Version: v3.2.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 12, 2021 License: MIT Imports: 13 Imported by: 1



Package sms2fa implements two factor auth using sms-transmitted one time passwords.



View Source
const (
	SessionSMSNumber     = "sms_number"
	SessionSMSSecret     = "sms_secret"
	SessionSMSLast       = "sms_last"
	SessionSMSPendingPID = "sms_pending"

Session keys

View Source
const (
	FormValueCode        = "code"
	FormValuePhoneNumber = "phone_number"

Form value constants

View Source
const (
	PageSMSConfirm        = "sms2fa_confirm"
	PageSMSConfirmSuccess = "sms2fa_confirm_success"
	PageSMSRemove         = "sms2fa_remove"
	PageSMSRemoveSuccess  = "sms2fa_remove_success"
	PageSMSSetup          = "sms2fa_setup"
	PageSMSValidate       = "sms2fa_validate"


View Source
const (
	DataSMSSecret      = SessionSMSSecret
	DataSMSPhoneNumber = "sms_phone_number"

Data constants


This section is empty.


This section is empty.


type SMS

type SMS struct {
	Sender SMSSender

SMS implements time based one time passwords

func (*SMS) GetSetup

func (s *SMS) GetSetup(w http.ResponseWriter, r *http.Request) error

GetSetup shows a screen that allows a user to opt in to setting up sms 2fa by asking for a phone number that's optionally already filled in.

func (*SMS) HijackAuth

func (s *SMS) HijackAuth(w http.ResponseWriter, r *http.Request, handled bool) (bool, error)

HijackAuth stores the user's pid in a special temporary session variable and redirects them to the validation endpoint.

func (*SMS) PostSetup

func (s *SMS) PostSetup(w http.ResponseWriter, r *http.Request) error

PostSetup adds the phone number provided to the user's session and sends an SMS there.

func (*SMS) SendCodeToUser

func (s *SMS) SendCodeToUser(w http.ResponseWriter, r *http.Request, pid, number string) error

SendCodeToUser ensures that a code is sent to the user

func (*SMS) Setup

func (s *SMS) Setup() error

Setup the module

type SMSNumberProvider

type SMSNumberProvider interface {
	GetSMSPhoneNumberSeed() string

SMSNumberProvider provides a phone number already attached to the user if it exists. This allows a user to be populated with a phone-number without the user needing to provide it.

type SMSPhoneNumberValuer

type SMSPhoneNumberValuer interface {

	GetPhoneNumber() string

SMSPhoneNumberValuer returns a phone number from the body

func MustHaveSMSPhoneNumberValue

func MustHaveSMSPhoneNumberValue(v authboss.Validator) SMSPhoneNumberValuer

MustHaveSMSPhoneNumberValue upgrades a validatable set of values to ones specifically holding a phone number.

type SMSSender

type SMSSender interface {
	Send(ctx context.Context, number, text string) error

SMSSender sends SMS messages to a phone number

type SMSValidator

type SMSValidator struct {
	Page string

SMSValidator abstracts the send code/resend code/submit code workflow

func (*SMSValidator) Get

Get shows an empty page typically, this allows us to prompt a second time for the action.

func (*SMSValidator) Post

Post receives a code in the body and validates it, if the code is missing then it sends the code to the user (rate-limited).

type SMSValuer

type SMSValuer interface {

	GetCode() string
	GetRecoveryCode() string

SMSValuer returns a code or a resend-code from the body

func MustHaveSMSValues

func MustHaveSMSValues(v authboss.Validator) SMSValuer

MustHaveSMSValues upgrades a validatable set of values to one specifically holding the code we're looking for, or a resend.

type User

type User interface {

	GetSMSPhoneNumber() string

User for SMS

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL