2020-05-07 02:14:54 -06:00
|
|
|
# Pleroma: A lightweight social networking server
|
2022-02-25 23:11:42 -07:00
|
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
2020-05-07 02:14:54 -06:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.Auth.TOTPAuthenticator do
|
|
|
|
alias Pleroma.MFA
|
|
|
|
alias Pleroma.MFA.TOTP
|
|
|
|
alias Pleroma.User
|
2020-06-24 04:07:47 -06:00
|
|
|
alias Pleroma.Web.Plugs.AuthenticationPlug
|
2020-05-07 02:14:54 -06:00
|
|
|
|
|
|
|
@doc "Verify code or check backup code."
|
|
|
|
@spec verify(String.t(), User.t()) ::
|
|
|
|
{:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
|
|
|
|
def verify(
|
|
|
|
token,
|
|
|
|
%User{
|
|
|
|
multi_factor_authentication_settings:
|
|
|
|
%{enabled: true, totp: %{secret: secret, confirmed: true}} = _
|
|
|
|
} = _user
|
|
|
|
)
|
|
|
|
when is_binary(token) and byte_size(token) > 0 do
|
|
|
|
TOTP.validate_token(secret, token)
|
|
|
|
end
|
|
|
|
|
|
|
|
def verify(_, _), do: {:error, :invalid_token}
|
|
|
|
|
|
|
|
@spec verify_recovery_code(User.t(), String.t()) ::
|
|
|
|
{:ok, :pass} | {:error, :invalid_token}
|
|
|
|
def verify_recovery_code(
|
|
|
|
%User{multi_factor_authentication_settings: %{enabled: true, backup_codes: codes}} = user,
|
|
|
|
code
|
|
|
|
)
|
|
|
|
when is_list(codes) and is_binary(code) do
|
2020-05-14 07:42:27 -06:00
|
|
|
hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
|
2020-05-07 02:14:54 -06:00
|
|
|
|
|
|
|
if hash_code do
|
|
|
|
MFA.invalidate_backup_code(user, hash_code)
|
|
|
|
{:ok, :pass}
|
|
|
|
else
|
|
|
|
{:error, :invalid_token}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def verify_recovery_code(_, _), do: {:error, :invalid_token}
|
|
|
|
end
|