60 lines
1.2 KiB
Go
60 lines
1.2 KiB
Go
package models
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
type Auth struct {
|
|
Base
|
|
PasswordHash string
|
|
TwoFactorSecret string
|
|
TwoFactorRecovery string
|
|
Verified bool
|
|
}
|
|
|
|
func (a *Auth) SetPassword(pass string) error {
|
|
passHash, _ := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
|
|
a.PasswordHash = string(passHash)
|
|
return nil
|
|
}
|
|
|
|
func (a *Auth) Login(pass string, tfCode string) (error, bool) {
|
|
if err := a.CheckPassword(pass); err != nil {
|
|
return err, false
|
|
}
|
|
|
|
if err := a.ValidateTwoFactor(tfCode, time.Now()); err != nil {
|
|
return err, true
|
|
}
|
|
|
|
if !a.Verified {
|
|
return errors.New("not yet verified"), true
|
|
}
|
|
|
|
return nil, false
|
|
}
|
|
|
|
func (a *Auth) CheckPassword(pass string) error {
|
|
return bcrypt.CompareHashAndPassword([]byte(a.PasswordHash), []byte(pass))
|
|
}
|
|
|
|
func (a *Auth) ValidateTwoFactor(tfCode string, stamp time.Time) error {
|
|
if tfCode == "" && a.TwoFactorSecret != "" {
|
|
return errors.New("requires 2FA")
|
|
} else if tfCode == "" && a.TwoFactorSecret == "" {
|
|
return nil
|
|
}
|
|
|
|
//TODO two factor
|
|
if len(tfCode) == 6 {
|
|
// Test 2FA
|
|
return errors.New("2FA invalid")
|
|
} else {
|
|
// May be a renewal code
|
|
return errors.New("unlock invalid")
|
|
}
|
|
}
|