go/authboss
1
0
Fork 0
mirror of https://github.com/volatiletech/authboss.git synced 2025-02-19 19:44:37 +02:00
Code Issues Releases Activity
491 Commits 6 Branches 36 Tags
Commit Graph

38 Commits

Author SHA1 Message Date
Aaron L
3a5c333b5b Move to go modules 2020-07-03 11:24:07 -07:00
Aaron L
020487826a Add MailNoGoroutine option 
This change allows users to write Mailer implementations that either
spawn their own goroutines or honor proper context usage. The current
behavior of the modules with this setting turned to 'false' creates a race
condition between the original http request's context authboss was handed being
cancelled by the http server, and the use of that context by the mailer
implementation which is being run in a goroutine.
 2020-02-07 14:24:40 -08:00
Aaron L
4d33b97b4f Merge branches 
'frederikhors/patch-1'
'frederikhors/Redundant-type-conversion'
'frederikhors/Redundant-types-in-composite-literals'
'frederikhors/Imported-pkg-name-as-name-identifier'
'frederikhors/Variable-'delete'-collides-with-builtin-function'
 2020-01-30 09:49:22 -08:00
frederikhors
6f6f2e6fd7 Imported pkg name as name identifier 2020-01-29 14:52:00 +01:00
frederikhors
827256e4d7 Redundant types in composite literals 2020-01-29 14:08:11 +01:00
frederikhors
9c764f69fe Redundant type conversion 2020-01-29 14:04:44 +01:00
Aaron L
a7b9d57691 Move mocks so external packages can use them 2019-01-20 09:45:26 -08:00
Aaron L
f70bdd5eeb Add EventAuthHijack to work around ordering issue 
Lock/Confirm and possibly other authentication preemption mechanisms
hook into 'Before(EventAuth)', but the ordering of these rejection
mechanisms mixed with the 2fa acceptance response could result in a
dual response.
 2018-12-16 22:50:26 -08:00
Aaron L
019073081f Fix same hook like bug but for failures 2018-12-13 23:10:16 -08:00
Aaron L
0e85072885 Fix bug where After Auth hooks could fail 
- User was not being set in the Context for 2fa success paths meaning
  things like lock and remember event handlers would fail.
 2018-12-13 23:04:28 -08:00
Aaron L
6f3e7ca54a Add more flexibility to authboss.Middleware 
- Add requirements and responses for the authboss middleware. This lets
  us later add new types that don't break the API instead of a list of
  bools.
 2018-12-10 23:00:27 -08:00
Aaron L
adaf5a9192 Fix session persistence security hole in totp/sms 
- Reorder the lookups to ensure CurrentUser is always looked up before
  any temporary pending PIDs.
- See changelog for more details
 2018-12-10 22:23:37 -08:00
Aaron L
7518918b47 Fix test regex to accept all base64 characters 2018-12-10 20:13:44 -08:00
Aaron L
003476b6d5 Revert "Make removal of 2fa require e-mail verification" 
This reverts commit 5b876d21c3bdf0c3e95100ec6f116709581636e8.
 2018-12-10 20:12:34 -08:00
Aaron L
9254c094cf Remove L from two factor recovery codes 
- This is a difficult letter to tell apart from the number 1 depending
  on the font. 0 and o should be okay since all letters are lowercase.
 2018-12-09 20:27:59 -08:00
Aaron L
5b876d21c3 Make removal of 2fa require e-mail verification 
- Fix a bug in a test regex that would fail occaisonally
 2018-12-04 23:41:45 -08:00
Aaron L
6c663762e4 Fix couple bugs with remember and 2fa 
- Fix bug where setup paths were not mountpathed so twofactor_verify
  would redirect to a 404.
- Fix bug in remember where a user would be remembered even if logged in
  depending on the middleware order (if something had previously called
  LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was
  half-authed even if he was cleared of half-auth previously).
 2018-11-04 22:49:43 -08:00
Aaron L
9f965c8531 Fix bug in sms email validation 2018-11-04 21:17:54 -08:00
Aaron L
931ccfba1f Add twofactor setup e-mail validation options 2018-11-01 22:49:25 -07:00
Aaron L
25eda89076 Ensure important events are firing for 2fa modules 2018-10-28 23:17:10 -07:00
Aaron L
8213e87e83 Rewrite docs to 80 cols 
- Fix #183
 2018-09-15 15:39:26 -07:00
Aaron L
98147bc020 Fix several lint errors 2018-09-03 16:34:10 -07:00
Aaron L
167d5a0903 Add context to the sms sender interface 2018-09-03 11:58:24 -07:00
Aaron L
4420666f2b Split 2fa pages apart 
- Add a config option to control the authboss.Middleware redirecting
 2018-09-03 11:57:25 -07:00
Aaron L
5af4d392ab Fix redirects for otp 2018-08-31 15:19:03 -07:00
Aaron L
8249d714d0 Fix redirects using Middleware 2018-08-31 14:57:22 -07:00
Aaron L
b44e38177f Add tests for sms2fa 2018-08-31 11:38:53 -07:00
Aaron L
e9cd8acc06 Refactor the duplication out of tests 2018-08-31 09:38:48 -07:00
Aaron L
dc6c655e10 Add tests for totp2fa 2018-08-31 01:15:05 -07:00
Aaron L
52d9b33730 Add tests for twofactor package 2018-08-26 16:49:16 -07:00
Aaron L
3daf5c988e Add totp recovery code login 2018-08-26 15:48:53 -07:00
Aaron L
e4badae1ee Add recovery code logins to sms 2018-08-26 15:43:35 -07:00
Aaron L
e79638a05e Add regeneration of recovery codes 
- Refactor some constants that pertain to recovery codes
 2018-08-26 14:46:17 -07:00
Aaron L
bdb449c0f6 Add sms 2fa 
- Add sms 2fa module
- Refactor recovery code bit out
- Fix some bugs in totp 2fa
 2018-08-26 12:54:14 -07:00
Aaron L
735cbb1ec5 Add totp2fa module 2018-08-22 21:34:38 -07:00
Aaron L
9aed0c512d Add maximum amount of OTPs 2018-07-17 15:32:10 -07:00
Aaron L
6164dd8da4 Finish otp module 2018-07-17 15:25:25 -07:00
Aaron L
48e83e1a2a WIP 2018-07-17 07:09:38 -07:00