authboss

mirror of https://github.com/volatiletech/authboss.git synced 2025-01-24 05:17:10 +02:00

Author	SHA1	Message	Date
Aaron L	f70bdd5eeb	Add EventAuthHijack to work around ordering issue Lock/Confirm and possibly other authentication preemption mechanisms hook into 'Before(EventAuth)', but the ordering of these rejection mechanisms mixed with the 2fa acceptance response could result in a dual response.	2018-12-16 22:50:26 -08:00
Aaron L	019073081f	Fix same hook like bug but for failures	2018-12-13 23:10:16 -08:00
Aaron L	0e85072885	Fix bug where After Auth hooks could fail - User was not being set in the Context for 2fa success paths meaning things like lock and remember event handlers would fail.	2018-12-13 23:04:28 -08:00
Aaron L	6f3e7ca54a	Add more flexibility to authboss.Middleware - Add requirements and responses for the authboss middleware. This lets us later add new types that don't break the API instead of a list of bools.	2018-12-10 23:00:27 -08:00
Aaron L	adaf5a9192	Fix session persistence security hole in totp/sms - Reorder the lookups to ensure CurrentUser is always looked up before any temporary pending PIDs. - See changelog for more details	2018-12-10 22:23:37 -08:00
Aaron L	7518918b47	Fix test regex to accept all base64 characters	2018-12-10 20:13:44 -08:00
Aaron L	003476b6d5	Revert "Make removal of 2fa require e-mail verification" This reverts commit 5b876d21c3bdf0c3e95100ec6f116709581636e8.	2018-12-10 20:12:34 -08:00
Aaron L	9254c094cf	Remove L from two factor recovery codes - This is a difficult letter to tell apart from the number 1 depending on the font. 0 and o should be okay since all letters are lowercase.	2018-12-09 20:27:59 -08:00
Aaron L	5b876d21c3	Make removal of 2fa require e-mail verification - Fix a bug in a test regex that would fail occaisonally	2018-12-04 23:41:45 -08:00
Aaron L	6c663762e4	Fix couple bugs with remember and 2fa - Fix bug where setup paths were not mountpathed so twofactor_verify would redirect to a 404. - Fix bug in remember where a user would be remembered even if logged in depending on the middleware order (if something had previously called LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was half-authed even if he was cleared of half-auth previously).	2018-11-04 22:49:43 -08:00
Aaron L	9f965c8531	Fix bug in sms email validation	2018-11-04 21:17:54 -08:00
Aaron L	931ccfba1f	Add twofactor setup e-mail validation options	2018-11-01 22:49:25 -07:00
Aaron L	25eda89076	Ensure important events are firing for 2fa modules	2018-10-28 23:17:10 -07:00
Aaron L	8213e87e83	Rewrite docs to 80 cols - Fix #183	2018-09-15 15:39:26 -07:00
Aaron L	98147bc020	Fix several lint errors	2018-09-03 16:34:10 -07:00
Aaron L	167d5a0903	Add context to the sms sender interface	2018-09-03 11:58:24 -07:00
Aaron L	4420666f2b	Split 2fa pages apart - Add a config option to control the authboss.Middleware redirecting	2018-09-03 11:57:25 -07:00
Aaron L	5af4d392ab	Fix redirects for otp	2018-08-31 15:19:03 -07:00
Aaron L	8249d714d0	Fix redirects using Middleware	2018-08-31 14:57:22 -07:00
Aaron L	b44e38177f	Add tests for sms2fa	2018-08-31 11:38:53 -07:00
Aaron L	e9cd8acc06	Refactor the duplication out of tests	2018-08-31 09:38:48 -07:00
Aaron L	dc6c655e10	Add tests for totp2fa	2018-08-31 01:15:05 -07:00
Aaron L	52d9b33730	Add tests for twofactor package	2018-08-26 16:49:16 -07:00
Aaron L	3daf5c988e	Add totp recovery code login	2018-08-26 15:48:53 -07:00
Aaron L	e4badae1ee	Add recovery code logins to sms	2018-08-26 15:43:35 -07:00
Aaron L	e79638a05e	Add regeneration of recovery codes - Refactor some constants that pertain to recovery codes	2018-08-26 14:46:17 -07:00
Aaron L	bdb449c0f6	Add sms 2fa - Add sms 2fa module - Refactor recovery code bit out - Fix some bugs in totp 2fa	2018-08-26 12:54:14 -07:00
Aaron L	735cbb1ec5	Add totp2fa module	2018-08-22 21:34:38 -07:00
Aaron L	9aed0c512d	Add maximum amount of OTPs	2018-07-17 15:32:10 -07:00
Aaron L	6164dd8da4	Finish otp module	2018-07-17 15:25:25 -07:00
Aaron L	48e83e1a2a	WIP	2018-07-17 07:09:38 -07:00

31 Commits