projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
in dev, allow dev FE
[akkoma] / lib / pleroma / web / auth / totp_authenticator.ex
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
6 alias Pleroma.MFA
7 alias Pleroma.MFA.TOTP
8 alias Pleroma.User
9
10 @doc "Verify code or check backup code."
11 @spec verify(String.t(), User.t()) ::
12 {:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
13 def verify(
14 token,
15 %User{
16 multi_factor_authentication_settings:
17 %{enabled: true, totp: %{secret: secret, confirmed: true}} = _
18 } = _user
19 )
20 when is_binary(token) and byte_size(token) > 0 do
21 TOTP.validate_token(secret, token)
22 end
23
24 def verify(_, _), do: {:error, :invalid_token}
25
26 @spec verify_recovery_code(User.t(), String.t()) ::
27 {:ok, :pass} | {:error, :invalid_token}
28 def verify_recovery_code(
29 %User{multi_factor_authentication_settings: %{enabled: true, backup_codes: codes}} = user,
30 code
31 )
32 when is_list(codes) and is_binary(code) do
33 hash_code = Enum.find(codes, fn hash -> Pleroma.Password.checkpw(code, hash) end)
34
35 if hash_code do
36 MFA.invalidate_backup_code(user, hash_code)
37 {:ok, :pass}
38 else
39 {:error, :invalid_token}
40 end
41 end
42
43 def verify_recovery_code(_, _), do: {:error, :invalid_token}
44 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git