Documentation
¶
Overview ¶
Package mfa provides multi-factor authentication functionality
Package mfa provides multi-factor authentication functionality ¶
Package mfa provides multi-factor authentication functionality ¶
Package mfa provides multi-factor authentication functionality ¶
Package mfa provides multi-factor authentication functionality
Index ¶
- Constants
- Variables
- func AuthenticationOptions(config *WebAuthnConfig, credentials []WebAuthnCredential) (map[string]interface{}, string, error)
- func FormatPhoneNumber(phoneNumber string) string
- func GenerateBackupCode() (string, error)
- func GenerateChallenge(length int) (string, error)
- func GenerateQRCodeURL(config *TOTPConfig, accountName string) string
- func GenerateRandomCode(length int) (string, error)
- func GenerateRandomSecret(length int) (string, error)
- func GenerateSMSCode(length int) (string, error)
- func GenerateSecret(length int) (string, error)
- func GenerateTOTPCode(config *TOTPConfig, t time.Time) (string, error)
- func GenerateTOTPQRCodeURL(issuer, username, secret string) string
- func GetRemainingBackupCodes(codes []MFABackupCode) int
- func IsBackupCodeValid(inputCode string, storedCodes []MFABackupCode) (bool, int)
- func IsVerificationExpired(verification *MFAVerification) bool
- func MarkBackupCodeAsUsed(codes []MFABackupCode, index int) error
- func MaskPhoneNumber(phoneNumber string) string
- func RegistrationOptions(config *WebAuthnConfig, userID, username, displayName string) (map[string]interface{}, string, error)
- func SendSMSCode(config *SMSConfig, verification *SMSVerification) error
- func VerifyBackupCode(providedCode string, storedCodes []MFABackupCode) (bool, int, error)
- func VerifySMSCode(verification *SMSVerification, code string) (bool, error)
- func VerifyTOTPCode(config *TOTPConfig, code string, t time.Time, window int) bool
- func VerifyWebAuthnAuthentication(config *WebAuthnConfig, challenge string, assertionResponse string, ...) error
- type BackupCodeConfig
- type BasicMFAService
- type DefaultMFAManager
- func (m *DefaultMFAManager) DisableMFA(ctx context.Context, userID string) error
- func (m *DefaultMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
- func (m *DefaultMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)
- func (m *DefaultMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
- func (m *DefaultMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error
- func (m *DefaultMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
- func (m *DefaultMFAManager) SetupSMS(ctx context.Context, userID string, phoneNumber string) error
- func (m *DefaultMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
- func (m *DefaultMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
- func (m *DefaultMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
- func (m *DefaultMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
- func (m *DefaultMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)
- func (m *DefaultMFAManager) VerifySMSSetup(ctx context.Context, userID string, code string) error
- func (m *DefaultMFAManager) VerifyTOTPSetup(ctx context.Context, userID string, code string) error
- func (m *DefaultMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)
- func (m *DefaultMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
- type InMemoryMFAStore
- func (s *InMemoryMFAStore) CreateVerification(ctx context.Context, verification *MFAVerification) error
- func (s *InMemoryMFAStore) DeleteMFASettings(ctx context.Context, userID string) error
- func (s *InMemoryMFAStore) DeleteVerification(ctx context.Context, userID string) error
- func (s *InMemoryMFAStore) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
- func (s *InMemoryMFAStore) GetVerification(ctx context.Context, userID string) (*MFAVerification, error)
- func (s *InMemoryMFAStore) SaveMFASettings(ctx context.Context, settings *MFASettings) error
- type MFABackupCode
- type MFABoundaryEnforcer
- type MFAHandler
- func (h *MFAHandler) DisableMFAHandler(w http.ResponseWriter, r *http.Request)
- func (h *MFAHandler) GenerateBackupCodesHandler(w http.ResponseWriter, r *http.Request)
- func (h *MFAHandler) GetMFASettingsHandler(w http.ResponseWriter, r *http.Request)
- func (h *MFAHandler) SetupTOTPHandler(w http.ResponseWriter, r *http.Request)
- func (h *MFAHandler) VerifyMFAHandler(w http.ResponseWriter, r *http.Request)
- func (h *MFAHandler) VerifyTOTPSetupHandler(w http.ResponseWriter, r *http.Request)
- type MFAManager
- type MFAManagerConfig
- type MFAMethod
- type MFAMethodSettings
- type MFASettings
- type MFAStatus
- type MFAStore
- type MFAVerification
- type MockMFAManager
- func (m *MockMFAManager) CleanupExpiredCodes()
- func (m *MockMFAManager) Close() error
- func (m *MockMFAManager) DisableMFA(ctx context.Context, userID string) error
- func (m *MockMFAManager) DisableMFAMethod(userID string, method MFAMethod) error
- func (m *MockMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
- func (m *MockMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)
- func (m *MockMFAManager) GenerateSMSCode(userID string) (string, error)
- func (m *MockMFAManager) GenerateTOTPQRCodeURL(username, secret string) string
- func (m *MockMFAManager) GenerateTOTPSecret(userID string) (string, error)
- func (m *MockMFAManager) GenerateWebAuthnAuthenticationOptions(userID string) (map[string]interface{}, error)
- func (m *MockMFAManager) GenerateWebAuthnRegistrationOptions(userID string) (map[string]interface{}, error)
- func (m *MockMFAManager) GetMFAMethods(userID string) ([]MFAMethod, error)
- func (m *MockMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
- func (m *MockMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error
- func (m *MockMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
- func (m *MockMFAManager) IsMFAEnabled(userID string) (bool, error)
- func (m *MockMFAManager) SendSMS(userID, phoneNumber, message string) error
- func (m *MockMFAManager) SetupSMS(ctx context.Context, userID string, phoneNumber string) error
- func (m *MockMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
- func (m *MockMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
- func (m *MockMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
- func (m *MockMFAManager) VerifyBackupCode(userID, code string) (bool, error)
- func (m *MockMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
- func (m *MockMFAManager) VerifyMFACode(ctx context.Context, userID, methodStr, code string) (bool, error)
- func (m *MockMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)
- func (m *MockMFAManager) VerifySMSSetup(ctx context.Context, userID string, code string) error
- func (m *MockMFAManager) VerifyTOTPCode(userID, secret, code string) (bool, error)
- func (m *MockMFAManager) VerifyTOTPSetup(ctx context.Context, userID string, code string) error
- func (m *MockMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)
- func (m *MockMFAManager) VerifyWebAuthnAuthentication(userID, assertionResponse string) error
- func (m *MockMFAManager) VerifyWebAuthnRegistration(userID, attestationResponse string) error
- func (m *MockMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
- type MockSMSProvider
- type SMSConfig
- type SMSProvider
- type SMSVerification
- type TOTPConfig
- type WebAuthnConfig
- type WebAuthnCredential
- type WebAuthnDevice
Constants ¶
const ( // DefaultBackupCodeLength is the default length of each backup code DefaultBackupCodeLength = 8 // DefaultBackupCodeCount is the default number of backup codes to generate DefaultBackupCodeCount = 10 )
const ( // DefaultSMSCodeLength is the default length of SMS verification codes DefaultSMSCodeLength = 6 // DefaultSMSCodeExpiration is the default expiration time for SMS codes in minutes DefaultSMSCodeExpiration = 10 )
const ( // DefaultDigits is the default number of digits in a TOTP code DefaultDigits = 6 // DefaultPeriod is the default period in seconds for TOTP DefaultPeriod = 30 // DefaultAlgorithm is the default algorithm for TOTP DefaultAlgorithm = "SHA1" // DefaultIssuer is the default issuer for TOTP DefaultIssuer = "LLMrecon" )
Variables ¶
var ( ErrMFARequired = errors.New("multi-factor authentication required") ErrInvalidMFACode = errors.New("invalid MFA code") ErrMFANotEnabled = errors.New("MFA not enabled for user") ErrMFAAlreadyEnabled = errors.New("MFA already enabled for user") ErrMFAMethodNotFound = errors.New("MFA method not found") ErrMFASetupIncomplete = errors.New("MFA setup is incomplete") )
Common MFA-related errors
var ( ErrInvalidTOTP = errors.New("invalid TOTP code") ErrInvalidBackupCode = errors.New("invalid backup code") ErrNoBackupCodesLeft = errors.New("no backup codes left") ErrBackupCodeUsed = errors.New("backup code already used") ErrInvalidMFAMethod = errors.New("invalid MFA method") ErrMFAVerificationFail = errors.New("MFA verification failed") )
Additional MFA errors specific to this file
Functions ¶
func AuthenticationOptions ¶
func AuthenticationOptions(config *WebAuthnConfig, credentials []WebAuthnCredential) (map[string]interface{}, string, error)
AuthenticationOptions generates the options for WebAuthn authentication
func FormatPhoneNumber ¶
FormatPhoneNumber formats a phone number for display
func GenerateBackupCode ¶
GenerateBackupCode generates a random backup code
func GenerateChallenge ¶
GenerateChallenge generates a random challenge for WebAuthn
func GenerateQRCodeURL ¶
func GenerateQRCodeURL(config *TOTPConfig, accountName string) string
GenerateQRCodeURL generates a URL for a QR code for TOTP
func GenerateRandomCode ¶
GenerateRandomCode generates a random numeric code of specified length
func GenerateRandomSecret ¶
GenerateRandomSecret generates a random secret for TOTP
func GenerateSMSCode ¶
GenerateSMSCode generates a random SMS verification code
func GenerateSecret ¶
GenerateSecret generates a new random secret for TOTP
func GenerateTOTPCode ¶
func GenerateTOTPCode(config *TOTPConfig, t time.Time) (string, error)
GenerateTOTPCode generates a TOTP code for the given time
func GenerateTOTPQRCodeURL ¶
GenerateTOTPQRCodeURL generates a URL for a TOTP QR code
func GetRemainingBackupCodes ¶
func GetRemainingBackupCodes(codes []MFABackupCode) int
GetRemainingBackupCodes returns the number of remaining backup codes
func IsBackupCodeValid ¶
func IsBackupCodeValid(inputCode string, storedCodes []MFABackupCode) (bool, int)
IsBackupCodeValid checks if a backup code is valid
func IsVerificationExpired ¶
func IsVerificationExpired(verification *MFAVerification) bool
IsVerificationExpired checks if a verification is expired
func MarkBackupCodeAsUsed ¶
func MarkBackupCodeAsUsed(codes []MFABackupCode, index int) error
MarkBackupCodeAsUsed marks a backup code as used
func MaskPhoneNumber ¶
MaskPhoneNumber masks a phone number for privacy
func RegistrationOptions ¶
func RegistrationOptions(config *WebAuthnConfig, userID, username, displayName string) (map[string]interface{}, string, error)
RegistrationOptions generates the options for WebAuthn registration
func SendSMSCode ¶
func SendSMSCode(config *SMSConfig, verification *SMSVerification) error
SendSMSCode sends an SMS verification code
func VerifyBackupCode ¶
func VerifyBackupCode(providedCode string, storedCodes []MFABackupCode) (bool, int, error)
VerifyBackupCode verifies a backup code
func VerifySMSCode ¶
func VerifySMSCode(verification *SMSVerification, code string) (bool, error)
VerifySMSCode verifies an SMS verification code
func VerifyTOTPCode ¶
VerifyTOTPCode verifies a TOTP code
func VerifyWebAuthnAuthentication ¶
func VerifyWebAuthnAuthentication(config *WebAuthnConfig, challenge string, assertionResponse string, credential *WebAuthnCredential) error
This is a placeholder for a real WebAuthn verification implementation In a real implementation, you would use a WebAuthn library to verify the assertion
Types ¶
type BackupCodeConfig ¶
type BackupCodeConfig struct {
// CodeLength is the length of each backup code
CodeLength int
// CodeCount is the number of backup codes to generate
CodeCount int
}
BackupCodeConfig represents the configuration for backup codes
func DefaultBackupCodeConfig ¶
func DefaultBackupCodeConfig() *BackupCodeConfig
DefaultBackupCodeConfig returns the default backup code configuration
type BasicMFAService ¶
type BasicMFAService struct {
// Secret is the TOTP secret key
Secret string `json:"secret"`
// Algorithm is the TOTP algorithm (default: SHA1)
Algorithm string `json:"algorithm"`
// Digits is the number of digits in the TOTP code (default: 6)
Digits int `json:"digits"`
// Period is the TOTP period in seconds (default: 30)
Period int `json:"period"`
// Issuer is the name of the issuer for the TOTP
Issuer string `json:"issuer"`
// AccountName is the account name for the TOTP
AccountName string `json:"account_name"`
}
BasicMFAService provides basic MFA functionality
type DefaultMFAManager ¶
type DefaultMFAManager struct {
// contains filtered or unexported fields
}
DefaultMFAManager manages MFA operations
func NewDefaultMFAManager ¶
func NewDefaultMFAManager(store MFAStore, config *MFAManagerConfig) *DefaultMFAManager
NewDefaultMFAManager creates a new MFA manager
func (*DefaultMFAManager) DisableMFA ¶
func (m *DefaultMFAManager) DisableMFA(ctx context.Context, userID string) error
DisableMFA disables MFA for a user
func (*DefaultMFAManager) EnableMFA ¶
func (m *DefaultMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
EnableMFA enables MFA for a user
func (*DefaultMFAManager) GenerateBackupCodes ¶
func (m *DefaultMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)
GenerateBackupCodes generates backup codes for a user
func (*DefaultMFAManager) GetMFASettings ¶
func (m *DefaultMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
GetMFASettings gets the MFA settings for a user
func (*DefaultMFAManager) InitiateSMSVerification ¶
func (m *DefaultMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error
InitiateSMSVerification initiates SMS verification
func (*DefaultMFAManager) InitiateWebAuthnVerification ¶
func (m *DefaultMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
InitiateWebAuthnVerification initiates WebAuthn verification
func (*DefaultMFAManager) SetupTOTP ¶
func (m *DefaultMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
SetupTOTP sets up TOTP for a user
func (*DefaultMFAManager) SetupWebAuthn ¶
func (m *DefaultMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
SetupWebAuthn initiates WebAuthn setup
func (*DefaultMFAManager) ValidateMFASettings ¶
func (m *DefaultMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
ValidateMFASettings validates MFA settings
func (*DefaultMFAManager) VerifyMFA ¶
func (m *DefaultMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
VerifyMFA verifies an MFA code
func (*DefaultMFAManager) VerifySMSCode ¶
func (m *DefaultMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)
VerifySMSCode verifies an SMS code
func (*DefaultMFAManager) VerifySMSSetup ¶
VerifySMSSetup verifies SMS setup
func (*DefaultMFAManager) VerifyTOTPSetup ¶
VerifyTOTPSetup verifies TOTP setup
func (*DefaultMFAManager) VerifyWebAuthnAssertion ¶
func (m *DefaultMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)
VerifyWebAuthnAssertion verifies a WebAuthn assertion
func (*DefaultMFAManager) VerifyWebAuthnSetup ¶
func (m *DefaultMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
VerifyWebAuthnSetup verifies WebAuthn setup
type InMemoryMFAStore ¶
type InMemoryMFAStore struct {
// contains filtered or unexported fields
}
InMemoryMFAStore is an in-memory implementation of MFAStore
func NewInMemoryMFAStore ¶
func NewInMemoryMFAStore() *InMemoryMFAStore
NewInMemoryMFAStore creates a new in-memory MFA store
func (*InMemoryMFAStore) CreateVerification ¶
func (s *InMemoryMFAStore) CreateVerification(ctx context.Context, verification *MFAVerification) error
CreateVerification creates a new MFA verification
func (*InMemoryMFAStore) DeleteMFASettings ¶
func (s *InMemoryMFAStore) DeleteMFASettings(ctx context.Context, userID string) error
DeleteMFASettings deletes the MFA settings for a user
func (*InMemoryMFAStore) DeleteVerification ¶
func (s *InMemoryMFAStore) DeleteVerification(ctx context.Context, userID string) error
DeleteVerification deletes an MFA verification
func (*InMemoryMFAStore) GetMFASettings ¶
func (s *InMemoryMFAStore) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
GetMFASettings gets the MFA settings for a user
func (*InMemoryMFAStore) GetVerification ¶
func (s *InMemoryMFAStore) GetVerification(ctx context.Context, userID string) (*MFAVerification, error)
GetVerification gets an MFA verification
func (*InMemoryMFAStore) SaveMFASettings ¶
func (s *InMemoryMFAStore) SaveMFASettings(ctx context.Context, settings *MFASettings) error
SaveMFASettings saves the MFA settings for a user
type MFABackupCode ¶
type MFABackupCode struct {
// Code is the backup code
Code string
// Used indicates whether the code has been used
Used bool
// UsedAt is the time when the code was used
UsedAt time.Time
}
MFABackupCode represents a backup code for MFA
func GenerateBackupCodes ¶
func GenerateBackupCodes(config *BackupCodeConfig) ([]MFABackupCode, error)
GenerateBackupCodes generates a set of backup codes
type MFABoundaryEnforcer ¶
type MFABoundaryEnforcer struct {
// contains filtered or unexported fields
}
MFABoundaryEnforcer enforces MFA boundaries for requests
func NewMFABoundaryEnforcer ¶
func NewMFABoundaryEnforcer(mfaManager MFAManager, sessionManager interfaces.SessionStore) *MFABoundaryEnforcer
NewMFABoundaryEnforcer creates a new MFA boundary enforcer
func (*MFABoundaryEnforcer) RequireMFA ¶
func (e *MFABoundaryEnforcer) RequireMFA(next http.Handler) http.Handler
RequireMFA creates middleware that requires MFA completion
func (*MFABoundaryEnforcer) RequireMFAForRoles ¶
RequireMFAForRoles creates middleware that requires MFA for specific roles
func (*MFABoundaryEnforcer) RequireMFAForUser ¶
RequireMFAForUser creates middleware that requires MFA for specific users
type MFAHandler ¶
type MFAHandler struct {
// contains filtered or unexported fields
}
MFAHandler handles MFA-related API requests
func NewMFAHandler ¶
func NewMFAHandler(mfaManager MFAManager, sessionStore interfaces.SessionStore) *MFAHandler
NewMFAHandler creates a new MFA handler
func (*MFAHandler) DisableMFAHandler ¶
func (h *MFAHandler) DisableMFAHandler(w http.ResponseWriter, r *http.Request)
DisableMFAHandler handles MFA disabling requests
func (*MFAHandler) GenerateBackupCodesHandler ¶
func (h *MFAHandler) GenerateBackupCodesHandler(w http.ResponseWriter, r *http.Request)
GenerateBackupCodesHandler handles backup code generation requests
func (*MFAHandler) GetMFASettingsHandler ¶
func (h *MFAHandler) GetMFASettingsHandler(w http.ResponseWriter, r *http.Request)
GetMFASettingsHandler handles MFA settings retrieval requests
func (*MFAHandler) SetupTOTPHandler ¶
func (h *MFAHandler) SetupTOTPHandler(w http.ResponseWriter, r *http.Request)
SetupTOTPHandler handles TOTP setup requests
func (*MFAHandler) VerifyMFAHandler ¶
func (h *MFAHandler) VerifyMFAHandler(w http.ResponseWriter, r *http.Request)
VerifyMFAHandler handles MFA verification requests
func (*MFAHandler) VerifyTOTPSetupHandler ¶
func (h *MFAHandler) VerifyTOTPSetupHandler(w http.ResponseWriter, r *http.Request)
VerifyTOTPSetupHandler handles TOTP verification requests
type MFAManager ¶
type MFAManager interface {
// Settings management
GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
DisableMFA(ctx context.Context, userID string) error
// TOTP methods
SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
VerifyTOTPSetup(ctx context.Context, userID string, code string) error
// Backup code methods
GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)
// WebAuthn methods
SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)
// SMS methods
SetupSMS(ctx context.Context, userID string, phoneNumber string) error
VerifySMSSetup(ctx context.Context, userID string, code string) error
InitiateSMSVerification(ctx context.Context, userID string) error
VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)
// General MFA methods
VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
}
MFAManager defines the interface for managing multi-factor authentication
type MFAManagerConfig ¶
type MFAManagerConfig struct {
// TOTPConfig is the default TOTP configuration
TOTPConfig *TOTPConfig
// BackupConfig is the default backup code configuration
BackupConfig *BackupCodeConfig
// WebAuthnConfig is the default WebAuthn configuration
WebAuthnConfig *WebAuthnConfig
// SMSConfig is the default SMS configuration
SMSConfig *SMSConfig
// VerificationExpiration is the expiration time for verifications in minutes
VerificationExpiration int
}
MFAManagerConfig represents the configuration for MFAManager
func DefaultMFAManagerConfig ¶
func DefaultMFAManagerConfig() *MFAManagerConfig
DefaultMFAManagerConfig returns the default MFA manager configuration
type MFAMethod ¶
type MFAMethod string
MFAMethod represents the type of MFA method
const ( // MFAMethodTOTP represents Time-based One-Time Password authentication MFAMethodTOTP MFAMethod = "totp" // MFAMethodBackupCode represents backup code authentication MFAMethodBackupCode MFAMethod = "backup_code" // MFAMethodWebAuthn represents WebAuthn/FIDO2 authentication MFAMethodWebAuthn MFAMethod = "webauthn" // MFAMethodSMS represents SMS-based authentication MFAMethodSMS MFAMethod = "sms" )
type MFAMethodSettings ¶
MFAMethodSettings represents settings for an MFA method
type MFASettings ¶
type MFASettings struct {
// UserID is the ID of the user
UserID string
// Enabled indicates whether MFA is enabled for the user
Enabled bool
// DefaultMethod is the default MFA method for the user
DefaultMethod MFAMethod
// Methods is a map of MFA methods to their status
Methods map[MFAMethod]MFAStatus
// TOTPConfig is the TOTP configuration for the user
TOTPConfig *TOTPConfig
// BackupCodes are the backup codes for the user
BackupCodes []MFABackupCode
// WebAuthnCredentials are the WebAuthn credentials for the user
WebAuthnCredentials []WebAuthnCredential
// PhoneNumber is the phone number for SMS verification
PhoneNumber string
// LastUpdated is the time when the settings were last updated
LastUpdated time.Time
}
MFASettings represents the MFA settings for a user
type MFAStatus ¶
type MFAStatus string
MFAStatus represents the status of an MFA method
const ( // MFAStatusEnabled indicates that the MFA method is enabled MFAStatusEnabled MFAStatus = "enabled" // MFAStatusDisabled indicates that the MFA method is disabled MFAStatusDisabled MFAStatus = "disabled" // MFAStatusPending indicates that the MFA method is pending setup MFAStatusPending MFAStatus = "pending" )
type MFAStore ¶
type MFAStore interface {
// GetMFASettings gets the MFA settings for a user
GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
// SaveMFASettings saves the MFA settings for a user
SaveMFASettings(ctx context.Context, settings *MFASettings) error
// DeleteMFASettings deletes the MFA settings for a user
DeleteMFASettings(ctx context.Context, userID string) error
// CreateVerification creates a new MFA verification
CreateVerification(ctx context.Context, verification *MFAVerification) error
// GetVerification gets an MFA verification
GetVerification(ctx context.Context, userID string) (*MFAVerification, error)
// DeleteVerification deletes an MFA verification
DeleteVerification(ctx context.Context, userID string) error
}
MFAStore defines the interface for storing MFA settings
type MFAVerification ¶
type MFAVerification struct {
// UserID is the ID of the user
UserID string
// Method is the MFA method used for verification
Method MFAMethod
// Challenge is the challenge for WebAuthn verification
Challenge string
// SMSVerification is the SMS verification
SMSVerification *SMSVerification
// CreatedAt is the time when the verification was created
CreatedAt time.Time
// ExpiresAt is the time when the verification expires
ExpiresAt time.Time
}
MFAVerification represents an MFA verification
type MockMFAManager ¶
type MockMFAManager struct {
// contains filtered or unexported fields
}
MockMFAManager is a mock implementation of the MFAManager interface for testing
func NewMockMFAManager ¶
func NewMockMFAManager() *MockMFAManager
NewMockMFAManager creates a new mock MFA manager
func (*MockMFAManager) CleanupExpiredCodes ¶
func (m *MockMFAManager) CleanupExpiredCodes()
CleanupExpiredCodes cleans up expired codes for testing
func (*MockMFAManager) Close ¶
func (m *MockMFAManager) Close() error
Close closes the MFA manager for testing
func (*MockMFAManager) DisableMFA ¶
func (m *MockMFAManager) DisableMFA(ctx context.Context, userID string) error
DisableMFA disables MFA for a user
func (*MockMFAManager) DisableMFAMethod ¶
func (m *MockMFAManager) DisableMFAMethod(userID string, method MFAMethod) error
DisableMFAMethod disables an MFA method for a user for testing
func (*MockMFAManager) EnableMFA ¶
func (m *MockMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
EnableMFA enables MFA for a user
func (*MockMFAManager) GenerateBackupCodes ¶
func (m *MockMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)
GenerateBackupCodes generates backup codes for a user
func (*MockMFAManager) GenerateSMSCode ¶
func (m *MockMFAManager) GenerateSMSCode(userID string) (string, error)
GenerateSMSCode generates an SMS code for testing
func (*MockMFAManager) GenerateTOTPQRCodeURL ¶
func (m *MockMFAManager) GenerateTOTPQRCodeURL(username, secret string) string
GenerateTOTPQRCodeURL generates a TOTP QR code URL for testing
func (*MockMFAManager) GenerateTOTPSecret ¶
func (m *MockMFAManager) GenerateTOTPSecret(userID string) (string, error)
GenerateTOTPSecret generates a TOTP secret for testing
func (*MockMFAManager) GenerateWebAuthnAuthenticationOptions ¶
func (m *MockMFAManager) GenerateWebAuthnAuthenticationOptions(userID string) (map[string]interface{}, error)
GenerateWebAuthnAuthenticationOptions generates WebAuthn authentication options for testing
func (*MockMFAManager) GenerateWebAuthnRegistrationOptions ¶
func (m *MockMFAManager) GenerateWebAuthnRegistrationOptions(userID string) (map[string]interface{}, error)
GenerateWebAuthnRegistrationOptions generates WebAuthn registration options for testing
func (*MockMFAManager) GetMFAMethods ¶
func (m *MockMFAManager) GetMFAMethods(userID string) ([]MFAMethod, error)
GetMFAMethods gets the MFA methods for a user for testing
func (*MockMFAManager) GetMFASettings ¶
func (m *MockMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
GetMFASettings gets the MFA settings for a user
func (*MockMFAManager) InitiateSMSVerification ¶
func (m *MockMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error
InitiateSMSVerification initiates SMS verification
func (*MockMFAManager) InitiateWebAuthnVerification ¶
func (m *MockMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
InitiateWebAuthnVerification initiates WebAuthn verification
func (*MockMFAManager) IsMFAEnabled ¶
func (m *MockMFAManager) IsMFAEnabled(userID string) (bool, error)
IsMFAEnabled checks if MFA is enabled for a user for testing
func (*MockMFAManager) SendSMS ¶
func (m *MockMFAManager) SendSMS(userID, phoneNumber, message string) error
SendSMS sends an SMS for testing
func (*MockMFAManager) SetupTOTP ¶
func (m *MockMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
SetupTOTP sets up TOTP for a user
func (*MockMFAManager) SetupWebAuthn ¶
func (m *MockMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
SetupWebAuthn initiates WebAuthn setup
func (*MockMFAManager) ValidateMFASettings ¶
func (m *MockMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
ValidateMFASettings validates MFA settings
func (*MockMFAManager) VerifyBackupCode ¶
func (m *MockMFAManager) VerifyBackupCode(userID, code string) (bool, error)
VerifyBackupCode verifies a backup code for testing
func (*MockMFAManager) VerifyMFA ¶
func (m *MockMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
VerifyMFA verifies an MFA code
func (*MockMFAManager) VerifyMFACode ¶
func (m *MockMFAManager) VerifyMFACode(ctx context.Context, userID, methodStr, code string) (bool, error)
VerifyMFACode verifies an MFA code for testing
func (*MockMFAManager) VerifySMSCode ¶
func (m *MockMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)
VerifySMSCode verifies an SMS code
func (*MockMFAManager) VerifySMSSetup ¶
VerifySMSSetup verifies SMS setup
func (*MockMFAManager) VerifyTOTPCode ¶
func (m *MockMFAManager) VerifyTOTPCode(userID, secret, code string) (bool, error)
VerifyTOTPCode verifies a TOTP code for testing
func (*MockMFAManager) VerifyTOTPSetup ¶
VerifyTOTPSetup verifies TOTP setup
func (*MockMFAManager) VerifyWebAuthnAssertion ¶
func (m *MockMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)
VerifyWebAuthnAssertion verifies a WebAuthn assertion
func (*MockMFAManager) VerifyWebAuthnAuthentication ¶
func (m *MockMFAManager) VerifyWebAuthnAuthentication(userID, assertionResponse string) error
VerifyWebAuthnAuthentication verifies WebAuthn authentication for testing
func (*MockMFAManager) VerifyWebAuthnRegistration ¶
func (m *MockMFAManager) VerifyWebAuthnRegistration(userID, attestationResponse string) error
VerifyWebAuthnRegistration verifies WebAuthn registration for testing
func (*MockMFAManager) VerifyWebAuthnSetup ¶
func (m *MockMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
VerifyWebAuthnSetup verifies WebAuthn setup
type MockSMSProvider ¶
type MockSMSProvider struct{}
MockSMSProvider is a mock implementation of SMSProvider for testing
func (*MockSMSProvider) SendSMS ¶
func (p *MockSMSProvider) SendSMS(to, from, message string) error
SendSMS sends an SMS message (mock implementation)
type SMSConfig ¶
type SMSConfig struct {
CodeLength int // Length of the SMS verification code
CodeExpiration int // Expiration time for SMS codes in minutes
SMSProvider string // SMS provider to use
SMSProviderConfig map[string]string // Configuration for the SMS provider
}
SMSConfig represents the configuration for SMS verification
func DefaultSMSConfig ¶
func DefaultSMSConfig() *SMSConfig
DefaultSMSConfig returns the default SMS configuration
type SMSProvider ¶
type SMSProvider interface {
// SendSMS sends an SMS message
SendSMS(to, from, message string) error
}
SMSProvider defines the interface for SMS providers
func GetSMSProvider ¶
func GetSMSProvider(config *SMSConfig) (SMSProvider, error)
GetSMSProvider returns an SMS provider based on the configuration
type SMSVerification ¶
type SMSVerification struct {
PhoneNumber string // Phone number to send the verification code to
Code string // Verification code
CreatedAt time.Time // Time when the verification was created
ExpiresAt time.Time // Time when the verification expires
VerifiedAt time.Time // Time when the verification was verified
Verified bool // Whether the verification has been verified
Attempts int // Number of verification attempts
MaxAttempts int // Maximum number of verification attempts
}
SMSVerification represents SMS verification
func CreateSMSVerification ¶
func CreateSMSVerification(config *SMSConfig, phoneNumber string, maxAttempts int) (*SMSVerification, error)
CreateSMSVerification creates a new SMS verification
type TOTPConfig ¶
type TOTPConfig struct {
Secret string // Secret key for TOTP
QRCodeURL string // QR code URL for easy setup
Digits int // Number of digits in the TOTP code (default: 6)
Period int // Period in seconds for TOTP (default: 30)
Algorithm string // Algorithm for TOTP (default: SHA1)
Issuer string // Issuer name for TOTP (default: LLMrecon)
}
TOTPConfig represents TOTP configuration
func DefaultTOTPConfig ¶
func DefaultTOTPConfig() *TOTPConfig
DefaultTOTPConfig returns the default TOTP configuration
type WebAuthnConfig ¶
type WebAuthnConfig struct {
// RelyingPartyID is the ID of the relying party (typically the domain name)
RelyingPartyID string
// RelyingPartyName is the name of the relying party
RelyingPartyName string
// Origin is the origin of the relying party
Origin string
// UserVerification specifies the user verification requirement
// Can be "required", "preferred", or "discouraged"
UserVerification string
// AttestationPreference specifies the attestation conveyance preference
// Can be "none", "indirect", "direct", or "enterprise"
AttestationPreference string
// Timeout is the timeout for WebAuthn operations in milliseconds
Timeout int
// ChallengeLength is the length of the challenge in bytes
ChallengeLength int
}
WebAuthnConfig represents the configuration for WebAuthn
func DefaultWebAuthnConfig ¶
func DefaultWebAuthnConfig() *WebAuthnConfig
DefaultWebAuthnConfig returns the default WebAuthn configuration
type WebAuthnCredential ¶
type WebAuthnCredential struct {
// ID is the credential ID
ID string
// PublicKey is the public key of the credential
PublicKey string
// AAGUID is the Authenticator Attestation GUID
AAGUID string
// SignCount is the signature counter
SignCount uint32
// CreatedAt is the time when the credential was created
CreatedAt time.Time
// LastUsedAt is the time when the credential was last used
LastUsedAt time.Time
// DeviceType is the type of device (e.g., "security key", "platform")
DeviceType string
// DeviceName is a user-friendly name for the device
DeviceName string
}
WebAuthnCredential represents a WebAuthn credential
func VerifyWebAuthnRegistration ¶
func VerifyWebAuthnRegistration(config *WebAuthnConfig, challenge string, attestationResponse string) (*WebAuthnCredential, error)
This is a placeholder for a real WebAuthn verification implementation In a real implementation, you would use a WebAuthn library to verify the attestation and assertion responses from the client