Merge branch 'weblate-pleroma-pleroma' into 'develop'
[akkoma] / lib / pleroma / web / auth / totp_authenticator.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
6 alias Pleroma.MFA
7 alias Pleroma.MFA.TOTP
8 alias Pleroma.Plugs.AuthenticationPlug
9 alias Pleroma.User
10
11 @doc "Verify code or check backup code."
12 @spec verify(String.t(), User.t()) ::
13 {:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
14 def verify(
15 token,
16 %User{
17 multi_factor_authentication_settings:
18 %{enabled: true, totp: %{secret: secret, confirmed: true}} = _
19 } = _user
20 )
21 when is_binary(token) and byte_size(token) > 0 do
22 TOTP.validate_token(secret, token)
23 end
24
25 def verify(_, _), do: {:error, :invalid_token}
26
27 @spec verify_recovery_code(User.t(), String.t()) ::
28 {:ok, :pass} | {:error, :invalid_token}
29 def verify_recovery_code(
30 %User{multi_factor_authentication_settings: %{enabled: true, backup_codes: codes}} = user,
31 code
32 )
33 when is_list(codes) and is_binary(code) do
34 hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
35
36 if hash_code do
37 MFA.invalidate_backup_code(user, hash_code)
38 {:ok, :pass}
39 else
40 {:error, :invalid_token}
41 end
42 end
43
44 def verify_recovery_code(_, _), do: {:error, :invalid_token}
45 end