totp2fa

package

v3.5.0 Latest Latest Go to latest Published: Dec 30, 2023 License: MIT Imports: 13 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/volatiletech/authboss

Links

Open Source Insights

Documentation ¶

Overview ¶

Package totp2fa implements two factor auth using time-based one time passwords.

Index ¶

Constants
type TOTP
type TOTPCodeValuer
- func MustHaveTOTPCodeValues(v authboss.Validator) TOTPCodeValuer
type User
type UserOneTime

Constants ¶

View Source

const (
	SessionTOTPSecret     = "totp_secret"
	SessionTOTPPendingPID = "totp_pending"
)

Session keys

View Source

const (
	PageTOTPConfirm        = "totp2fa_confirm"
	PageTOTPConfirmSuccess = "totp2fa_confirm_success"
	PageTOTPRemove         = "totp2fa_remove"
	PageTOTPRemoveSuccess  = "totp2fa_remove_success"
	PageTOTPSetup          = "totp2fa_setup"
	PageTOTPValidate       = "totp2fa_validate"
)

Pages

View Source

const (
	DataTOTPSecret = SessionTOTPSecret
)

Data constants

View Source

const (
	FormValueCode = "code"
)

Form value constants

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type TOTP ¶

type TOTP struct {
	*authboss.Authboss
}

TOTP implements time based one time passwords

func (*TOTP) GetConfirm ¶

func (t *TOTP) GetConfirm(w http.ResponseWriter, r *http.Request) error

GetConfirm requests a user to enter their totp code

func (*TOTP) GetQRCode ¶

func (t *TOTP) GetQRCode(w http.ResponseWriter, r *http.Request) error

GetQRCode responds with a QR code image

func (*TOTP) GetRemove ¶

func (t *TOTP) GetRemove(w http.ResponseWriter, r *http.Request) error

GetRemove starts removal

func (*TOTP) GetSetup ¶

func (t *TOTP) GetSetup(w http.ResponseWriter, r *http.Request) error

GetSetup shows a screen allows a user to opt in to setting up totp 2fa

func (*TOTP) GetValidate ¶

func (t *TOTP) GetValidate(w http.ResponseWriter, r *http.Request) error

GetValidate shows a page to enter a code into

func (*TOTP) HijackAuth ¶

func (t *TOTP) HijackAuth(w http.ResponseWriter, r *http.Request, handled bool) (bool, error)

HijackAuth stores the user's pid in a special temporary session variable and redirects them to the validation endpoint.

func (*TOTP) PostConfirm ¶

func (t *TOTP) PostConfirm(w http.ResponseWriter, r *http.Request) error

PostConfirm finally activates totp if the code matches

func (*TOTP) PostRemove ¶

func (t *TOTP) PostRemove(w http.ResponseWriter, r *http.Request) error

PostRemove removes totp

func (*TOTP) PostSetup ¶

func (t *TOTP) PostSetup(w http.ResponseWriter, r *http.Request) error

PostSetup prepares adds a key to the user's session

func (*TOTP) PostValidate ¶

func (t *TOTP) PostValidate(w http.ResponseWriter, r *http.Request) error

PostValidate redirects on success

func (*TOTP) Setup ¶

func (t *TOTP) Setup() error

Setup the module

type TOTPCodeValuer ¶

type TOTPCodeValuer interface {
	authboss.Validator

	GetCode() string
	GetRecoveryCode() string
}

TOTPCodeValuer returns a code from the body

func MustHaveTOTPCodeValues ¶

func MustHaveTOTPCodeValues(v authboss.Validator) TOTPCodeValuer

MustHaveTOTPCodeValues upgrades a validatable set of values to ones specific to a user that needs to be recovered.

type User ¶

type User interface {
	twofactor.User

	GetTOTPSecretKey() string
	PutTOTPSecretKey(string)
}

User for TOTP

type UserOneTime ¶ added in v3.1.0

type UserOneTime interface {
	User

	GetTOTPLastCode() string
	PutTOTPLastCode(string)
}

UserOneTime allows totp codes to be one-time use only

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL