Documentation ¶
Overview ¶
Package sms2fa implements two factor auth using sms-transmitted one time passwords.
Index ¶
- Constants
- type SMS
- func (s *SMS) GetSetup(w http.ResponseWriter, r *http.Request) error
- func (s *SMS) HijackAuth(w http.ResponseWriter, r *http.Request, handled bool) (bool, error)
- func (s *SMS) PostSetup(w http.ResponseWriter, r *http.Request) error
- func (s *SMS) SendCodeToUser(w http.ResponseWriter, r *http.Request, pid, number string) error
- func (s *SMS) Setup() error
- type SMSNumberProvider
- type SMSPhoneNumberValuer
- type SMSSender
- type SMSValidator
- type SMSValuer
- type User
Constants ¶
const ( SessionSMSNumber = "sms_number" SessionSMSSecret = "sms_secret" SessionSMSLast = "sms_last" SessionSMSPendingPID = "sms_pending" )
Session keys
const ( FormValueCode = "code" FormValuePhoneNumber = "phone_number" )
Form value constants
const ( PageSMSConfirm = "sms2fa_confirm" PageSMSConfirmSuccess = "sms2fa_confirm_success" PageSMSRemove = "sms2fa_remove" PageSMSRemoveSuccess = "sms2fa_remove_success" PageSMSSetup = "sms2fa_setup" PageSMSValidate = "sms2fa_validate" )
Pages
const ( DataSMSSecret = SessionSMSSecret DataSMSPhoneNumber = "sms_phone_number" )
Data constants
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SMS ¶
type SMS struct { *authboss.Authboss Sender SMSSender }
SMS implements time based one time passwords
func (*SMS) GetSetup ¶
GetSetup shows a screen that allows a user to opt in to setting up sms 2fa by asking for a phone number that's optionally already filled in.
func (*SMS) HijackAuth ¶
HijackAuth stores the user's pid in a special temporary session variable and redirects them to the validation endpoint.
func (*SMS) PostSetup ¶
PostSetup adds the phone number provided to the user's session and sends an SMS there.
func (*SMS) SendCodeToUser ¶
SendCodeToUser ensures that a code is sent to the user
type SMSNumberProvider ¶
type SMSNumberProvider interface {
GetSMSPhoneNumberSeed() string
}
SMSNumberProvider provides a phone number already attached to the user if it exists. This allows a user to be populated with a phone-number without the user needing to provide it.
type SMSPhoneNumberValuer ¶
type SMSPhoneNumberValuer interface {
authboss.Validator
GetPhoneNumber() string
}
SMSPhoneNumberValuer returns a phone number from the body
func MustHaveSMSPhoneNumberValue ¶
func MustHaveSMSPhoneNumberValue(v authboss.Validator) SMSPhoneNumberValuer
MustHaveSMSPhoneNumberValue upgrades a validatable set of values to ones specifically holding a phone number.
type SMSValidator ¶
SMSValidator abstracts the send code/resend code/submit code workflow
func (*SMSValidator) Get ¶
func (s *SMSValidator) Get(w http.ResponseWriter, r *http.Request) error
Get shows an empty page typically, this allows us to prompt a second time for the action.
func (*SMSValidator) Post ¶
func (s *SMSValidator) Post(w http.ResponseWriter, r *http.Request) error
Post receives a code in the body and validates it, if the code is missing then it sends the code to the user (rate-limited).
type SMSValuer ¶
SMSValuer returns a code or a resend-code from the body
func MustHaveSMSValues ¶
func MustHaveSMSValues(v authboss.Validator) SMSValuer
MustHaveSMSValues upgrades a validatable set of values to one specifically holding the code we're looking for, or a resend.