mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
ad8e844af6
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226.
71 lines
2.0 KiB
Go
71 lines
2.0 KiB
Go
package models
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/golang-jwt/jwt/v4"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// NewIdentityVerification creates a new IdentityVerification from a given username and action.
|
|
func NewIdentityVerification(username, action string) (verification IdentityVerification) {
|
|
return IdentityVerification{
|
|
JTI: uuid.New(),
|
|
IssuedAt: time.Now(),
|
|
ExpiresAt: time.Now().Add(5 * time.Minute),
|
|
Action: action,
|
|
Username: username,
|
|
}
|
|
}
|
|
|
|
// IdentityVerification represents an identity verification row in the database.
|
|
type IdentityVerification struct {
|
|
ID int `db:"id"`
|
|
JTI uuid.UUID `db:"jti"`
|
|
IssuedAt time.Time `db:"iat"`
|
|
ExpiresAt time.Time `db:"exp"`
|
|
Used *time.Time `db:"used"`
|
|
Action string `db:"action"`
|
|
Username string `db:"username"`
|
|
}
|
|
|
|
// ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim.
|
|
func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim) {
|
|
return &IdentityVerificationClaim{
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
|
ID: v.JTI.String(),
|
|
Issuer: "Authelia",
|
|
IssuedAt: jwt.NewNumericDate(v.IssuedAt),
|
|
ExpiresAt: jwt.NewNumericDate(v.ExpiresAt),
|
|
},
|
|
Action: v.Action,
|
|
Username: v.Username,
|
|
}
|
|
}
|
|
|
|
// IdentityVerificationClaim custom claim for specifying the action claim.
|
|
// The action can be to register a TOTP device, a U2F device or reset one's password.
|
|
type IdentityVerificationClaim struct {
|
|
jwt.RegisteredClaims
|
|
|
|
// The action this token has been crafted for.
|
|
Action string `json:"action"`
|
|
// The user this token has been crafted for.
|
|
Username string `json:"username"`
|
|
}
|
|
|
|
// ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification.
|
|
func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error) {
|
|
jti, err := uuid.Parse(v.ID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &IdentityVerification{
|
|
JTI: jti,
|
|
Username: v.Username,
|
|
Action: v.Action,
|
|
ExpiresAt: v.ExpiresAt.Time,
|
|
}, nil
|
|
}
|