-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Actions are proved by user's signature Multiple delivery channels for same 2FA method are possible Sync masterkey from 3rdparty to verify user's signature If more then 3 2FA configured must is only 2
- Loading branch information
1 parent
e109b89
commit b9eaaa6
Showing
21 changed files
with
756 additions
and
232 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,17 +24,22 @@ type ( | |
Accounts interface { | ||
io.Closer | ||
ProxyDelegatedRelyingParty(ctx context.Context, rw http.ResponseWriter, r *http.Request) | ||
Verify2FA(ctx context.Context, userID string, codes map[TwoFAOptionEnum]string) error | ||
Delete2FA(ctx context.Context, userID string, codes map[TwoFAOptionEnum]string, twoFAToDel TwoFAOptionEnum, toDel string) error | ||
Send2FA(ctx context.Context, userID string, channel TwoFAOptionEnum, deliverTo *string, language string, verificationUsingExisting2FA map[TwoFAOptionEnum]string) (authenticatorUri *string, err error) | ||
StartDelegatedRecovery(ctx context.Context, username, credentialID string, codes map[TwoFAOptionEnum]string) (resp *StartedDelegatedRecovery, err error) | ||
Verify2FA(ctx context.Context, userID string, codes map[TwoFAOptionWithAddr]string) error | ||
Delete2FA(ctx context.Context, userID string, codes map[TwoFAOptionWithAddr]string, twoFAToDel TwoFAOptionEnum, toDel string) error | ||
Send2FA(ctx context.Context, userID string, channel TwoFAOptionEnum, deliverTo *string, language string, verificationUsingExisting2FA map[TwoFAOptionWithAddr]string) (authenticatorUri *string, err error) | ||
StartDelegatedRecovery(ctx context.Context, username, credentialID string, codes map[TwoFAOptionWithAddr]string) (resp *StartedDelegatedRecovery, err error) | ||
GetOrAssignIONConnectRelays(ctx context.Context, userID string, followees []string) (relays []string, err error) | ||
GetIONConnectIndexerRelays(ctx context.Context, userID string) (indexers []string, err error) | ||
GetUser(ctx context.Context, userID string) (usr *User, err error) | ||
HealthCheck(ctx context.Context) error | ||
} | ||
|
||
TwoFAOptionEnum = string | ||
TwoFAOptionEnum string | ||
TwoFAOptionWithAddr struct { | ||
opt TwoFAOptionEnum | ||
idx int | ||
addr string | ||
} // email:[email protected], for the maps to separate codes for same channel | ||
StartedDelegatedRecovery = dfns.StartedDelegatedRecovery | ||
DelegatedRelyingPartyErr = dfns.DfnsInternalError | ||
User struct { | ||
|
@@ -54,6 +59,7 @@ const ( | |
AuthorizationHeaderCtxValue = dfns.AuthHeaderCtxValue | ||
AppIDHeaderCtxValue = dfns.AppIDCtxValue | ||
registrationUrl = "/auth/registration/delegated" | ||
completeRegistrationUrl = "/auth/registration/enduser" | ||
completeLoginUrl = "/auth/login" | ||
delegatedLoginUrl = "/auth/login/delegated" | ||
) | ||
|
@@ -71,16 +77,23 @@ var ( | |
Err2FARequired = errors.New("2FA required") | ||
ErrAuthenticatorRequirementsNotMet = errors.New("authenticator requirements not met") | ||
ErrUserNotFound = storage.ErrNotFound | ||
ErrInvalidFollowees = errors.New("invalid followees") | ||
ErrInvalidUserSignature = errors.New("invalid user signature") | ||
ErrInvalidUsername = dfns.ErrInvalidUsername | ||
) | ||
|
||
const ( | ||
applicationYamlKey = "accounts" | ||
clientIPCtxValueKey = "clientIPCtxValueKey" | ||
confirmationCodeLength = 6 | ||
applicationYamlKey = "accounts" | ||
clientIPCtxValueKey = "clientIPCtxValueKey" | ||
userSignatureCtxValueKey = "userSignatureCtxValueKey" | ||
confirmationCodeLength = 6 | ||
) | ||
|
||
//go:embed DDL.sql | ||
var ddl string | ||
var ( | ||
//go:embed DDL.sql | ||
ddl string | ||
errSignatureRequired = errors.New("signature is required") | ||
) | ||
|
||
type ( | ||
accounts struct { | ||
|
@@ -96,27 +109,31 @@ type ( | |
user struct { | ||
CreatedAt *time.Time | ||
UpdatedAt *time.Time | ||
Active2FAEmail *int `db:"active_2fa_email"` | ||
Active2FAPhoneNumber *int `db:"active_2fa_phone_number"` | ||
Active2FATotpAuthenticator *int `db:"active_2fa_totp_authenticator"` | ||
ID string | ||
Username string | ||
MasterPubKey string `db:"master_pubkey"` | ||
Email []string | ||
PhoneNumber []string | ||
TotpAuthenticatorSecret []string | ||
IONConnectRelays []string | ||
Clients []string | ||
Active2FAEmail []bool `db:"active_2fa_email"` | ||
Active2FAPhoneNumber []bool `db:"active_2fa_phone_number"` | ||
Active2FATotpAuthenticator []bool `db:"active_2fa_totp_authenticator"` | ||
} | ||
twoFACode struct { | ||
CreatedAt *time.Time | ||
ConfirmedAt *time.Time | ||
UserID string | ||
Option TwoFAOptionEnum | ||
DeliverTo string | ||
Code string | ||
CreatedAt *time.Time | ||
ConfirmedAt *time.Time | ||
UserID string | ||
Option TwoFAOptionEnum | ||
DeliverToIdx *int `db:"deliver_to_idx"` | ||
DeliverTo string | ||
Code string | ||
} | ||
config struct { | ||
EmailExpiration stdlibtime.Duration `yaml:"emailExpiration" mapstructure:"emailExpiration"` | ||
SMSExpiration stdlibtime.Duration `yaml:"smsExpiration" mapstructure:"smsExpiration"` | ||
EmailExpiration stdlibtime.Duration `yaml:"emailExpiration" mapstructure:"emailExpiration"` | ||
SMSExpiration stdlibtime.Duration `yaml:"smsExpiration" mapstructure:"smsExpiration"` | ||
UserSignatureExpiration stdlibtime.Duration `yaml:"userSignatureExpiration" mapstructure:"userSignatureExpiration"` | ||
Max2FACount int `yaml:"max2FACount" mapstructure:"max2FACount"` | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.