Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate Recovery Codes #501

Merged
merged 14 commits into from
Jul 1, 2022
Merged

Generate Recovery Codes #501

merged 14 commits into from
Jul 1, 2022

Conversation

J0
Copy link
Contributor

@J0 J0 commented Jun 15, 2022
edited
Loading

What kind of change does this PR introduce?

This PR should add the ability for a user signed in with a single factor(or more factors) to call /mfa/%s/generate_recovery_codes to produce recovery codes which will eventually be used to SignIn, recover a factor.

Given the all encompassing nature of this endpoint it should eventually move out of the /mfa route.

There should also be a rate limiter on this but haven't decided on value.

What is the current behavior?

None

What is the new behavior?

Feel free to include screenshots if it includes visual changes.

@J0 J0 changed the base branch from mfa to j0_add_enable_add_disable June 15, 2022 12:07
@J0 J0 marked this pull request as ready for review June 22, 2022 04:40
@J0 J0 marked this pull request as draft June 23, 2022 09:46
Base automatically changed from j0_add_enable_add_disable to mfa June 30, 2022 08:37
@J0 J0 marked this pull request as ready for review June 30, 2022 10:37
J0
J0 commented Jun 30, 2022
View reviewed changes
api/admin.go Show resolved Hide resolved
J0
J0 commented Jun 30, 2022
View reviewed changes
api/mfa.go Show resolved Hide resolved
@J0 J0 requested review from hf and kangmingtay June 30, 2022 13:44
@J0 J0 changed the title Generate Recovery Codes [WIP]: Generate Recovery Codes Jun 30, 2022
@J0 J0 changed the title [WIP]: Generate Recovery Codes [WIP]:Generate Recovery Codes Jun 30, 2022
kangmingtay
kangmingtay approved these changes Jun 30, 2022
View reviewed changes
models/recovery_code.go Outdated Show resolved Hide resolved
models/recovery_code.go Outdated Show resolved Hide resolved
crypto/crypto.go
@@ -13,8 +13,12 @@ import (
)

// SecureToken creates a new random token
func SecureToken() string {
b := make([]byte, 16)
func SecureToken(options ...int) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we take in a variable argument list here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh this is a way of taking in optional arguments. SecureToken() is used to generate recovery codes which are of length 8 instead of the default of length 16, passing in an int (e.g. SecureToken(8)) will return a length 8 random string

api/mfa.go Show resolved Hide resolved
api/mfa.go Show resolved Hide resolved
api/mfa.go Outdated Show resolved Hide resolved
@J0 J0 changed the title [WIP]:Generate Recovery Codes Generate Recovery Codes Jul 1, 2022
@J0
Copy link
Contributor Author

J0 commented Jul 1, 2022

Going to merge first to aid development of other branches, have addressed the comments but feel free to let me know if there are additional changes we should make -- will file a PR against the mfa branch

@J0 J0 merged commit a457637 into mfa Jul 1, 2022
@J0 J0 deleted the j0_generate_recovery_codes branch July 1, 2022 09:43
@J0 J0 mentioned this pull request Oct 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kangmingtay kangmingtay kangmingtay approved these changes

@hf hf Awaiting requested review from hf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@J0 @kangmingtay