This commit is contained in:
parent
a6bcbaf5e9
commit
7ae75caaf5
SSH key fingerprint:
SHA256:9VAo09aaVNTWKzPW7Hq2LW+ox9OdwmTSHRoD4mlz1yI
3 changed files with 29 additions and 1 deletions
|
|
@ -1,5 +1,7 @@
|
|||
package auth
|
||||
|
||||
// Some helpful comments from: https://waters.me/internet/google-authenticator-implementation-note-key-length-token-reuse/
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
|
|
@ -15,11 +17,20 @@ import (
|
|||
)
|
||||
|
||||
const totpUnverifiedSuffix = "-NOT_VERIFIED"
|
||||
const totpTokenNoLongerRecentlyUsed = time.Second * 90
|
||||
|
||||
func (a *Authenticator) PerformTotpLogin(
|
||||
username string,
|
||||
totpToken string,
|
||||
) (LoginNextState, string, error) {
|
||||
// First check if that token has been seen recently for that user
|
||||
if timestamp, found := a.recentlyUsedTotpTokens[totpToken+"+"+username]; found {
|
||||
if timestamp.Add(totpTokenNoLongerRecentlyUsed).After(time.Now()) {
|
||||
return LoginNextFailure, "", ErrTotpRecentlyUsed
|
||||
} else {
|
||||
delete(a.recentlyUsedTotpTokens, totpToken+"+"+username)
|
||||
}
|
||||
}
|
||||
if ok, err := a.canUsernameLogin(username); !ok {
|
||||
return 0, "", other.Error("auth", "user may not login", err)
|
||||
}
|
||||
|
|
@ -61,6 +72,9 @@ func (a *Authenticator) PerformTotpLogin(
|
|||
ErrInvalidCombination,
|
||||
)
|
||||
}
|
||||
|
||||
a.recentlyUsedTotpTokens[totpToken+"+"+username] = time.Now()
|
||||
|
||||
token := models.AccessToken{
|
||||
User: *acc,
|
||||
UserId: acc.ID,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue