go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2024-11-24 08:42:17 +02:00
Code Issues Releases Activity

Make removal of 2fa require e-mail verification

Browse Source 
- Fix a bug in a test regex that would fail occaisonally
This commit is contained in:
Aaron L 2018-12-04 23:41:45 -08:00
parent 1c254ce6ce
commit 5b876d21c3
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -681,12 +681,12 @@ To enable this feature simply turn on
`authboss.Config.Modules.TwoFactorEmailAuthRequired` and new routes and
middlewares will be installed when you set up one of the 2fa modules.
When enabled, the routes for setting up 2fa on an account are protected by a
middleware that will redirect to `/2fa/{totp,sms}/email/verify` where
Page `twofactor_verify` is displayed. The user is prompted to authorize the
addition of 2fa to their account. The data for this page contains `email` and
a `url` for the POST. The url is required because this page is shared between
all 2fa types.
When enabled, the routes for setting up and removing 2fa on an account are
protected by a middleware that will redirect to `/2fa/{totp,sms}/email/verify`
where Page `twofactor_verify` is displayed. The user is prompted to authorize
the addition of 2fa to their account. The data for this page contains `email`
and a `url` for the POST. The url is required because this page is shared
between all 2fa types.
Once they POST to the url, a token is stored in their session and an e-mail is
sent with that token. When they click the link that goes to

4
otp/twofactor/sms2fa/sms.go
View File

@ -126,8 +126,8 @@ func (s *SMS) Setup() error {
s.Authboss.Core.Router.Post("/2fa/sms/confirm", verified(confirm.Post))
remove := &SMSValidator{SMS: s, Page: PageSMSRemove}
s.Authboss.Core.Router.Get("/2fa/sms/remove", middleware(remove.Get))
s.Authboss.Core.Router.Post("/2fa/sms/remove", middleware(remove.Post))
s.Authboss.Core.Router.Get("/2fa/sms/remove", verified(remove.Get))
s.Authboss.Core.Router.Post("/2fa/sms/remove", verified(remove.Post))
validate := &SMSValidator{SMS: s, Page: PageSMSValidate}
s.Authboss.Core.Router.Get("/2fa/sms/validate", s.Core.ErrorHandler.Wrap(validate.Get))

4
otp/twofactor/totp2fa/totp.go
View File

@ -95,8 +95,8 @@ func (t *TOTP) Setup() error {
t.Authboss.Core.Router.Get("/2fa/totp/confirm", verified(t.GetConfirm))
t.Authboss.Core.Router.Post("/2fa/totp/confirm", verified(t.PostConfirm))
t.Authboss.Core.Router.Get("/2fa/totp/remove", middleware(t.GetRemove))
t.Authboss.Core.Router.Post("/2fa/totp/remove", middleware(t.PostRemove))
t.Authboss.Core.Router.Get("/2fa/totp/remove", verified(t.GetRemove))
t.Authboss.Core.Router.Post("/2fa/totp/remove", verified(t.PostRemove))
t.Authboss.Core.Router.Get("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.GetValidate))
t.Authboss.Core.Router.Post("/2fa/totp/validate", t.Core.ErrorHandler.Wrap(t.PostValidate))

2
otp/twofactor/twofactor_verify_test.go
View File

@ -174,7 +174,7 @@ func TestEmailVerifyPostStart(t *testing.T) {
t.Error("subject wrong:", mail.Subject)
}
urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[_a-zA-Z0-9=%]+$`)
urlRgx := regexp.MustCompile(`^http://localhost:8080/auth/2fa/totp/email/verify/end\?token=[\-_a-zA-Z0-9=%]+$`)
data := h.renderer.Data
if !urlRgx.MatchString(data[DataVerifyURL].(string)) {