Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(api): Redo MFA to use scoped tokens. #1655

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

feat(api): Redo MFA to use scoped tokens. #1655

wants to merge 4 commits into from

Conversation

elliotcourant
Copy link
Member

This is an effort to make MFA dependent on the audience of the token
that was issued rather than a weird state where credentials must be
resubmitted.

@codecov-commenter
Copy link

codecov-commenter commented Jan 3, 2024
edited

Codecov Report

Attention: Patch coverage is 40.18692% with 64 lines in your changes are missing coverage. Please review.

Project coverage is 52.45%. Comparing base (3f5f2c8) to head (88421b2).

Files Patch % Lines
server/controller/authentication.go 39.24% 47 Missing and 1 partial ⚠️
server/controller/user.go 0.00% 13 Missing ⚠️
server/controller/middleware.go 70.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1655      +/-   ##
==========================================
- Coverage   52.59%   52.45%   -0.14%     
==========================================
  Files         359      359              
  Lines       20378    20457      +79     
  Branches      482      482              
==========================================
+ Hits        10717    10731      +14     
- Misses       9041     9110      +69     
+ Partials      620      616       -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@elliotcourant elliotcourant self-assigned this Feb 20, 2024
@elliotcourant
feat(api): Redo MFA to use scoped tokens.
3b11379 
This is an effort to make MFA dependent on the audience of the token
that was issued rather than a weird state where credentials must be
resubmitted.
@elliotcourant
chore: Return a different token
c56c156
@elliotcourant
chore: Progress
a545630
@elliotcourant
chore: PRogress
88421b2
elliotcourant
elliotcourant commented Feb 28, 2024
View reviewed changes
server/controller/authentication.go
Comment on lines +261 to +263
if err := me.Login.VerifyTOTP(request.TOTP, c.clock.Now()); err != nil {
return c.returnError(ctx, http.StatusUnauthorized, "invalid TOTP code")
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double check to see if this will remove the cookie, we need to keep that around. We dont want to remove it if they get it wrong, it should be good for a few minutes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@elliotcourant elliotcourant

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@elliotcourant @codecov-commenter