llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
casdoor/object/mfa.go

186 lines
4.1 KiB
Go
Raw Permalink Normal View History

feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
// Copyright 2023 The Casdoor Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package object
import (
"fmt"
"github.com/casdoor/casdoor/util"
)
type MfaProps struct {
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
Enabled bool `json:"enabled"`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
IsPreferred bool `json:"isPreferred"`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
MfaType string `json:"mfaType" form:"mfaType"`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
Secret string `json:"secret,omitempty"`
CountryCode string `json:"countryCode,omitempty"`
URL string `json:"url,omitempty"`
RecoveryCodes []string `json:"recoveryCodes,omitempty"`
}
type MfaInterface interface {
feat: refactor MFA code and fix no-session bug (#2676) * refactor: refactor mfa * refactor: refactor mfa * refactor: refactor mfa * lint * chore: reduce wait time
2024-02-06 20:17:59 +08:00
Initiate(userId string) (*MfaProps, error)
SetupVerify(passcode string) error
Enable(user *User) error
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
Verify(passcode string) error
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
const (
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
EmailType = "email"
SmsType = "sms"
TotpType = "app"
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
)
const (
MfaSessionUserId = "MfaSessionUserId"
NextMfa = "NextMfa"
feat: support forced binding MFA after login (#1845)
2023-05-17 01:13:13 +08:00
RequiredMfa = "RequiredMfa"
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
)
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
func GetMfaUtil(mfaType string, config *MfaProps) MfaInterface {
switch mfaType {
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
case SmsType:
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
return NewSmsMfaUtil(config)
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
case EmailType:
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
return NewEmailMfaUtil(config)
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
case TotpType:
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
return NewTotpMfaUtil(config)
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
return nil
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
func MfaRecover(user *User, recoveryCode string) error {
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
hit := false
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
if len(user.RecoveryCodes) == 0 {
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
return fmt.Errorf("do not have recovery codes")
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
for _, code := range user.RecoveryCodes {
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
if code == recoveryCode {
hit = true
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
user.RecoveryCodes = util.DeleteVal(user.RecoveryCodes, code)
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
break
}
}
if !hit {
return fmt.Errorf("recovery code not found")
}
fix: remove isGlobalAdmin field in user (#2235) * refactor: remove isGlobalAdmin field in user * fix: upload xlsx * fix: remove field in account table
2023-08-19 12:23:15 +08:00
_, err := UpdateUser(user.GetId(), user, []string{"recovery_codes"}, false)
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com>
2023-05-30 15:49:39 +08:00
if err != nil {
return err
}
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
return nil
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
func GetAllMfaProps(user *User, masked bool) []*MfaProps {
mfaProps := []*MfaProps{}
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
for _, mfaType := range []string{SmsType, EmailType, TotpType} {
mfaProps = append(mfaProps, user.GetMfaProps(mfaType, masked))
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
return mfaProps
}
func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
mfaProps := &MfaProps{}
if mfaType == SmsType {
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
if !user.MfaPhoneEnabled {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
mfaProps = &MfaProps{
Enabled: user.MfaPhoneEnabled,
MfaType: mfaType,
CountryCode: user.CountryCode,
}
if masked {
mfaProps.Secret = util.GetMaskedPhone(user.Phone)
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
} else {
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
mfaProps.Secret = user.Phone
}
} else if mfaType == EmailType {
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
if !user.MfaEmailEnabled {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
mfaProps = &MfaProps{
Enabled: user.MfaEmailEnabled,
MfaType: mfaType,
}
if masked {
mfaProps.Secret = util.GetMaskedEmail(user.Email)
} else {
mfaProps.Secret = user.Email
}
} else if mfaType == TotpType {
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
if user.TotpSecret == "" {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
mfaProps = &MfaProps{
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
Enabled: true,
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
MfaType: mfaType,
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
if masked {
mfaProps.Secret = ""
} else {
mfaProps.Secret = user.TotpSecret
}
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
if user.PreferredMfaType == mfaType {
mfaProps.IsPreferred = true
}
return mfaProps
}
func DisabledMultiFactorAuth(user *User) error {
user.PreferredMfaType = ""
user.RecoveryCodes = []string{}
user.MfaPhoneEnabled = false
user.MfaEmailEnabled = false
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
user.TotpSecret = ""
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n
2023-06-24 18:39:54 +08:00
_, err := updateUser(user.GetId(), user, []string{"preferred_mfa_type", "recovery_codes", "mfa_phone_enabled", "mfa_email_enabled", "totp_secret"})
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
if err != nil {
return err
}
return nil
}
func SetPreferredMultiFactorAuth(user *User, mfaType string) error {
user.PreferredMfaType = mfaType
fix: remove isGlobalAdmin field in user (#2235) * refactor: remove isGlobalAdmin field in user * fix: upload xlsx * fix: remove field in account table
2023-08-19 12:23:15 +08:00
_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type"}, false)
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot
2023-06-21 18:56:37 +08:00
if err != nil {
return err
}
return nil
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>
2023-05-05 21:23:59 +08:00
}
Reference in New Issue Copy Permalink