twofactor

package
v2.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 30, 2020 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package twofactor allows authentication via one time passwords

Index

Constants

View Source
const (
	PageRecovery2FA  = "recovery2fa"
	PageVerify2FA    = "twofactor_verify"
	PageVerifyEnd2FA = "twofactor_verify_end"
)

Page constants

View Source
const (
	EmailVerifyHTML = "twofactor_verify_email_html"
	EmailVerifyTxt  = "twofactor_verify_email_txt"
)

Email constants

View Source
const (
	DataRecoveryCode     = "recovery_code"
	DataRecoveryCodes    = "recovery_codes"
	DataNumRecoveryCodes = "n_recovery_codes"
	DataVerifyEmail      = "email"
	DataVerifyURL        = "url"
)

Data constants

View Source
const (
	FormValueToken = "token"
)

Form value constants

Variables

This section is empty.

Functions

func BCryptRecoveryCodes

func BCryptRecoveryCodes(codes []string) ([]string, error)

BCryptRecoveryCodes hashes each recovery code given and return them in a new slice.

func DecodeRecoveryCodes

func DecodeRecoveryCodes(codes string) []string

DecodeRecoveryCodes is an alias for strings.Split(",")

func EncodeRecoveryCodes

func EncodeRecoveryCodes(codes []string) string

EncodeRecoveryCodes is an alias for strings.Join(",")

func GenerateRecoveryCodes

func GenerateRecoveryCodes() ([]string, error)

GenerateRecoveryCodes creates 10 recovery codes of the form: abd34-1b24do (using alphabet, of length recoveryCodeLength).

func GenerateToken added in v2.2.0

func GenerateToken() (string, error)

GenerateToken used for authenticating e-mails for 2fa setup

func UseRecoveryCode

func UseRecoveryCode(codes []string, inputCode string) ([]string, bool)

UseRecoveryCode deletes the code that was used from the string slice and returns it, the bool is true if a code was used

Types

type EmailVerify added in v2.2.0

type EmailVerify struct {
	*authboss.Authboss

	TwofactorKind     string
	TwofactorSetupURL string
}

EmailVerify has a middleware function that prevents access to routes unless e-mail has been verified.

It does this by first setting where the user is coming from and generating an e-mail with a random token. The token is stored in the session.

When the user clicks the e-mail link with the token, the token is confirmed by this middleware and the user is forwarded to the e-mail auth redirect.

func SetupEmailVerify added in v2.2.0

func SetupEmailVerify(ab *authboss.Authboss, twofactorKind, setupURL string) (EmailVerify, error)

SetupEmailVerify registers routes for a particular 2fa method

func (EmailVerify) End added in v2.2.0

End confirms the token passed in by the user (by the link in the e-mail)

func (EmailVerify) GetStart added in v2.2.0

func (e EmailVerify) GetStart(w http.ResponseWriter, r *http.Request) error

GetStart shows the e-mail address and asks you to confirm that you would like to proceed.

func (EmailVerify) PostStart added in v2.2.0

func (e EmailVerify) PostStart(w http.ResponseWriter, r *http.Request) error

PostStart sends an e-mail and shoves the user's token into the session

func (EmailVerify) SendVerifyEmail added in v2.2.0

func (e EmailVerify) SendVerifyEmail(ctx context.Context, to, token string)

SendVerifyEmail to the user

func (EmailVerify) Wrap added in v2.2.0

func (e EmailVerify) Wrap(handler http.Handler) http.Handler

Wrap a route and stop it from being accessed unless the Session2FAAuthed session value is "true".

type EmailVerifyTokenValuer added in v2.2.0

type EmailVerifyTokenValuer interface {
	authboss.Validator

	GetToken() string
}

EmailVerifyTokenValuer returns a token from the body

func MustHaveEmailVerifyTokenValues added in v2.2.0

func MustHaveEmailVerifyTokenValues(v authboss.Validator) EmailVerifyTokenValuer

MustHaveEmailVerifyTokenValues upgrades a validatable set of values to ones specific to a user that needs to be recovered.

type Recovery

type Recovery struct {
	*authboss.Authboss
}

Recovery for two-factor authentication is handled by this type

func (*Recovery) GetRegen

func (rc *Recovery) GetRegen(w http.ResponseWriter, r *http.Request) error

GetRegen shows a button that enables a user to regen their codes as well as how many codes are currently remaining.

func (*Recovery) PostRegen

func (rc *Recovery) PostRegen(w http.ResponseWriter, r *http.Request) error

PostRegen regenerates the codes

func (*Recovery) Setup

func (rc *Recovery) Setup() error

Setup the module to provide recovery regeneration routes

type User

type User interface {
	authboss.User

	GetEmail() string
	PutEmail(string)

	// GetRecoveryCodes retrieves a CSV string of bcrypt'd recovery codes
	GetRecoveryCodes() string
	// PutRecoveryCodes uses a single string to store many
	// bcrypt'd recovery codes
	PutRecoveryCodes(codes string)
}

User interface

Directories

Path Synopsis
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Package totp2fa implements two factor auth using time-based one time passwords.
Package totp2fa implements two factor auth using time-based one time passwords.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL