mfa

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2025 License: MIT Imports: 18 Imported by: 0

README

Multi-Factor Authentication (MFA) System

This package implements a comprehensive Multi-Factor Authentication (MFA) system for the LLMrecon tool, supporting multiple authentication methods to enhance security.

Supported MFA Methods

  1. TOTP (Time-based One-Time Password)

    • Compatible with standard authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator
    • Implements RFC 6238 standard
    • Includes QR code generation for easy setup
  2. Backup Codes

    • Provides one-time use recovery codes
    • Automatically invalidates codes after use
    • Allows users to regenerate codes when needed
  3. WebAuthn/FIDO2

    • Supports hardware security keys and platform authenticators
    • Implements the Web Authentication API standard
    • Provides phishing-resistant authentication
  4. SMS Verification

    • Sends one-time codes via SMS
    • Includes code expiration for enhanced security
    • Supports phone number management

Architecture

The MFA system is designed with a modular architecture:

mfa/
├── interface.go     # MFA Manager interface definition
├── manager.go       # Main MFA Manager implementation
├── mock_manager.go  # Mock implementation for testing
├── totp.go          # TOTP implementation
├── backup.go        # Backup codes implementation
├── webauthn.go      # WebAuthn implementation
├── sms.go           # SMS verification implementation
└── manager_test.go  # Tests for the MFA system
Core Components
  1. MFAManager Interface

    • Defines the contract for all MFA operations
    • Allows for easy mocking and testing
    • Enables future extension with new authentication methods
  2. Manager Implementation

    • Centralizes MFA logic and method selection
    • Handles user MFA preferences and settings
    • Manages MFA verification workflow
  3. Method-Specific Implementations

    • Each MFA method has its own implementation file
    • Follows best practices for each authentication type
    • Includes proper error handling and security measures

Integration with Authentication System

The MFA system integrates with the existing authentication system through:

  1. AuthManager

    • Extended to include MFA verification in the authentication flow
    • Maintains backward compatibility with existing code
    • Enforces MFA requirements based on user roles and settings
  2. MFA Middleware

    • Provides HTTP middleware for enforcing MFA requirements
    • Supports conditional MFA based on roles, paths, or custom logic
    • Handles MFA verification redirects and session updates
  3. API Endpoints

    • Exposes RESTful endpoints for managing MFA settings
    • Provides verification endpoints for each MFA method
    • Includes proper error handling and security measures

Security Considerations

  1. Secret Management

    • TOTP secrets are stored securely using encryption
    • Backup codes are hashed before storage
    • WebAuthn credentials use secure storage mechanisms
  2. Rate Limiting

    • Verification attempts are rate-limited to prevent brute force attacks
    • Failed attempts are logged for security auditing
  3. Session Management

    • MFA status is tracked in the user's session
    • Sessions are invalidated on suspicious activity
    • MFA completion is required for sensitive operations

Usage Examples

Enabling MFA for a User
// Initialize MFA manager
mfaManager := mfa.NewMFAManager(db)

// Generate TOTP secret for a user
secret, err := mfaManager.GenerateTOTPSecret(userID)
if err != nil {
    // Handle error
}

// Generate QR code URL for the user
qrCodeURL := mfaManager.GenerateTOTPQRCodeURL(username, secret)

// After user verifies the code, enable MFA
user.MFAEnabled = true
user.MFAMethods = append(user.MFAMethods, common.AuthMethodTOTP)
user.MFASecret = secret
Verifying MFA During Login
// After successful password verification
if user.MFAEnabled {
    // Get verification code from user
    valid, err := mfaManager.VerifyMFACode(ctx, user.ID, method, code)
    if err != nil || !valid {
        // Handle invalid code
        return errors.New("invalid verification code")
    }
    
    // Mark MFA as completed in session
    session.MFACompleted = true
    authManager.UpdateSession(ctx, session)
}
Using MFA Middleware
// Create MFA middleware
mfaMiddleware := access.NewMFAMiddleware(authManager)

// Require MFA for all admin routes
adminRouter := mux.NewRouter()
adminRouter.Use(mfaMiddleware.RequireMFA)
adminRouter.HandleFunc("/admin/dashboard", adminDashboardHandler)

// Require MFA only for specific roles
sensitiveRouter := mux.NewRouter()
sensitiveRouter.Use(mfaMiddleware.MFAByRole([]access.Role{access.RoleAdmin, access.RoleManager}))
sensitiveRouter.HandleFunc("/sensitive/data", sensitiveDataHandler)

// Require MFA only for specific paths
router := mux.NewRouter()
router.Use(mfaMiddleware.MFAByPath([]string{"/settings/security", "/settings/api-keys"}))

Testing

The MFA system includes comprehensive tests for all components:

  • Unit tests for each MFA method
  • Integration tests with the authentication system
  • Mock implementations for testing without external dependencies

Run the tests with:

go test -v ./src/security/access/mfa/...

