authelia/internal/handlers/handler_user_totp.go

package handlers

import (
	"errors"

	"github.com/valyala/fasthttp"

	"github.com/authelia/authelia/v4/internal/middlewares"
	"github.com/authelia/authelia/v4/internal/model"
	"github.com/authelia/authelia/v4/internal/session"
	"github.com/authelia/authelia/v4/internal/storage"
)

// UserTOTPInfoGET returns the users TOTP configuration.
func UserTOTPInfoGET(ctx *middlewares.AutheliaCtx) {
	var (
		userSession session.UserSession
		err         error
	)

	if userSession, err = ctx.GetSession(); err != nil {
		ctx.Logger.WithError(err).Error("Error occurred retrieving user session")

		ctx.ReplyForbidden()

		return
	}

	var config *model.TOTPConfiguration

	if config, err = ctx.Providers.StorageProvider.LoadTOTPConfiguration(ctx, userSession.Username); err != nil {
		if errors.Is(err, storage.ErrNoTOTPConfiguration) {
			ctx.SetStatusCode(fasthttp.StatusNotFound)
			ctx.SetJSONError("Could not find TOTP Configuration for user.")
			ctx.Logger.Errorf("Failed to lookup TOTP configuration for user '%s'", userSession.Username)
		} else {
			ctx.SetStatusCode(fasthttp.StatusInternalServerError)
			ctx.SetJSONError("Could not find TOTP Configuration for user.")
			ctx.Logger.Errorf("Failed to lookup TOTP configuration for user '%s' with unknown error: %v", userSession.Username, err)
		}

		return
	}

	if err = ctx.SetJSONBody(config); err != nil {
		ctx.Logger.Errorf("Unable to perform TOTP configuration response: %s", err)
	}

	ctx.SetStatusCode(fasthttp.StatusOK)
}
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`package handlers`

			`import (`
			`"errors"`

			`"github.com/valyala/fasthttp"`

			`"github.com/authelia/authelia/v4/internal/middlewares"`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`"github.com/authelia/authelia/v4/internal/model"`
			`"github.com/authelia/authelia/v4/internal/session"`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`"github.com/authelia/authelia/v4/internal/storage"`
			`)`

fix(server): incorrect remote ip logged in error handler (#3139) This fixes edge cases where the remote IP was not correctly logged. Generally this is not an issue as most errors do not hit this handler, but in instances where a transport error occurs this is important. 2022-04-08 04:13:47 +00:00			`// UserTOTPInfoGET returns the users TOTP configuration.`
			`func UserTOTPInfoGET(ctx *middlewares.AutheliaCtx) {`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`var (`
			`userSession session.UserSession`
			`err error`
			`)`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`if userSession, err = ctx.GetSession(); err != nil {`
			`ctx.Logger.WithError(err).Error("Error occurred retrieving user session")`

			`ctx.ReplyForbidden()`

			`return`
			`}`

			`var config *model.TOTPConfiguration`

			`if config, err = ctx.Providers.StorageProvider.LoadTOTPConfiguration(ctx, userSession.Username); err != nil {`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`if errors.Is(err, storage.ErrNoTOTPConfiguration) {`
			`ctx.SetStatusCode(fasthttp.StatusNotFound)`
refactor(web): only fetch totp conf if required (#2663) Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA. 2021-12-02 10:28:16 +00:00			`ctx.SetJSONError("Could not find TOTP Configuration for user.")`
			`ctx.Logger.Errorf("Failed to lookup TOTP configuration for user '%s'", userSession.Username)`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`} else {`
			`ctx.SetStatusCode(fasthttp.StatusInternalServerError)`
refactor(web): only fetch totp conf if required (#2663) Prevents the TOTP user config from being requested when the user has not registered or is already authenticated 2FA. 2021-12-02 10:28:16 +00:00			`ctx.SetJSONError("Could not find TOTP Configuration for user.")`
			`ctx.Logger.Errorf("Failed to lookup TOTP configuration for user '%s' with unknown error: %v", userSession.Username, err)`
feat(totp): algorithm and digits config (#2634) Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm). Fixes #1226. 2021-12-01 12:11:29 +00:00			`}`

			`return`
			`}`

			`if err = ctx.SetJSONBody(config); err != nil {`
			`ctx.Logger.Errorf("Unable to perform TOTP configuration response: %s", err)`
			`}`

			`ctx.SetStatusCode(fasthttp.StatusOK)`
			`}`