twofactor

package
v2.4.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2020 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package twofactor allows authentication via one time passwords

Index

Constants

View Source 
const (
	PageRecovery2FA  = "recovery2fa"
	PageVerify2FA    = "twofactor_verify"
	PageVerifyEnd2FA = "twofactor_verify_end"
)

Page constants

View Source 
const (
	EmailVerifyHTML = "twofactor_verify_email_html"
	EmailVerifyTxt  = "twofactor_verify_email_txt"
)

Email constants

View Source 
const (
	DataRecoveryCode     = "recovery_code"
	DataRecoveryCodes    = "recovery_codes"
	DataNumRecoveryCodes = "n_recovery_codes"
	DataVerifyEmail      = "email"
	DataVerifyURL        = "url"
)

Data constants

View Source 
const (
	FormValueToken = "token"
)

Form value constants

Variables

This section is empty.

Functions

func BCryptRecoveryCodes 

func BCryptRecoveryCodes(codes []string) ([]string, error)

BCryptRecoveryCodes hashes each recovery code given and return them in a new slice.

func DecodeRecoveryCodes 

func DecodeRecoveryCodes(codes string) []string

DecodeRecoveryCodes is an alias for strings.Split(",")

func EncodeRecoveryCodes 

func EncodeRecoveryCodes(codes []string) string

EncodeRecoveryCodes is an alias for strings.Join(",")

func GenerateRecoveryCodes 

func GenerateRecoveryCodes() ([]string, error)

GenerateRecoveryCodes creates 10 recovery codes of the form: abd34-1b24do (using alphabet, of length recoveryCodeLength).

func GenerateToken 

func GenerateToken() (string, error)

GenerateToken used for authenticating e-mails for 2fa setup

func UseRecoveryCode 

func UseRecoveryCode(codes []string, inputCode string) ([]string, bool)

UseRecoveryCode deletes the code that was used from the string slice and returns it, the bool is true if a code was used

Types

type EmailVerify 

type EmailVerify struct {
	*authboss.Authboss

	TwofactorKind     string
	TwofactorSetupURL string
}

EmailVerify has a middleware function that prevents access to routes unless e-mail has been verified.

It does this by first setting where the user is coming from and generating an e-mail with a random token. The token is stored in the session.

When the user clicks the e-mail link with the token, the token is confirmed by this middleware and the user is forwarded to the e-mail auth redirect.

func SetupEmailVerify 

func SetupEmailVerify(ab *authboss.Authboss, twofactorKind, setupURL string) (EmailVerify, error)

SetupEmailVerify registers routes for a particular 2fa method

func (EmailVerify) End 

func (e EmailVerify) End(w http.ResponseWriter, r *http.Request) error

End confirms the token passed in by the user (by the link in the e-mail)

func (EmailVerify) GetStart 

func (e EmailVerify) GetStart(w http.ResponseWriter, r *http.Request) error

GetStart shows the e-mail address and asks you to confirm that you would like to proceed.

func (EmailVerify) PostStart 

func (e EmailVerify) PostStart(w http.ResponseWriter, r *http.Request) error

PostStart sends an e-mail and shoves the user's token into the session

func (EmailVerify) SendVerifyEmail 

func (e EmailVerify) SendVerifyEmail(ctx context.Context, to, token string)

SendVerifyEmail to the user

func (EmailVerify) Wrap 

func (e EmailVerify) Wrap(handler http.Handler) http.Handler

Wrap a route and stop it from being accessed unless the Session2FAAuthed session value is "true".

type EmailVerifyTokenValuer 

type EmailVerifyTokenValuer interface {
	authboss.Validator

	GetToken() string
}

EmailVerifyTokenValuer returns a token from the body

func MustHaveEmailVerifyTokenValues 

func MustHaveEmailVerifyTokenValues(v authboss.Validator) EmailVerifyTokenValuer

MustHaveEmailVerifyTokenValues upgrades a validatable set of values to ones specific to a user that needs to be recovered.

type Recovery 

type Recovery struct {
	*authboss.Authboss
}

Recovery for two-factor authentication is handled by this type

func (*Recovery) GetRegen 

func (rc *Recovery) GetRegen(w http.ResponseWriter, r *http.Request) error

GetRegen shows a button that enables a user to regen their codes as well as how many codes are currently remaining.

func (*Recovery) PostRegen 

func (rc *Recovery) PostRegen(w http.ResponseWriter, r *http.Request) error

PostRegen regenerates the codes

func (*Recovery) Setup 

func (rc *Recovery) Setup() error

Setup the module to provide recovery regeneration routes

type User 

type User interface {
	authboss.User

	GetEmail() string
	PutEmail(string)

	// GetRecoveryCodes retrieves a CSV string of bcrypt'd recovery codes
	GetRecoveryCodes() string
	// PutRecoveryCodes uses a single string to store many
	// bcrypt'd recovery codes
	PutRecoveryCodes(codes string)
}

User interface

Source Files

View all Source files

Directories

Path Synopsis
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
 Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Package totp2fa implements two factor auth using time-based one time passwords.
 Package totp2fa implements two factor auth using time-based one time passwords.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.