Rename CredsGenerator to OneTimeTokenGenerator

config.go

@@ -243,8 +243,8 @@ type Config struct {
 		// Hasher hashes passwords into hashes
 		Hasher Hasher
 
-		// CredsGenerator generates credentials (selector+verified+token)
-		CredsGenerator CredsGenerator
+		// OneTimeTokenGenerator generates credentials (selector+verified+token)
+		OneTimeTokenGenerator OneTimeTokenGenerator
 
 		// Logger implies just a few log levels for use, can optionally
 		// also implement the ContextLogger to be able to upgrade to a
@@ -280,5 +280,5 @@ func (c *Config) Defaults() {
 	c.Modules.RecoverLoginAfterRecovery = false
 	c.Modules.RecoverTokenDuration = 24 * time.Hour
 
-	c.Core.CredsGenerator = NewSha512CredsGenerator()
+	c.Core.OneTimeTokenGenerator = NewSha512TokenGenerator()
 }

confirm/confirm.go

@@ -124,7 +124,7 @@ func (c *Confirm) StartConfirmationWeb(w http.ResponseWriter, r *http.Request, h
 func (c *Confirm) StartConfirmation(ctx context.Context, user authboss.ConfirmableUser, sendEmail bool) error {
 	logger := c.Authboss.Logger(ctx)
 
-	selector, verifier, token, err := c.Authboss.Core.CredsGenerator.GenerateCreds()
+	selector, verifier, token, err := c.Authboss.Core.OneTimeTokenGenerator.GenerateToken()
 	if err != nil {
 		return err
 	}
@@ -194,7 +194,7 @@ func (c *Confirm) Get(w http.ResponseWriter, r *http.Request) error {
 		return c.invalidToken(w, r)
 	}
 
-	credsGenerator := c.Authboss.Core.CredsGenerator
+	credsGenerator := c.Authboss.Core.OneTimeTokenGenerator
 
 	if len(rawToken) != credsGenerator.TokenSize() {
 		logger.Infof("invalid confirm token submitted, size was wrong: %d", len(rawToken))
@@ -301,7 +301,7 @@ func Middleware(ab *authboss.Authboss) func(http.Handler) http.Handler {
 // (to be stored in database but never used in SELECT query)
 // token: the user-facing base64 encoded selector+verifier
 //
-// Deprecated: use [authboss.CredsGenerator] instead.
+// Deprecated: use [authboss.OneTimeTokenGenerator] instead.
 func GenerateConfirmCreds() (selector, verifier, token string, err error) {
 	confirmTokenSize := 64
 	confirmTokenSplit := confirmTokenSize / 2

confirm/confirm_test.go

@@ -177,7 +177,7 @@ func TestGetSuccess(t *testing.T) {
 
 	harness := testSetup()
 
-	selector, verifier, token, err := harness.ab.Config.Core.CredsGenerator.GenerateCreds()
+	selector, verifier, token, err := harness.ab.Config.Core.OneTimeTokenGenerator.GenerateToken()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -272,7 +272,7 @@ func TestGetUserNotFoundFailure(t *testing.T) {
 
 	harness := testSetup()
 
-	_, _, token, err := harness.ab.Config.Core.CredsGenerator.GenerateCreds()
+	_, _, token, err := harness.ab.Config.Core.OneTimeTokenGenerator.GenerateToken()
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -381,9 +381,9 @@ func TestMailURL(t *testing.T) {
 func TestGenerateRecoverCreds(t *testing.T) {
 	t.Parallel()
 
-	credsGenerator := authboss.NewSha512CredsGenerator()
+	credsGenerator := authboss.NewSha512TokenGenerator()
 
-	selector, verifier, token, err := credsGenerator.GenerateCreds()
+	selector, verifier, token, err := credsGenerator.GenerateToken()
 	if err != nil {
 		t.Error(err)
 	}

one_time_token_generator.go

@@ -7,37 +7,40 @@ import (
 	"io"
 )
 
-type CredsGenerator interface {
-	// Generate generates a one-time use 2-part token for authenticating a request.
+// OneTimeTokenGenerator is an interface for generating one-time tokens
+// for authentication purposes.
+type OneTimeTokenGenerator interface {
+	// Generatetoken generates a one-time use 2-part token for authenticating a request.
 	// selector: to be stored in the database and ALWAYS used in select query
 	// verifier: to be stored in database but NEVER used in select query
 	// token: the user-facing base64 encoded selector+verifier
-	GenerateCreds() (selector, verifier, token string, err error)
+	GenerateToken() (selector, verifier, token string, err error)
 
 	ParseToken(token string) (selectorBytes, verifierBytes []byte)
 
 	TokenSize() int
 }
 
-
 const (
 	tokenSize  = 64
 	tokenSplit = tokenSize / 2
 )
 
-type Sha512CredsGenerator struct{}
+// Sha512TokenGenerator generates one-time tokens using SHA512
+type Sha512TokenGenerator struct{}
 
-func NewSha512CredsGenerator() *Sha512CredsGenerator {
-	return &Sha512CredsGenerator{}
+// NewSha512TokenGenerator creates a new Sha512TokenGenerator
+func NewSha512TokenGenerator() *Sha512TokenGenerator {
+	return &Sha512TokenGenerator{}
 }
 
-// GenerateCreds generates pieces needed as credentials
+// GenerateToken generates pieces needed as credentials
 // selector: hash of the first half of an N byte value
 // (to be stored in the database and used in SELECT query)
 // verifier: hash of the second half of an N byte value
 // (to be stored in database but never used in SELECT query)
 // token: the user-facing base64 encoded selector+verifier
-func (cg *Sha512CredsGenerator) GenerateCreds() (selector, verifier, token string, err error) {
+func (cg *Sha512TokenGenerator) GenerateToken() (selector, verifier, token string, err error) {
 	rawToken := make([]byte, tokenSize)
 	if _, err = io.ReadFull(rand.Reader, rawToken); err != nil {
 		return "", "", "", err
@@ -52,7 +55,7 @@ func (cg *Sha512CredsGenerator) GenerateCreds() (selector, verifier, token strin
 		nil
 }
 
-func (cg *Sha512CredsGenerator) ParseToken(rawToken string) (selectorBytes, verifierBytes []byte) {
+func (cg *Sha512TokenGenerator) ParseToken(rawToken string) (selectorBytes, verifierBytes []byte) {
 	selectorBytes64 := sha512.Sum512([]byte(rawToken)[:tokenSplit])
 	selectorBytes = selectorBytes64[:]
 
@@ -62,4 +65,4 @@ func (cg *Sha512CredsGenerator) ParseToken(rawToken string) (selectorBytes, veri
 	return
 }
 
-func (cg *Sha512CredsGenerator) TokenSize() int { return tokenSize }
+func (cg *Sha512TokenGenerator) TokenSize() int { return tokenSize }

one_time_token_generator_test.go

@@ -5,12 +5,12 @@ import (
 	"testing"
 )
 
-func TestCredsGenerator(t *testing.T) {
+func TestOneTimeTokenGenerator(t *testing.T) {
 	t.Parallel()
 
-	credsGenerator := NewSha512CredsGenerator()
+	credsGenerator := NewSha512TokenGenerator()
 
-	selector, verifier, tokenEncoded, err := credsGenerator.GenerateCreds()
+	selector, verifier, tokenEncoded, err := credsGenerator.GenerateToken()
 	if err != nil {
 		t.Error(err)
 	}

recover/recover.go

@@ -109,7 +109,7 @@ func (r *Recover) StartPost(w http.ResponseWriter, req *http.Request) error {
 		return nil
 	}
 
-	selector, verifier, token, err := r.Authboss.Config.Core.CredsGenerator.GenerateCreds()
+	selector, verifier, token, err := r.Authboss.Config.Core.OneTimeTokenGenerator.GenerateToken()
 	if err != nil {
 		return err
 	}
@@ -224,7 +224,7 @@ func (r *Recover) EndPost(w http.ResponseWriter, req *http.Request) error {
 		return r.invalidToken(PageRecoverEnd, w, req)
 	}
 
-	credsGenerator := r.Authboss.Core.CredsGenerator
+	credsGenerator := r.Authboss.Core.OneTimeTokenGenerator
 
 	if len(rawToken) != credsGenerator.TokenSize() {
 		logger.Infof("invalid recover token submitted, size was wrong: %d", len(rawToken))
@@ -346,7 +346,7 @@ func (r *Recover) mailURL(token string) string {
 // (to be stored in database but never used in SELECT query)
 // token: the user-facing base64 encoded selector+verifier
 //
-// Deprecated: Use authboss.CredsGenerator instead.
+// Deprecated: Use [authboss.OneTimeTokenGenerator] instead.
 func GenerateRecoverCreds() (selector, verifier, token string, err error) {
 	recoverTokenSize := 64
 	recoverTokenSplit := recoverTokenSize / 2

recover/recover_test.go

@@ -471,9 +471,9 @@ func invalidCheck(t *testing.T, h *testHarness, w *httptest.ResponseRecorder) {
 func TestGenerateRecoverCreds(t *testing.T) {
 	t.Parallel()
 
-	credsGenerator := authboss.NewSha512CredsGenerator()
+	credsGenerator := authboss.NewSha512TokenGenerator()
 
-	selector, verifier, token, err := credsGenerator.GenerateCreds()
+	selector, verifier, token, err := credsGenerator.GenerateToken()
 	if err != nil {
 		t.Error(err)
 	}