6dd096b7f0
* Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
70 lines
2.2 KiB
Go
70 lines
2.2 KiB
Go
/**
|
|
* Copyright 2014 Paul Querna
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
*/
|
|
|
|
// Package otp implements both HOTP and TOTP based
|
|
// one time passcodes in a Google Authenticator compatible manner.
|
|
//
|
|
// When adding a TOTP for a user, you must store the "secret" value
|
|
// persistently. It is recommend to store the secret in an encrypted field in your
|
|
// datastore. Due to how TOTP works, it is not possible to store a hash
|
|
// for the secret value like you would a password.
|
|
//
|
|
// To enroll a user, you must first generate an OTP for them. Google
|
|
// Authenticator supports using a QR code as an enrollment method:
|
|
//
|
|
// import (
|
|
// "github.com/pquerna/otp/totp"
|
|
//
|
|
// "bytes"
|
|
// "image/png"
|
|
// )
|
|
//
|
|
// key, err := totp.Generate(totp.GenerateOpts{
|
|
// Issuer: "Example.com",
|
|
// AccountName: "alice@example.com",
|
|
// })
|
|
//
|
|
// // Convert TOTP key into a QR code encoded as a PNG image.
|
|
// var buf bytes.Buffer
|
|
// img, err := key.Image(200, 200)
|
|
// png.Encode(&buf, img)
|
|
//
|
|
// // display the QR code to the user.
|
|
// display(buf.Bytes())
|
|
//
|
|
// // Now Validate that the user's successfully added the passcode.
|
|
// passcode := promptForPasscode()
|
|
// valid := totp.Validate(passcode, key.Secret())
|
|
//
|
|
// if valid {
|
|
// // User successfully used their TOTP, save it to your backend!
|
|
// storeSecret("alice@example.com", key.Secret())
|
|
// }
|
|
//
|
|
// Validating a TOTP passcode is very easy, just prompt the user for a passcode
|
|
// and retrieve the associated user's previously stored secret.
|
|
// import "github.com/pquerna/otp/totp"
|
|
//
|
|
// passcode := promptForPasscode()
|
|
// secret := getSecret("alice@example.com")
|
|
//
|
|
// valid := totp.Validate(passcode, secret)
|
|
//
|
|
// if valid {
|
|
// // Success! continue login process.
|
|
// }
|
|
package otp
|