totp2fa

package
v3.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 30, 2023 License: MIT Imports: 13 Imported by: 6

Documentation

Overview

Package totp2fa implements two factor auth using time-based one time passwords.

Index

Constants

View Source
const (
	SessionTOTPSecret     = "totp_secret"
	SessionTOTPPendingPID = "totp_pending"
)

Session keys

View Source
const (
	PageTOTPConfirm        = "totp2fa_confirm"
	PageTOTPConfirmSuccess = "totp2fa_confirm_success"
	PageTOTPRemove         = "totp2fa_remove"
	PageTOTPRemoveSuccess  = "totp2fa_remove_success"
	PageTOTPSetup          = "totp2fa_setup"
	PageTOTPValidate       = "totp2fa_validate"
)

Pages

View Source
const (
	DataTOTPSecret = SessionTOTPSecret
)

Data constants

View Source
const (
	FormValueCode = "code"
)

Form value constants

Variables

This section is empty.

Functions

This section is empty.

Types

type TOTP

type TOTP struct {
	*authboss.Authboss
}

TOTP implements time based one time passwords

func (*TOTP) GetConfirm

func (t *TOTP) GetConfirm(w http.ResponseWriter, r *http.Request) error

GetConfirm requests a user to enter their totp code

func (*TOTP) GetQRCode

func (t *TOTP) GetQRCode(w http.ResponseWriter, r *http.Request) error

GetQRCode responds with a QR code image

func (*TOTP) GetRemove

func (t *TOTP) GetRemove(w http.ResponseWriter, r *http.Request) error

GetRemove starts removal

func (*TOTP) GetSetup

func (t *TOTP) GetSetup(w http.ResponseWriter, r *http.Request) error

GetSetup shows a screen allows a user to opt in to setting up totp 2fa

func (*TOTP) GetValidate

func (t *TOTP) GetValidate(w http.ResponseWriter, r *http.Request) error

GetValidate shows a page to enter a code into

func (*TOTP) HijackAuth

func (t *TOTP) HijackAuth(w http.ResponseWriter, r *http.Request, handled bool) (bool, error)

HijackAuth stores the user's pid in a special temporary session variable and redirects them to the validation endpoint.

func (*TOTP) PostConfirm

func (t *TOTP) PostConfirm(w http.ResponseWriter, r *http.Request) error

PostConfirm finally activates totp if the code matches

func (*TOTP) PostRemove

func (t *TOTP) PostRemove(w http.ResponseWriter, r *http.Request) error

PostRemove removes totp

func (*TOTP) PostSetup

func (t *TOTP) PostSetup(w http.ResponseWriter, r *http.Request) error

PostSetup prepares adds a key to the user's session

func (*TOTP) PostValidate

func (t *TOTP) PostValidate(w http.ResponseWriter, r *http.Request) error

PostValidate redirects on success

func (*TOTP) Setup

func (t *TOTP) Setup() error

Setup the module

type TOTPCodeValuer

type TOTPCodeValuer interface {
	authboss.Validator

	GetCode() string
	GetRecoveryCode() string
}

TOTPCodeValuer returns a code from the body

func MustHaveTOTPCodeValues

func MustHaveTOTPCodeValues(v authboss.Validator) TOTPCodeValuer

MustHaveTOTPCodeValues upgrades a validatable set of values to ones specific to a user that needs to be recovered.

type User

type User interface {
	twofactor.User

	GetTOTPSecretKey() string
	PutTOTPSecretKey(string)
}

User for TOTP

type UserOneTime added in v3.1.0

type UserOneTime interface {
	User

	GetTOTPLastCode() string
	PutTOTPLastCode(string)
}

UserOneTime allows totp codes to be one-time use only

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL