llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 19:40:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add TOTP multi-factor authentication (#2014)

Browse Source 
* feat: add totp multi-factor authentication

* feat: add license

* feat:i18n and update yarn.lock

* feat:i18n

* fix: i18n
This commit is contained in:
Yaodong Yu
2023-06-24 18:39:54 +08:00
committed by GitHub
parent d1e734e4ce
commit 0a8c2a35fe
23 changed files with 1961 additions and 1617 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
object/mfa.go
View File

@ -22,6 +22,8 @@ import (
"github.com/beego/beego/context"
)
const MfaRecoveryCodesSession = "mfa_recovery_codes"
type MfaSessionData struct {
UserId string
}
@ -37,10 +39,10 @@ type MfaProps struct {
}
type MfaInterface interface {
SetupVerify(ctx *context.Context, passCode string) error
Verify(passCode string) error
Initiate(ctx *context.Context, name1 string, name2 string) (*MfaProps, error)
Initiate(ctx *context.Context, userId string) (*MfaProps, error)
SetupVerify(ctx *context.Context, passcode string) error
Enable(ctx *context.Context, user *User) error
Verify(passcode string) error
}
const (
@ -58,11 +60,11 @@ const (
func GetMfaUtil(mfaType string, config *MfaProps) MfaInterface {
switch mfaType {
case SmsType:
return NewSmsTwoFactor(config)
return NewSmsMfaUtil(config)
case EmailType:
return NewEmailTwoFactor(config)
return NewEmailMfaUtil(config)
case TotpType:
return nil
return NewTotpMfaUtil(config)
}
return nil
@ -97,23 +99,9 @@ func MfaRecover(user *User, recoveryCode string) error {
func GetAllMfaProps(user *User, masked bool) []*MfaProps {
mfaProps := []*MfaProps{}
if user.MfaPhoneEnabled {
mfaProps = append(mfaProps, user.GetMfaProps(SmsType, masked))
} else {
mfaProps = append(mfaProps, &MfaProps{
Enabled: false,
MfaType: SmsType,
})
for _, mfaType := range []string{SmsType, EmailType, TotpType} {
mfaProps = append(mfaProps, user.GetMfaProps(mfaType, masked))
}
if user.MfaEmailEnabled {
mfaProps = append(mfaProps, user.GetMfaProps(EmailType, masked))
} else {
mfaProps = append(mfaProps, &MfaProps{
Enabled: false,
MfaType: EmailType,
})
}
return mfaProps
}
@ -121,6 +109,13 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
mfaProps := &MfaProps{}
if mfaType == SmsType {
if !user.MfaPhoneEnabled {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
mfaProps = &MfaProps{
Enabled: user.MfaPhoneEnabled,
MfaType: mfaType,
@ -132,6 +127,13 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
mfaProps.Secret = user.Phone
}
} else if mfaType == EmailType {
if !user.MfaEmailEnabled {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
mfaProps = &MfaProps{
Enabled: user.MfaEmailEnabled,
MfaType: mfaType,
@ -142,9 +144,22 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
mfaProps.Secret = user.Email
}
} else if mfaType == TotpType {
if user.TotpSecret == "" {
return &MfaProps{
Enabled: false,
MfaType: mfaType,
}
}
mfaProps = &MfaProps{
Enabled: true,
MfaType: mfaType,
}
if masked {
mfaProps.Secret = ""
} else {
mfaProps.Secret = user.TotpSecret
}
}
if user.PreferredMfaType == mfaType {
@ -158,8 +173,9 @@ func DisabledMultiFactorAuth(user *User) error {
user.RecoveryCodes = []string{}
user.MfaPhoneEnabled = false
user.MfaEmailEnabled = false
user.TotpSecret = ""
_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type", "recovery_codes", "mfa_phone_enabled", "mfa_email_enabled"}, user.IsAdminUser())
_, err := updateUser(user.GetId(), user, []string{"preferred_mfa_type", "recovery_codes", "mfa_phone_enabled", "mfa_email_enabled", "totp_secret"})
if err != nil {
return err
}