
	FormValueToken = "token"
)

Form value constants

Variables

This section is empty.

Functions

func BCryptRecoveryCodes

func BCryptRecoveryCodes(codes []string) ([]string, error)

BCryptRecoveryCodes hashes each recovery code given and return them in a new slice.

func DecodeRecoveryCodes

func DecodeRecoveryCodes(codes string) []string

DecodeRecoveryCodes is an alias for strings.Split(",")

func EncodeRecoveryCodes

func EncodeRecoveryCodes(codes []string) string

EncodeRecoveryCodes is an alias for strings.Join(",")

func GenerateRecoveryCodes

func GenerateRecoveryCodes() ([]string, error)

GenerateRecoveryCodes creates 10 recovery codes of the form: abd34-1b24do (using alphabet, of length recoveryCodeLength).

func GenerateToken

func GenerateToken() (string, error)

GenerateToken used for authenticating e-mails for 2fa setup

func UseRecoveryCode

func UseRecoveryCode(codes []string, inputCode string) ([]string, bool)

UseRecoveryCode deletes the code that was used from the string slice and returns it, the bool is true if a code was used

Types

type EmailVerify

type EmailVerify struct {
	*authboss.Authboss

	TwofactorKind     string
	TwofactorSetupURL string
}

EmailVerify has a middleware function that prevents access to routes unless e-mail has been verified.

It does this by first setting where the user is coming from and generating an e-mail with a random token. The token is stored in the session.

When the user clicks the e-mail link with the token, the token is confirmed by this middleware and the user is forwarded to the e-mail auth redirect.

func SetupEmailVerify

func SetupEmailVerify(ab *authboss.Authboss, twofactorKind, setupURL string) (EmailVerify, error)

SetupEmailVerify registers routes for a particular 2fa method

func (EmailVerify) End

End confirms the token passed in by the user (by the link in the e-mail)

func (EmailVerify) GetStart

func (e EmailVerify) GetStart(w http.ResponseWriter, r *http.Request) error

GetStart shows the e-mail address and asks you to confirm that you would like to proceed.

func (EmailVerify) PostStart

func (e EmailVerify) PostStart(w http.ResponseWriter, r *http.Request) error

PostStart sends an e-mail and shoves the user's token into the session

func (EmailVerify) SendVerifyEmail

func (e EmailVerify) SendVerifyEmail(ctx context.Context, to, token string)

SendVerifyEmail to the user

func (EmailVerify) Wrap

func (e EmailVerify) Wrap(handler http.Handler) http.Handler

Wrap a route and stop it from being accessed unless the Session2FAAuthed session value is "true".

type EmailVerifyTokenValuer

type EmailVerifyTokenValuer interface {
	authboss.Validator

	GetToken() string
}

EmailVerifyTokenValuer returns a token from the body

func MustHaveEmailVerifyTokenValues

func MustHaveEmailVerifyTokenValues(v authboss.Validator) EmailVerifyTokenValuer

MustHaveEmailVerifyTokenValues upgrades a validatable set of values to ones specific to a user that needs to be recovered.

type Recovery

type Recovery struct {
	*authboss.Authboss
}

Recovery for two-factor authentication is handled by this type

func (*Recovery) GetRegen

func (rc *Recovery) GetRegen(w http.ResponseWriter, r *http.Request) error

GetRegen shows a button that enables a user to regen their codes as well as how many codes are currently remaining.

func (*Recovery) PostRegen

func (rc *Recovery) PostRegen(w http.ResponseWriter, r *http.Request) error

PostRegen regenerates the codes

func (*Recovery) Setup

func (rc *Recovery) Setup() error

Setup the module to provide recovery regeneration routes

type User

type User interface {
	authboss.User

	GetEmail() string
	PutEmail(string)

	// GetRecoveryCodes retrieves a CSV string of bcrypt'd recovery codes
	GetRecoveryCodes() string
	// PutRecoveryCodes uses a single string to store many
	// bcrypt'd recovery codes
	PutRecoveryCodes(codes string)
}

User interface

Directories

Path Synopsis
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Package totp2fa implements two factor auth using time-based one time passwords.
Package totp2fa implements two factor auth using time-based one time passwords.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL