casdoor/object/mfa_sms.go

// Copyright 2023 The Casdoor Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package object

import (
	"errors"
	"fmt"

	"github.com/beego/beego/context"
	"github.com/casdoor/casdoor/util"
	"github.com/google/uuid"
)

const (
	MfaSmsCountryCodeSession = "mfa_country_code"
	MfaSmsDestSession        = "mfa_dest"
)

type SmsMfa struct {
	Config *MfaProps
}

func (mfa *SmsMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
	recoveryCode := uuid.NewString()

	err := ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})
	if err != nil {
		return nil, err
	}

	mfaProps := MfaProps{
		MfaType:       mfa.Config.MfaType,
		RecoveryCodes: []string{recoveryCode},
	}
	return &mfaProps, nil
}

func (mfa *SmsMfa) SetupVerify(ctx *context.Context, passCode string) error {
	dest := ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
	countryCode := ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)
	if !util.IsEmailValid(dest) {
		dest, _ = util.GetE164Number(dest, countryCode)
	}

	if result := CheckVerificationCode(dest, passCode, "en"); result.Code != VerificationSuccess {
		return errors.New(result.Msg)
	}
	return nil
}

func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
	recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)
	if len(recoveryCodes) == 0 {
		return fmt.Errorf("recovery codes is missing")
	}

	columns := []string{"recovery_codes", "preferred_mfa_type"}

	user.RecoveryCodes = append(user.RecoveryCodes, recoveryCodes...)
	if user.PreferredMfaType == "" {
		user.PreferredMfaType = mfa.Config.MfaType
	}

	if mfa.Config.MfaType == SmsType {
		user.MfaPhoneEnabled = true
		columns = append(columns, "mfa_phone_enabled")

		if user.Phone == "" {
			user.Phone = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
			user.CountryCode = ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)
			columns = append(columns, "phone", "country_code")
		}
	} else if mfa.Config.MfaType == EmailType {
		user.MfaEmailEnabled = true
		columns = append(columns, "mfa_email_enabled")

		if user.Email == "" {
			user.Email = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
			columns = append(columns, "email")
		}
	}

	_, err := UpdateUser(user.GetId(), user, columns, false)
	if err != nil {
		return err
	}
	return nil
}

func (mfa *SmsMfa) Verify(passCode string) error {
	if !util.IsEmailValid(mfa.Config.Secret) {
		mfa.Config.Secret, _ = util.GetE164Number(mfa.Config.Secret, mfa.Config.CountryCode)
	}
	if result := CheckVerificationCode(mfa.Config.Secret, passCode, "en"); result.Code != VerificationSuccess {
		return errors.New(result.Msg)
	}
	return nil
}

func NewSmsMfaUtil(config *MfaProps) *SmsMfa {
	if config == nil {
		config = &MfaProps{
			MfaType: SmsType,
		}
	}
	return &SmsMfa{
		Config: config,
	}
}

func NewEmailMfaUtil(config *MfaProps) *SmsMfa {
	if config == nil {
		config = &MfaProps{
			MfaType: EmailType,
		}
	}
	return &SmsMfa{
		Config: config,
	}
}
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`// Copyright 2023 The Casdoor Authors. All Rights Reserved.`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package object`

			`import (`
			`"errors"`
			`"fmt"`

			`"github.com/beego/beego/context"`
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`"github.com/casdoor/casdoor/util"`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`"github.com/google/uuid"`
			`)`

			`const (`
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`MfaSmsCountryCodeSession = "mfa_country_code"`
			`MfaSmsDestSession = "mfa_dest"`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`)`

			`type SmsMfa struct {`
			`Config *MfaProps`
			`}`

feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`func (mfa SmsMfa) Initiate(ctx context.Context, userId string) (*MfaProps, error) {`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`recoveryCode := uuid.NewString()`

feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`err := ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`mfaProps := MfaProps{`
			`MfaType: mfa.Config.MfaType,`
			`RecoveryCodes: []string{recoveryCode},`
			`}`
			`return &mfaProps, nil`
			`}`

feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`func (mfa SmsMfa) SetupVerify(ctx context.Context, passCode string) error {`
			`dest := ctx.Input.CruSession.Get(MfaSmsDestSession).(string)`
			`countryCode := ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)`
feat: improve determination about whether dest is mail or phone and mask props (#1814) 2023-05-07 21:19:51 +08:00			`if !util.IsEmailValid(dest) {`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`dest, _ = util.GetE164Number(dest, countryCode)`
			`}`

			`if result := CheckVerificationCode(dest, passCode, "en"); result.Code != VerificationSuccess {`
			`return errors.New(result.Msg)`
			`}`
			`return nil`
			`}`

			`func (mfa SmsMfa) Enable(ctx context.Context, user *User) error {`
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if len(recoveryCodes) == 0 {`
feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`return fmt.Errorf("recovery codes is missing")`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`}`

feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`columns := []string{"recovery_codes", "preferred_mfa_type"}`

			`user.RecoveryCodes = append(user.RecoveryCodes, recoveryCodes...)`
			`if user.PreferredMfaType == "" {`
			`user.PreferredMfaType = mfa.Config.MfaType`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`}`

feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if mfa.Config.MfaType == SmsType {`
			`user.MfaPhoneEnabled = true`
			`columns = append(columns, "mfa_phone_enabled")`

			`if user.Phone == "" {`
			`user.Phone = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)`
			`user.CountryCode = ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)`
			`columns = append(columns, "phone", "country_code")`
			`}`
			`} else if mfa.Config.MfaType == EmailType {`
			`user.MfaEmailEnabled = true`
			`columns = append(columns, "mfa_email_enabled")`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if user.Email == "" {`
			`user.Email = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)`
			`columns = append(columns, "email")`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`}`
			`}`

feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`_, err := UpdateUser(user.GetId(), user, columns, false)`
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00			`if err != nil {`
			`return err`
			`}`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`return nil`
			`}`
feat: return most backend API errors to frontend (#1836) * feat: return most backend API errros to frontend Signed-off-by: yehong <239859435@qq.com> * refactor: reduce int type change Signed-off-by: yehong <239859435@qq.com> * feat: return err backend in token.go Signed-off-by: yehong <239859435@qq.com> --------- Signed-off-by: yehong <239859435@qq.com> 2023-05-30 15:49:39 +08:00
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`func (mfa *SmsMfa) Verify(passCode string) error {`
			`if !util.IsEmailValid(mfa.Config.Secret) {`
			`mfa.Config.Secret, _ = util.GetE164Number(mfa.Config.Secret, mfa.Config.CountryCode)`
			`}`
			`if result := CheckVerificationCode(mfa.Config.Secret, passCode, "en"); result.Code != VerificationSuccess {`
			`return errors.New(result.Msg)`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`}`
			`return nil`
			`}`

feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`func NewSmsMfaUtil(config MfaProps) SmsMfa {`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`if config == nil {`
			`config = &MfaProps{`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`MfaType: SmsType,`
			`}`
			`}`
			`return &SmsMfa{`
			`Config: config,`
			`}`
			`}`

feat: add TOTP multi-factor authentication (#2014) * feat: add totp multi-factor authentication * feat: add license * feat:i18n and update yarn.lock * feat:i18n * fix: i18n 2023-06-24 18:39:54 +08:00			`func NewEmailMfaUtil(config MfaProps) SmsMfa {`
feat: improve MFA by using user's own Email and Phone (#2002) * refactor: mfa * fix: clean code * fix: clean code * fix: fix crash and improve robot 2023-06-21 18:56:37 +08:00			`if config == nil {`
			`config = &MfaProps{`
			`MfaType: EmailType,`
feat: add multi-factor authentication (MFA) feature (#1800) * feat: add two-factor authentication interface and api * merge * feat: add Two-factor authentication accountItem and two-factor api in frontend * feat: add basic 2fa setup UI * rebase * feat: finish the two-factor authentication * rebase * feat: support recover code * chore: fix eslint error * feat: support multiple sms account * fix: client application login * fix: lint * Update authz.go * Update mfa.go * fix: support phone * fix: i18n * fix: i18n * fix: support preferred mfa methods --------- Co-authored-by: hsluoyz <hsluoyz@qq.com> 2023-05-05 21:23:59 +08:00			`}`
			`}`
			`return &SmsMfa{`
			`Config: config,`
			`}`
			`}`