package models import ( "time" "github.com/golang-jwt/jwt/v4" "github.com/google/uuid" ) // NewIdentityVerification creates a new IdentityVerification from a given username and action. func NewIdentityVerification(username, action string) (verification IdentityVerification) { return IdentityVerification{ JTI: uuid.New(), IssuedAt: time.Now(), ExpiresAt: time.Now().Add(5 * time.Minute), Action: action, Username: username, } } // IdentityVerification represents an identity verification row in the database. type IdentityVerification struct { ID int `db:"id"` JTI uuid.UUID `db:"jti"` IssuedAt time.Time `db:"iat"` ExpiresAt time.Time `db:"exp"` Used *time.Time `db:"used"` Action string `db:"action"` Username string `db:"username"` } // ToIdentityVerificationClaim converts the IdentityVerification into a IdentityVerificationClaim. func (v IdentityVerification) ToIdentityVerificationClaim() (claim *IdentityVerificationClaim) { return &IdentityVerificationClaim{ RegisteredClaims: jwt.RegisteredClaims{ ID: v.JTI.String(), Issuer: "Authelia", IssuedAt: jwt.NewNumericDate(v.IssuedAt), ExpiresAt: jwt.NewNumericDate(v.ExpiresAt), }, Action: v.Action, Username: v.Username, } } // IdentityVerificationClaim custom claim for specifying the action claim. // The action can be to register a TOTP device, a U2F device or reset one's password. type IdentityVerificationClaim struct { jwt.RegisteredClaims // The action this token has been crafted for. Action string `json:"action"` // The user this token has been crafted for. Username string `json:"username"` } // ToIdentityVerification converts the IdentityVerificationClaim into a IdentityVerification. func (v IdentityVerificationClaim) ToIdentityVerification() (verification *IdentityVerification, err error) { jti, err := uuid.Parse(v.ID) if err != nil { return nil, err } return &IdentityVerification{ JTI: jti, Username: v.Username, Action: v.Action, ExpiresAt: v.ExpiresAt.Time, }, nil }