Documentation

Overview

Package mfa provides multi-factor authentication functionality

Package mfa provides multi-factor authentication functionality

Package mfa provides multi-factor authentication functionality

Package mfa provides multi-factor authentication functionality

Package mfa provides multi-factor authentication functionality

Index

Constants

View Source
const (
	// DefaultBackupCodeLength is the default length of each backup code
	DefaultBackupCodeLength = 8

	// DefaultBackupCodeCount is the default number of backup codes to generate
	DefaultBackupCodeCount = 10
)
View Source
const (
	// DefaultSMSCodeLength is the default length of SMS verification codes
	DefaultSMSCodeLength = 6

	// DefaultSMSCodeExpiration is the default expiration time for SMS codes in minutes
	DefaultSMSCodeExpiration = 10
)
View Source
const (
	// DefaultDigits is the default number of digits in a TOTP code
	DefaultDigits = 6

	// DefaultPeriod is the default period in seconds for TOTP
	DefaultPeriod = 30

	// DefaultAlgorithm is the default algorithm for TOTP
	DefaultAlgorithm = "SHA1"

	// DefaultIssuer is the default issuer for TOTP
	DefaultIssuer = "LLMrecon"
)

Variables

View Source
var (
	ErrMFARequired        = errors.New("multi-factor authentication required")
	ErrInvalidMFACode     = errors.New("invalid MFA code")
	ErrMFANotEnabled      = errors.New("MFA not enabled for user")
	ErrMFAAlreadyEnabled  = errors.New("MFA already enabled for user")
	ErrMFAMethodNotFound  = errors.New("MFA method not found")
	ErrMFASetupIncomplete = errors.New("MFA setup is incomplete")
)

Common MFA-related errors

View Source
var (
	ErrInvalidTOTP         = errors.New("invalid TOTP code")
	ErrInvalidBackupCode   = errors.New("invalid backup code")
	ErrNoBackupCodesLeft   = errors.New("no backup codes left")
	ErrBackupCodeUsed      = errors.New("backup code already used")
	ErrInvalidMFAMethod    = errors.New("invalid MFA method")
	ErrMFAVerificationFail = errors.New("MFA verification failed")
)

Additional MFA errors specific to this file

Functions

func AuthenticationOptions

func AuthenticationOptions(config *WebAuthnConfig, credentials []WebAuthnCredential) (map[string]interface{}, string, error)

AuthenticationOptions generates the options for WebAuthn authentication

func FormatPhoneNumber

func FormatPhoneNumber(phoneNumber string) string

FormatPhoneNumber formats a phone number for display

func GenerateBackupCode

func GenerateBackupCode() (string, error)

GenerateBackupCode generates a random backup code

func GenerateChallenge

func GenerateChallenge(length int) (string, error)

GenerateChallenge generates a random challenge for WebAuthn

func GenerateQRCodeURL

func GenerateQRCodeURL(config *TOTPConfig, accountName string) string

GenerateQRCodeURL generates a URL for a QR code for TOTP

func GenerateRandomCode

func GenerateRandomCode(length int) (string, error)

GenerateRandomCode generates a random numeric code of specified length

func GenerateRandomSecret

func GenerateRandomSecret(length int) (string, error)

GenerateRandomSecret generates a random secret for TOTP

func GenerateSMSCode

func GenerateSMSCode(length int) (string, error)

GenerateSMSCode generates a random SMS verification code

func GenerateSecret

func GenerateSecret(length int) (string, error)

GenerateSecret generates a new random secret for TOTP

func GenerateTOTPCode

func GenerateTOTPCode(config *TOTPConfig, t time.Time) (string, error)

GenerateTOTPCode generates a TOTP code for the given time

func GenerateTOTPQRCodeURL

func GenerateTOTPQRCodeURL(issuer, username, secret string) string

GenerateTOTPQRCodeURL generates a URL for a TOTP QR code

func GetRemainingBackupCodes

func GetRemainingBackupCodes(codes []MFABackupCode) int

GetRemainingBackupCodes returns the number of remaining backup codes

func IsBackupCodeValid

func IsBackupCodeValid(inputCode string, storedCodes []MFABackupCode) (bool, int)

IsBackupCodeValid checks if a backup code is valid

func IsVerificationExpired

func IsVerificationExpired(verification *MFAVerification) bool

IsVerificationExpired checks if a verification is expired

func MarkBackupCodeAsUsed

func MarkBackupCodeAsUsed(codes []MFABackupCode, index int) error

MarkBackupCodeAsUsed marks a backup code as used

func MaskPhoneNumber

func MaskPhoneNumber(phoneNumber string) string

MaskPhoneNumber masks a phone number for privacy

func RegistrationOptions

func RegistrationOptions(config *WebAuthnConfig, userID, username, displayName string) (map[string]interface{}, string, error)

RegistrationOptions generates the options for WebAuthn registration

func SendSMSCode

func SendSMSCode(config *SMSConfig, verification *SMSVerification) error

SendSMSCode sends an SMS verification code

func VerifyBackupCode

func VerifyBackupCode(providedCode string, storedCodes []MFABackupCode) (bool, int, error)

VerifyBackupCode verifies a backup code

func VerifySMSCode

func VerifySMSCode(verification *SMSVerification, code string) (bool, error)

VerifySMSCode verifies an SMS verification code

func VerifyTOTPCode

func VerifyTOTPCode(config *TOTPConfig, code string, t time.Time, window int) bool

VerifyTOTPCode verifies a TOTP code

func VerifyWebAuthnAuthentication

func VerifyWebAuthnAuthentication(config *WebAuthnConfig, challenge string, assertionResponse string, credential *WebAuthnCredential) error

This is a placeholder for a real WebAuthn verification implementation In a real implementation, you would use a WebAuthn library to verify the assertion

Types

type BackupCodeConfig

type BackupCodeConfig struct {
	// CodeLength is the length of each backup code
	CodeLength int

	// CodeCount is the number of backup codes to generate
	CodeCount int
}

BackupCodeConfig represents the configuration for backup codes

func DefaultBackupCodeConfig

func DefaultBackupCodeConfig() *BackupCodeConfig

DefaultBackupCodeConfig returns the default backup code configuration

type BasicMFAService

type BasicMFAService struct {
	// Secret is the TOTP secret key
	Secret string `json:"secret"`

	// Algorithm is the TOTP algorithm (default: SHA1)
	Algorithm string `json:"algorithm"`

	// Digits is the number of digits in the TOTP code (default: 6)
	Digits int `json:"digits"`

	// Period is the TOTP period in seconds (default: 30)
	Period int `json:"period"`

	// Issuer is the name of the issuer for the TOTP
	Issuer string `json:"issuer"`

	// AccountName is the account name for the TOTP
	AccountName string `json:"account_name"`
}

BasicMFAService provides basic MFA functionality

type DefaultMFAManager

type DefaultMFAManager struct {
	// contains filtered or unexported fields
}

DefaultMFAManager manages MFA operations

func NewDefaultMFAManager

func NewDefaultMFAManager(store MFAStore, config *MFAManagerConfig) *DefaultMFAManager

NewDefaultMFAManager creates a new MFA manager

func (*DefaultMFAManager) DisableMFA

func (m *DefaultMFAManager) DisableMFA(ctx context.Context, userID string) error

DisableMFA disables MFA for a user

func (*DefaultMFAManager) EnableMFA

func (m *DefaultMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)

EnableMFA enables MFA for a user

func (*DefaultMFAManager) GenerateBackupCodes

func (m *DefaultMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)

GenerateBackupCodes generates backup codes for a user

func (*DefaultMFAManager) GetMFASettings

func (m *DefaultMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)

GetMFASettings gets the MFA settings for a user

func (*DefaultMFAManager) InitiateSMSVerification

func (m *DefaultMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error

InitiateSMSVerification initiates SMS verification

func (*DefaultMFAManager) InitiateWebAuthnVerification

func (m *DefaultMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)

InitiateWebAuthnVerification initiates WebAuthn verification

func (*DefaultMFAManager) SetupSMS

func (m *DefaultMFAManager) SetupSMS(ctx context.Context, userID string, phoneNumber string) error

SetupSMS initiates SMS setup

func (*DefaultMFAManager) SetupTOTP

func (m *DefaultMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)

SetupTOTP sets up TOTP for a user

func (*DefaultMFAManager) SetupWebAuthn

func (m *DefaultMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)

SetupWebAuthn initiates WebAuthn setup

func (*DefaultMFAManager) ValidateMFASettings

func (m *DefaultMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)

ValidateMFASettings validates MFA settings

func (*DefaultMFAManager) VerifyMFA

func (m *DefaultMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)

VerifyMFA verifies an MFA code

func (*DefaultMFAManager) VerifySMSCode

func (m *DefaultMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)

VerifySMSCode verifies an SMS code

func (*DefaultMFAManager) VerifySMSSetup

func (m *DefaultMFAManager) VerifySMSSetup(ctx context.Context, userID string, code string) error

VerifySMSSetup verifies SMS setup

func (*DefaultMFAManager) VerifyTOTPSetup

func (m *DefaultMFAManager) VerifyTOTPSetup(ctx context.Context, userID string, code string) error

VerifyTOTPSetup verifies TOTP setup

func (*DefaultMFAManager) VerifyWebAuthnAssertion

func (m *DefaultMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)

VerifyWebAuthnAssertion verifies a WebAuthn assertion

func (*DefaultMFAManager) VerifyWebAuthnSetup

func (m *DefaultMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error

VerifyWebAuthnSetup verifies WebAuthn setup

type InMemoryMFAStore

type InMemoryMFAStore struct {
	// contains filtered or unexported fields
}

InMemoryMFAStore is an in-memory implementation of MFAStore

func NewInMemoryMFAStore

func NewInMemoryMFAStore() *InMemoryMFAStore

NewInMemoryMFAStore creates a new in-memory MFA store

func (*InMemoryMFAStore) CreateVerification

func (s *InMemoryMFAStore) CreateVerification(ctx context.Context, verification *MFAVerification) error

CreateVerification creates a new MFA verification

func (*InMemoryMFAStore) DeleteMFASettings

func (s *InMemoryMFAStore) DeleteMFASettings(ctx context.Context, userID string) error

DeleteMFASettings deletes the MFA settings for a user

func (*InMemoryMFAStore) DeleteVerification

func (s *InMemoryMFAStore) DeleteVerification(ctx context.Context, userID string) error

DeleteVerification deletes an MFA verification

func (*InMemoryMFAStore) GetMFASettings

func (s *InMemoryMFAStore) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)

GetMFASettings gets the MFA settings for a user

func (*InMemoryMFAStore) GetVerification

func (s *InMemoryMFAStore) GetVerification(ctx context.Context, userID string) (*MFAVerification, error)

GetVerification gets an MFA verification

func (*InMemoryMFAStore) SaveMFASettings

func (s *InMemoryMFAStore) SaveMFASettings(ctx context.Context, settings *MFASettings) error

SaveMFASettings saves the MFA settings for a user

type MFABackupCode

type MFABackupCode struct {
	// Code is the backup code
	Code string

	// Used indicates whether the code has been used
	Used bool

	// UsedAt is the time when the code was used
	UsedAt time.Time
}

MFABackupCode represents a backup code for MFA

func GenerateBackupCodes

func GenerateBackupCodes(config *BackupCodeConfig) ([]MFABackupCode, error)

GenerateBackupCodes generates a set of backup codes

type MFABoundaryEnforcer

type MFABoundaryEnforcer struct {
	// contains filtered or unexported fields
}

MFABoundaryEnforcer enforces MFA boundaries for requests

func NewMFABoundaryEnforcer

func NewMFABoundaryEnforcer(mfaManager MFAManager, sessionManager interfaces.SessionStore) *MFABoundaryEnforcer

NewMFABoundaryEnforcer creates a new MFA boundary enforcer

func (*MFABoundaryEnforcer) RequireMFA

func (e *MFABoundaryEnforcer) RequireMFA(next http.Handler) http.Handler

RequireMFA creates middleware that requires MFA completion

func (*MFABoundaryEnforcer) RequireMFAForRoles

func (e *MFABoundaryEnforcer) RequireMFAForRoles(roles []string, next http.Handler) http.Handler

RequireMFAForRoles creates middleware that requires MFA for specific roles

func (*MFABoundaryEnforcer) RequireMFAForUser

func (e *MFABoundaryEnforcer) RequireMFAForUser(userID string, next http.Handler) http.Handler

RequireMFAForUser creates middleware that requires MFA for specific users

type MFAHandler

type MFAHandler struct {
	// contains filtered or unexported fields
}

MFAHandler handles MFA-related API requests

func NewMFAHandler

func NewMFAHandler(mfaManager MFAManager, sessionStore interfaces.SessionStore) *MFAHandler

NewMFAHandler creates a new MFA handler

func (*MFAHandler) DisableMFAHandler

func (h *MFAHandler) DisableMFAHandler(w http.ResponseWriter, r *http.Request)

DisableMFAHandler handles MFA disabling requests

func (*MFAHandler) GenerateBackupCodesHandler

func (h *MFAHandler) GenerateBackupCodesHandler(w http.ResponseWriter, r *http.Request)

GenerateBackupCodesHandler handles backup code generation requests

func (*MFAHandler) GetMFASettingsHandler

func (h *MFAHandler) GetMFASettingsHandler(w http.ResponseWriter, r *http.Request)

GetMFASettingsHandler handles MFA settings retrieval requests

func (*MFAHandler) SetupTOTPHandler

func (h *MFAHandler) SetupTOTPHandler(w http.ResponseWriter, r *http.Request)

SetupTOTPHandler handles TOTP setup requests

func (*MFAHandler) VerifyMFAHandler

func (h *MFAHandler) VerifyMFAHandler(w http.ResponseWriter, r *http.Request)

VerifyMFAHandler handles MFA verification requests

func (*MFAHandler) VerifyTOTPSetupHandler

func (h *MFAHandler) VerifyTOTPSetupHandler(w http.ResponseWriter, r *http.Request)

VerifyTOTPSetupHandler handles TOTP verification requests

type MFAManager

type MFAManager interface {
	// Settings management
	GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)
	EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)
	DisableMFA(ctx context.Context, userID string) error

	// TOTP methods
	SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)
	VerifyTOTPSetup(ctx context.Context, userID string, code string) error

	// Backup code methods
	GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)

	// WebAuthn methods
	SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)
	VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error
	InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)
	VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)

	// SMS methods
	SetupSMS(ctx context.Context, userID string, phoneNumber string) error
	VerifySMSSetup(ctx context.Context, userID string, code string) error
	InitiateSMSVerification(ctx context.Context, userID string) error
	VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)

	// General MFA methods
	VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)
	ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)
}

MFAManager defines the interface for managing multi-factor authentication

type MFAManagerConfig

type MFAManagerConfig struct {
	// TOTPConfig is the default TOTP configuration
	TOTPConfig *TOTPConfig

	// BackupConfig is the default backup code configuration
	BackupConfig *BackupCodeConfig

	// WebAuthnConfig is the default WebAuthn configuration
	WebAuthnConfig *WebAuthnConfig

	// SMSConfig is the default SMS configuration
	SMSConfig *SMSConfig

	// VerificationExpiration is the expiration time for verifications in minutes
	VerificationExpiration int
}

MFAManagerConfig represents the configuration for MFAManager

func DefaultMFAManagerConfig

func DefaultMFAManagerConfig() *MFAManagerConfig

DefaultMFAManagerConfig returns the default MFA manager configuration

type MFAMethod

type MFAMethod string

MFAMethod represents the type of MFA method

const (
	// MFAMethodTOTP represents Time-based One-Time Password authentication
	MFAMethodTOTP MFAMethod = "totp"

	// MFAMethodBackupCode represents backup code authentication
	MFAMethodBackupCode MFAMethod = "backup_code"

	// MFAMethodWebAuthn represents WebAuthn/FIDO2 authentication
	MFAMethodWebAuthn MFAMethod = "webauthn"

	// MFAMethodSMS represents SMS-based authentication
	MFAMethodSMS MFAMethod = "sms"
)

type MFAMethodSettings

type MFAMethodSettings struct {
	Method MFAMethod
	Status MFAStatus
}

MFAMethodSettings represents settings for an MFA method

type MFASettings

type MFASettings struct {
	// UserID is the ID of the user
	UserID string

	// Enabled indicates whether MFA is enabled for the user
	Enabled bool

	// DefaultMethod is the default MFA method for the user
	DefaultMethod MFAMethod

	// Methods is a map of MFA methods to their status
	Methods map[MFAMethod]MFAStatus

	// TOTPConfig is the TOTP configuration for the user
	TOTPConfig *TOTPConfig

	// BackupCodes are the backup codes for the user
	BackupCodes []MFABackupCode

	// WebAuthnCredentials are the WebAuthn credentials for the user
	WebAuthnCredentials []WebAuthnCredential

	// PhoneNumber is the phone number for SMS verification
	PhoneNumber string

	// LastUpdated is the time when the settings were last updated
	LastUpdated time.Time
}

MFASettings represents the MFA settings for a user

type MFAStatus

type MFAStatus string

MFAStatus represents the status of an MFA method

const (
	// MFAStatusEnabled indicates that the MFA method is enabled
	MFAStatusEnabled MFAStatus = "enabled"

	// MFAStatusDisabled indicates that the MFA method is disabled
	MFAStatusDisabled MFAStatus = "disabled"

	// MFAStatusPending indicates that the MFA method is pending setup
	MFAStatusPending MFAStatus = "pending"
)

type MFAStore

type MFAStore interface {
	// GetMFASettings gets the MFA settings for a user
	GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)

	// SaveMFASettings saves the MFA settings for a user
	SaveMFASettings(ctx context.Context, settings *MFASettings) error

	// DeleteMFASettings deletes the MFA settings for a user
	DeleteMFASettings(ctx context.Context, userID string) error

	// CreateVerification creates a new MFA verification
	CreateVerification(ctx context.Context, verification *MFAVerification) error

	// GetVerification gets an MFA verification
	GetVerification(ctx context.Context, userID string) (*MFAVerification, error)

	// DeleteVerification deletes an MFA verification
	DeleteVerification(ctx context.Context, userID string) error
}

MFAStore defines the interface for storing MFA settings

type MFAVerification

type MFAVerification struct {
	// UserID is the ID of the user
	UserID string

	// Method is the MFA method used for verification
	Method MFAMethod

	// Challenge is the challenge for WebAuthn verification
	Challenge string

	// SMSVerification is the SMS verification
	SMSVerification *SMSVerification

	// CreatedAt is the time when the verification was created
	CreatedAt time.Time

	// ExpiresAt is the time when the verification expires
	ExpiresAt time.Time
}

MFAVerification represents an MFA verification

type MockMFAManager

type MockMFAManager struct {
	// contains filtered or unexported fields
}

MockMFAManager is a mock implementation of the MFAManager interface for testing

func NewMockMFAManager

func NewMockMFAManager() *MockMFAManager

NewMockMFAManager creates a new mock MFA manager

func (*MockMFAManager) CleanupExpiredCodes

func (m *MockMFAManager) CleanupExpiredCodes()

CleanupExpiredCodes cleans up expired codes for testing

func (*MockMFAManager) Close

func (m *MockMFAManager) Close() error

Close closes the MFA manager for testing

func (*MockMFAManager) DisableMFA

func (m *MockMFAManager) DisableMFA(ctx context.Context, userID string) error

DisableMFA disables MFA for a user

func (*MockMFAManager) DisableMFAMethod

func (m *MockMFAManager) DisableMFAMethod(userID string, method MFAMethod) error

DisableMFAMethod disables an MFA method for a user for testing

func (*MockMFAManager) EnableMFA

func (m *MockMFAManager) EnableMFA(ctx context.Context, userID string, method MFAMethod) (*MFASettings, error)

EnableMFA enables MFA for a user

func (*MockMFAManager) GenerateBackupCodes

func (m *MockMFAManager) GenerateBackupCodes(ctx context.Context, userID string) ([]MFABackupCode, error)

GenerateBackupCodes generates backup codes for a user

func (*MockMFAManager) GenerateSMSCode

func (m *MockMFAManager) GenerateSMSCode(userID string) (string, error)

GenerateSMSCode generates an SMS code for testing

func (*MockMFAManager) GenerateTOTPQRCodeURL

func (m *MockMFAManager) GenerateTOTPQRCodeURL(username, secret string) string

GenerateTOTPQRCodeURL generates a TOTP QR code URL for testing

func (*MockMFAManager) GenerateTOTPSecret

func (m *MockMFAManager) GenerateTOTPSecret(userID string) (string, error)

GenerateTOTPSecret generates a TOTP secret for testing

func (*MockMFAManager) GenerateWebAuthnAuthenticationOptions

func (m *MockMFAManager) GenerateWebAuthnAuthenticationOptions(userID string) (map[string]interface{}, error)

GenerateWebAuthnAuthenticationOptions generates WebAuthn authentication options for testing

func (*MockMFAManager) GenerateWebAuthnRegistrationOptions

func (m *MockMFAManager) GenerateWebAuthnRegistrationOptions(userID string) (map[string]interface{}, error)

GenerateWebAuthnRegistrationOptions generates WebAuthn registration options for testing

func (*MockMFAManager) GetMFAMethods

func (m *MockMFAManager) GetMFAMethods(userID string) ([]MFAMethod, error)

GetMFAMethods gets the MFA methods for a user for testing

func (*MockMFAManager) GetMFASettings

func (m *MockMFAManager) GetMFASettings(ctx context.Context, userID string) (*MFASettings, error)

GetMFASettings gets the MFA settings for a user

func (*MockMFAManager) InitiateSMSVerification

func (m *MockMFAManager) InitiateSMSVerification(ctx context.Context, userID string) error

InitiateSMSVerification initiates SMS verification

func (*MockMFAManager) InitiateWebAuthnVerification

func (m *MockMFAManager) InitiateWebAuthnVerification(ctx context.Context, userID string) (map[string]interface{}, error)

InitiateWebAuthnVerification initiates WebAuthn verification

func (*MockMFAManager) IsMFAEnabled

func (m *MockMFAManager) IsMFAEnabled(userID string) (bool, error)

IsMFAEnabled checks if MFA is enabled for a user for testing

func (*MockMFAManager) SendSMS

func (m *MockMFAManager) SendSMS(userID, phoneNumber, message string) error

SendSMS sends an SMS for testing

func (*MockMFAManager) SetupSMS

func (m *MockMFAManager) SetupSMS(ctx context.Context, userID string, phoneNumber string) error

SetupSMS initiates SMS setup

func (*MockMFAManager) SetupTOTP

func (m *MockMFAManager) SetupTOTP(ctx context.Context, userID string, username string) (*TOTPConfig, error)

SetupTOTP sets up TOTP for a user

func (*MockMFAManager) SetupWebAuthn

func (m *MockMFAManager) SetupWebAuthn(ctx context.Context, userID string, username string, displayName string) (map[string]interface{}, error)

SetupWebAuthn initiates WebAuthn setup

func (*MockMFAManager) ValidateMFASettings

func (m *MockMFAManager) ValidateMFASettings(ctx context.Context, userID string) (bool, []string, error)

ValidateMFASettings validates MFA settings

func (*MockMFAManager) VerifyBackupCode

func (m *MockMFAManager) VerifyBackupCode(userID, code string) (bool, error)

VerifyBackupCode verifies a backup code for testing

func (*MockMFAManager) VerifyMFA

func (m *MockMFAManager) VerifyMFA(ctx context.Context, userID string, method MFAMethod, code string) (bool, error)

VerifyMFA verifies an MFA code

func (*MockMFAManager) VerifyMFACode

func (m *MockMFAManager) VerifyMFACode(ctx context.Context, userID, methodStr, code string) (bool, error)

VerifyMFACode verifies an MFA code for testing

func (*MockMFAManager) VerifySMSCode

func (m *MockMFAManager) VerifySMSCode(ctx context.Context, userID string, code string) (bool, error)

VerifySMSCode verifies an SMS code

func (*MockMFAManager) VerifySMSSetup

func (m *MockMFAManager) VerifySMSSetup(ctx context.Context, userID string, code string) error

VerifySMSSetup verifies SMS setup

func (*MockMFAManager) VerifyTOTPCode

func (m *MockMFAManager) VerifyTOTPCode(userID, secret, code string) (bool, error)

VerifyTOTPCode verifies a TOTP code for testing

func (*MockMFAManager) VerifyTOTPSetup

func (m *MockMFAManager) VerifyTOTPSetup(ctx context.Context, userID string, code string) error

VerifyTOTPSetup verifies TOTP setup

func (*MockMFAManager) VerifyWebAuthnAssertion

func (m *MockMFAManager) VerifyWebAuthnAssertion(ctx context.Context, userID string, assertionResponse string) (bool, error)

VerifyWebAuthnAssertion verifies a WebAuthn assertion

func (*MockMFAManager) VerifyWebAuthnAuthentication

func (m *MockMFAManager) VerifyWebAuthnAuthentication(userID, assertionResponse string) error

VerifyWebAuthnAuthentication verifies WebAuthn authentication for testing

func (*MockMFAManager) VerifyWebAuthnRegistration

func (m *MockMFAManager) VerifyWebAuthnRegistration(userID, attestationResponse string) error

VerifyWebAuthnRegistration verifies WebAuthn registration for testing

func (*MockMFAManager) VerifyWebAuthnSetup

func (m *MockMFAManager) VerifyWebAuthnSetup(ctx context.Context, userID string, attestationResponse string) error

VerifyWebAuthnSetup verifies WebAuthn setup

type MockSMSProvider

type MockSMSProvider struct{}

MockSMSProvider is a mock implementation of SMSProvider for testing

func (*MockSMSProvider) SendSMS

func (p *MockSMSProvider) SendSMS(to, from, message string) error

SendSMS sends an SMS message (mock implementation)

type SMSConfig

type SMSConfig struct {
	CodeLength        int               // Length of the SMS verification code
	CodeExpiration    int               // Expiration time for SMS codes in minutes
	SMSProvider       string            // SMS provider to use
	SMSProviderConfig map[string]string // Configuration for the SMS provider
}

SMSConfig represents the configuration for SMS verification

func DefaultSMSConfig

func DefaultSMSConfig() *SMSConfig

DefaultSMSConfig returns the default SMS configuration

type SMSProvider

type SMSProvider interface {
	// SendSMS sends an SMS message
	SendSMS(to, from, message string) error
}

SMSProvider defines the interface for SMS providers

func GetSMSProvider

func GetSMSProvider(config *SMSConfig) (SMSProvider, error)

GetSMSProvider returns an SMS provider based on the configuration

type SMSVerification

type SMSVerification struct {
	PhoneNumber string    // Phone number to send the verification code to
	Code        string    // Verification code
	CreatedAt   time.Time // Time when the verification was created
	ExpiresAt   time.Time // Time when the verification expires
	VerifiedAt  time.Time // Time when the verification was verified
	Verified    bool      // Whether the verification has been verified
	Attempts    int       // Number of verification attempts
	MaxAttempts int       // Maximum number of verification attempts
}

SMSVerification represents SMS verification

func CreateSMSVerification

func CreateSMSVerification(config *SMSConfig, phoneNumber string, maxAttempts int) (*SMSVerification, error)

CreateSMSVerification creates a new SMS verification

type TOTPConfig

type TOTPConfig struct {
	Secret    string // Secret key for TOTP
	QRCodeURL string // QR code URL for easy setup
	Digits    int    // Number of digits in the TOTP code (default: 6)
	Period    int    // Period in seconds for TOTP (default: 30)
	Algorithm string // Algorithm for TOTP (default: SHA1)
	Issuer    string // Issuer name for TOTP (default: LLMrecon)
}

TOTPConfig represents TOTP configuration

func DefaultTOTPConfig

func DefaultTOTPConfig() *TOTPConfig

DefaultTOTPConfig returns the default TOTP configuration

type WebAuthnConfig

type WebAuthnConfig struct {
	// RelyingPartyID is the ID of the relying party (typically the domain name)
	RelyingPartyID string

	// RelyingPartyName is the name of the relying party
	RelyingPartyName string

	// Origin is the origin of the relying party
	Origin string

	// UserVerification specifies the user verification requirement
	// Can be "required", "preferred", or "discouraged"
	UserVerification string

	// AttestationPreference specifies the attestation conveyance preference
	// Can be "none", "indirect", "direct", or "enterprise"
	AttestationPreference string

	// Timeout is the timeout for WebAuthn operations in milliseconds
	Timeout int

	// ChallengeLength is the length of the challenge in bytes
	ChallengeLength int
}

WebAuthnConfig represents the configuration for WebAuthn

func DefaultWebAuthnConfig

func DefaultWebAuthnConfig() *WebAuthnConfig

DefaultWebAuthnConfig returns the default WebAuthn configuration

type WebAuthnCredential

type WebAuthnCredential struct {
	// ID is the credential ID
	ID string

	// PublicKey is the public key of the credential
	PublicKey string

	// AAGUID is the Authenticator Attestation GUID
	AAGUID string

	// SignCount is the signature counter
	SignCount uint32

	// CreatedAt is the time when the credential was created
	CreatedAt time.Time

	// LastUsedAt is the time when the credential was last used
	LastUsedAt time.Time

	// DeviceType is the type of device (e.g., "security key", "platform")
	DeviceType string

	// DeviceName is a user-friendly name for the device
	DeviceName string
}

WebAuthnCredential represents a WebAuthn credential

func VerifyWebAuthnRegistration

func VerifyWebAuthnRegistration(config *WebAuthnConfig, challenge string, attestationResponse string) (*WebAuthnCredential, error)

This is a placeholder for a real WebAuthn verification implementation In a real implementation, you would use a WebAuthn library to verify the attestation and assertion responses from the client

type WebAuthnDevice

type WebAuthnDevice struct {
	ID        string
	Name      string
	CreatedAt time.Time
	LastUsed  time.Time
}

WebAuthnDevice represents a WebAuthn device

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL