You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.
From breaking out #297, this issue tracks items needed to verify a session using TOTP. Once Auth-server has validated the totp code, this method is called to verify the session and set the verification method, etc.
Alter Tables
Sessions Table
Column
Description
Options
Datatype
verificationMethod
method used to verify session. ex, email, email-2fa, totp-2fa
NULL
BIGINT UNSIGNED
verifiedAt
date session was verified
NULL
BIGINT UNSIGNED
mustVerify
whether or not session needs to be verified before
NULL
BOOLEAN
TOTP Table
Column
Description
Options
Datatype
verified
token has been verified with a code
NULL
BOOLEAN
enable
TOTP is enabled/disabled
NULL
BOOLEAN
New stored procedures
.updateTotpToken(uid, data)
.verifySessionWithMethod(uid, options)
Parameters:
uid - (Buffer16) the uid of the account
options - (Object) options
verificationMethod - email, email-2fa, totp-2fa
sessionTokenId - session
Returns:
resolves with:
an empty object {}
rejects: with one of:
error.notFound()
error.invalidCode()
any error from the underlying storage engine
New endpoints
Verify Session from TOTP Code
Method : POST
Path : TBD
uid : hex128
tokenVerificationId : hex128
The text was updated successfully, but these errors were encountered:
I think it'd be useful to pull the mustVerify column out of the unverifiedTokens table and add it to the sessionTokens table here as well, since that's a property that applies regardless of the verification method in use. Thoughts?
From breaking out #297, this issue tracks items needed to verify a session using TOTP. Once Auth-server has validated the totp code, this method is called to verify the session and set the verification method, etc.
Alter Tables
Sessions Table
email, email-2fa, totp-2fa
TOTP Table
New stored procedures
.updateTotpToken(uid, data)
.verifySessionWithMethod(uid, options)
Parameters:
email, email-2fa, totp-2fa
Returns:
{}
error.notFound()
error.invalidCode()
New endpoints
Verify Session from TOTP Code
POST
uid
: hex128tokenVerificationId
: hex128The text was updated successfully, but these errors were encountered: