[totp] Add TOTP Code check in Login #1212

alexlyp · 2020-06-08T21:59:06Z

~~Requires #1210~~

This PR adds the ability to have users Login with TOTP if they have verified a TOTP Secret.

Currently, if a user has verified a TOTP then they will be told they need a code to be entered along with their username/password. This code must match before the hashed password is compare against what is saved in the database.

According to the implemented security measures here, we will only allow 2 failed TOTP codes to be submitted for a givien epoch. Any subsequent request will fail with a ErrorStatusTOTPWaitForNewCode

politeiawww/api/www/v1/v1.go

politeiawww/totp.go

politeiawww/user.go

politeiawww/cmd/shared/login.go

politeiawww/user.go

politeiawww/api/www/v1/v1.go

politeiawww/totp.go

politeiawww/user.go

alexlyp · 2020-11-25T19:05:23Z

OK updated with your suggestions @lukebp

lukebp

ACK

@marcopeereboom will want to ok this.

alexlyp changed the title ~~[cms] Add TOTP Code check in Login~~ [totp] Add TOTP Code check in Login Jun 15, 2020

alexlyp force-pushed the ayp_totp_login branch from b8acb86 to 7e7ba4c Compare August 21, 2020 16:40

alexlyp requested review from lukebp and marcopeereboom August 21, 2020 16:45

alexlyp force-pushed the ayp_totp_login branch from 35b8e22 to b601b9a Compare August 26, 2020 18:33

alexlyp force-pushed the ayp_totp_login branch from 8ef38e0 to 9d71e6f Compare September 8, 2020 18:14

lukebp requested changes Sep 9, 2020

View reviewed changes

politeiawww/api/www/v1/v1.go Outdated Show resolved Hide resolved

politeiawww/totp.go Outdated Show resolved Hide resolved

politeiawww/user.go Outdated Show resolved Hide resolved

politeiawww/cmd/shared/login.go Show resolved Hide resolved

politeiawww/user.go Outdated Show resolved Hide resolved

alexlyp requested a review from lukebp September 21, 2020 15:48

lukebp requested changes Nov 25, 2020

View reviewed changes

alexlyp added 21 commits November 25, 2020 12:54

[cms] Add TOTP check to Login

5a5b75e

remove totp failed attempts

9cd76f6

update login cli

e0312f7

add totp login tests

d8094a9

add verified timeout login test

0af340a

update doco and errors

ce6d9dd

add more totp login tests

b3d8b57

remove magic

991aaa8

spellos

8fe35ab

add slight delays to ensure proper codes

a18c5b0

add an extra time for code generation

c5bfcfd

add temp test logging to figure out CI failures

2f5e640

add more debug to fix CI tests

21b8178

move tests to make do them sooner?

339c740

move test up

cd30ccc

split out code generating tests to help with better timing

06d1707

clean up for review

4a81a3c

review nits

dd9fc9f

update login cmd

87c2eac

clean up totpCheck and add error after timeout test

78083fc

anohter slight tweak

1aafb49

review nits

66edb29

alexlyp force-pushed the ayp_totp_login branch from bbd4c70 to 66edb29 Compare November 25, 2020 19:04

lukebp approved these changes Nov 25, 2020

View reviewed changes

marcopeereboom approved these changes Nov 30, 2020

View reviewed changes

alexlyp merged commit 00d32de into decred:master Dec 2, 2020

alexlyp deleted the ayp_totp_login branch December 2, 2020 16:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[totp] Add TOTP Code check in Login #1212

[totp] Add TOTP Code check in Login #1212

alexlyp commented Jun 8, 2020 •

edited

alexlyp commented Nov 25, 2020

lukebp left a comment

[totp] Add TOTP Code check in Login #1212

[totp] Add TOTP Code check in Login #1212

Conversation

alexlyp commented Jun 8, 2020 • edited

alexlyp commented Nov 25, 2020

lukebp left a comment

Choose a reason for hiding this comment

alexlyp commented Jun 8, 2020 •

edited