Adding Live 2fa capacity
* Some requests may be sensitive enough to require a secondary two-factor authorization on the spot * Examples: changing password, changing email address, viewing API tokens etc * This creates a core handler that can attach to any Auth-able method which will require a "twofactorcode" query param before processing
This commit is contained in:
🐙PiperYxzzy
@@ -5,6 +5,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/pquerna/otp/totp"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
)
|
||||
@@ -55,6 +56,12 @@ func (a *Auth) CheckPassword(pass string) error {
|
||||
return bcrypt.CompareHashAndPassword([]byte(a.PasswordHash), []byte(pass))
|
||||
}
|
||||
|
||||
type TotpUsage struct {
|
||||
LoginUid uuid.UUID `gorm:"index"`
|
||||
Used time.Time
|
||||
Code string `gorm:"index"`
|
||||
}
|
||||
|
||||
func (a *Auth) ValidateTwoFactor(tfCode string, stamp time.Time) error {
|
||||
if tfCode == "" && a.TwoFactorSecret != "" {
|
||||
return errors.New("requires 2FA")
|
||||
|
||||
Reference in New Issue
Block a user