mirror of
https://github.com/volatiletech/authboss.git
synced 2025-10-30 23:47:59 +02:00
Rename CredsGenerator to OneTimeTokenGenerator
This commit is contained in:
Stephen Afam-Osemene
@@ -243,8 +243,8 @@ type Config struct {
|
||||
// Hasher hashes passwords into hashes
|
||||
Hasher Hasher
|
||||
|
||||
// CredsGenerator generates credentials (selector+verified+token)
|
||||
CredsGenerator CredsGenerator
|
||||
// OneTimeTokenGenerator generates credentials (selector+verified+token)
|
||||
OneTimeTokenGenerator OneTimeTokenGenerator
|
||||
|
||||
// Logger implies just a few log levels for use, can optionally
|
||||
// also implement the ContextLogger to be able to upgrade to a
|
||||
@@ -280,5 +280,5 @@ func (c *Config) Defaults() {
|
||||
c.Modules.RecoverLoginAfterRecovery = false
|
||||
c.Modules.RecoverTokenDuration = 24 * time.Hour
|
||||
|
||||
c.Core.CredsGenerator = NewSha512CredsGenerator()
|
||||
c.Core.OneTimeTokenGenerator = NewSha512TokenGenerator()
|
||||
}
|
||||
|
||||
@@ -124,7 +124,7 @@ func (c *Confirm) StartConfirmationWeb(w http.ResponseWriter, r *http.Request, h
|
||||
func (c *Confirm) StartConfirmation(ctx context.Context, user authboss.ConfirmableUser, sendEmail bool) error {
|
||||
logger := c.Authboss.Logger(ctx)
|
||||
|
||||
selector, verifier, token, err := c.Authboss.Core.CredsGenerator.GenerateCreds()
|
||||
selector, verifier, token, err := c.Authboss.Core.OneTimeTokenGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -194,7 +194,7 @@ func (c *Confirm) Get(w http.ResponseWriter, r *http.Request) error {
|
||||
return c.invalidToken(w, r)
|
||||
}
|
||||
|
||||
credsGenerator := c.Authboss.Core.CredsGenerator
|
||||
credsGenerator := c.Authboss.Core.OneTimeTokenGenerator
|
||||
|
||||
if len(rawToken) != credsGenerator.TokenSize() {
|
||||
logger.Infof("invalid confirm token submitted, size was wrong: %d", len(rawToken))
|
||||
@@ -301,7 +301,7 @@ func Middleware(ab *authboss.Authboss) func(http.Handler) http.Handler {
|
||||
// (to be stored in database but never used in SELECT query)
|
||||
// token: the user-facing base64 encoded selector+verifier
|
||||
//
|
||||
// Deprecated: use [authboss.CredsGenerator] instead.
|
||||
// Deprecated: use [authboss.OneTimeTokenGenerator] instead.
|
||||
func GenerateConfirmCreds() (selector, verifier, token string, err error) {
|
||||
confirmTokenSize := 64
|
||||
confirmTokenSplit := confirmTokenSize / 2
|
||||
|
||||
@@ -177,7 +177,7 @@ func TestGetSuccess(t *testing.T) {
|
||||
|
||||
harness := testSetup()
|
||||
|
||||
selector, verifier, token, err := harness.ab.Config.Core.CredsGenerator.GenerateCreds()
|
||||
selector, verifier, token, err := harness.ab.Config.Core.OneTimeTokenGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -272,7 +272,7 @@ func TestGetUserNotFoundFailure(t *testing.T) {
|
||||
|
||||
harness := testSetup()
|
||||
|
||||
_, _, token, err := harness.ab.Config.Core.CredsGenerator.GenerateCreds()
|
||||
_, _, token, err := harness.ab.Config.Core.OneTimeTokenGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -381,9 +381,9 @@ func TestMailURL(t *testing.T) {
|
||||
func TestGenerateRecoverCreds(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
credsGenerator := authboss.NewSha512CredsGenerator()
|
||||
credsGenerator := authboss.NewSha512TokenGenerator()
|
||||
|
||||
selector, verifier, token, err := credsGenerator.GenerateCreds()
|
||||
selector, verifier, token, err := credsGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
@@ -7,37 +7,40 @@ import (
|
||||
"io"
|
||||
)
|
||||
|
||||
type CredsGenerator interface {
|
||||
// Generate generates a one-time use 2-part token for authenticating a request.
|
||||
// OneTimeTokenGenerator is an interface for generating one-time tokens
|
||||
// for authentication purposes.
|
||||
type OneTimeTokenGenerator interface {
|
||||
// Generatetoken generates a one-time use 2-part token for authenticating a request.
|
||||
// selector: to be stored in the database and ALWAYS used in select query
|
||||
// verifier: to be stored in database but NEVER used in select query
|
||||
// token: the user-facing base64 encoded selector+verifier
|
||||
GenerateCreds() (selector, verifier, token string, err error)
|
||||
GenerateToken() (selector, verifier, token string, err error)
|
||||
|
||||
ParseToken(token string) (selectorBytes, verifierBytes []byte)
|
||||
|
||||
TokenSize() int
|
||||
}
|
||||
|
||||
|
||||
const (
|
||||
tokenSize = 64
|
||||
tokenSplit = tokenSize / 2
|
||||
)
|
||||
|
||||
type Sha512CredsGenerator struct{}
|
||||
// Sha512TokenGenerator generates one-time tokens using SHA512
|
||||
type Sha512TokenGenerator struct{}
|
||||
|
||||
func NewSha512CredsGenerator() *Sha512CredsGenerator {
|
||||
return &Sha512CredsGenerator{}
|
||||
// NewSha512TokenGenerator creates a new Sha512TokenGenerator
|
||||
func NewSha512TokenGenerator() *Sha512TokenGenerator {
|
||||
return &Sha512TokenGenerator{}
|
||||
}
|
||||
|
||||
// GenerateCreds generates pieces needed as credentials
|
||||
// GenerateToken generates pieces needed as credentials
|
||||
// selector: hash of the first half of an N byte value
|
||||
// (to be stored in the database and used in SELECT query)
|
||||
// verifier: hash of the second half of an N byte value
|
||||
// (to be stored in database but never used in SELECT query)
|
||||
// token: the user-facing base64 encoded selector+verifier
|
||||
func (cg *Sha512CredsGenerator) GenerateCreds() (selector, verifier, token string, err error) {
|
||||
func (cg *Sha512TokenGenerator) GenerateToken() (selector, verifier, token string, err error) {
|
||||
rawToken := make([]byte, tokenSize)
|
||||
if _, err = io.ReadFull(rand.Reader, rawToken); err != nil {
|
||||
return "", "", "", err
|
||||
@@ -52,7 +55,7 @@ func (cg *Sha512CredsGenerator) GenerateCreds() (selector, verifier, token strin
|
||||
nil
|
||||
}
|
||||
|
||||
func (cg *Sha512CredsGenerator) ParseToken(rawToken string) (selectorBytes, verifierBytes []byte) {
|
||||
func (cg *Sha512TokenGenerator) ParseToken(rawToken string) (selectorBytes, verifierBytes []byte) {
|
||||
selectorBytes64 := sha512.Sum512([]byte(rawToken)[:tokenSplit])
|
||||
selectorBytes = selectorBytes64[:]
|
||||
|
||||
@@ -62,4 +65,4 @@ func (cg *Sha512CredsGenerator) ParseToken(rawToken string) (selectorBytes, veri
|
||||
return
|
||||
}
|
||||
|
||||
func (cg *Sha512CredsGenerator) TokenSize() int { return tokenSize }
|
||||
func (cg *Sha512TokenGenerator) TokenSize() int { return tokenSize }
|
||||
@@ -5,12 +5,12 @@ import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCredsGenerator(t *testing.T) {
|
||||
func TestOneTimeTokenGenerator(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
credsGenerator := NewSha512CredsGenerator()
|
||||
credsGenerator := NewSha512TokenGenerator()
|
||||
|
||||
selector, verifier, tokenEncoded, err := credsGenerator.GenerateCreds()
|
||||
selector, verifier, tokenEncoded, err := credsGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
@@ -109,7 +109,7 @@ func (r *Recover) StartPost(w http.ResponseWriter, req *http.Request) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
selector, verifier, token, err := r.Authboss.Config.Core.CredsGenerator.GenerateCreds()
|
||||
selector, verifier, token, err := r.Authboss.Config.Core.OneTimeTokenGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -224,7 +224,7 @@ func (r *Recover) EndPost(w http.ResponseWriter, req *http.Request) error {
|
||||
return r.invalidToken(PageRecoverEnd, w, req)
|
||||
}
|
||||
|
||||
credsGenerator := r.Authboss.Core.CredsGenerator
|
||||
credsGenerator := r.Authboss.Core.OneTimeTokenGenerator
|
||||
|
||||
if len(rawToken) != credsGenerator.TokenSize() {
|
||||
logger.Infof("invalid recover token submitted, size was wrong: %d", len(rawToken))
|
||||
@@ -346,7 +346,7 @@ func (r *Recover) mailURL(token string) string {
|
||||
// (to be stored in database but never used in SELECT query)
|
||||
// token: the user-facing base64 encoded selector+verifier
|
||||
//
|
||||
// Deprecated: Use authboss.CredsGenerator instead.
|
||||
// Deprecated: Use [authboss.OneTimeTokenGenerator] instead.
|
||||
func GenerateRecoverCreds() (selector, verifier, token string, err error) {
|
||||
recoverTokenSize := 64
|
||||
recoverTokenSplit := recoverTokenSize / 2
|
||||
|
||||
@@ -471,9 +471,9 @@ func invalidCheck(t *testing.T, h *testHarness, w *httptest.ResponseRecorder) {
|
||||
func TestGenerateRecoverCreds(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
credsGenerator := authboss.NewSha512CredsGenerator()
|
||||
credsGenerator := authboss.NewSha512TokenGenerator()
|
||||
|
||||
selector, verifier, token, err := credsGenerator.GenerateCreds()
|
||||
selector, verifier, token, err := credsGenerator.GenerateToken()
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user