Add two-factor auth

Author: aarondl

blog.go

@@ -23,6 +23,9 @@ import (
 	"github.com/volatiletech/authboss/lock"
 	_ "github.com/volatiletech/authboss/logout"
 	aboauth "github.com/volatiletech/authboss/oauth2"
+	"github.com/volatiletech/authboss/otp/twofactor"
+	"github.com/volatiletech/authboss/otp/twofactor/sms2fa"
+	"github.com/volatiletech/authboss/otp/twofactor/totp2fa"
 	_ "github.com/volatiletech/authboss/recover"
 	_ "github.com/volatiletech/authboss/register"
 	"github.com/volatiletech/authboss/remember"
@@ -104,6 +107,10 @@ func setupAuthboss() {
 	// to type them again)
 	ab.Config.Modules.RegisterPreserveFields = []string{"email", "name"}
 
+	// TOTP2FAIssuer is the name of the issuer we use for totp 2fa
+	ab.Config.Modules.TOTP2FAIssuer = "ABBlog"
+	ab.Config.Modules.TwoFactorRedirectOnUnauthed = true
+
 	// This instantiates and uses every default implementation
 	// in the Config.Core area that exist in the defaults package.
 	// Just a convenient helper if you don't want to do anything fancy.
@@ -148,6 +155,22 @@ func setupAuthboss() {
 		ClientSecret string `toml:"client_secret"`
 	}{}
 
+	// Set up 2fa
+	twofaRecovery := &twofactor.Recovery{Authboss: ab}
+	if err := twofaRecovery.Setup(); err != nil {
+		panic(err)
+	}
+
+	totp := &totp2fa.TOTP{Authboss: ab}
+	if err := totp.Setup(); err != nil {
+		panic(err)
+	}
+
+	sms := &sms2fa.SMS{Authboss: ab, Sender: smsLogSender{}}
+	if err := sms.Setup(); err != nil {
+		panic(err)
+	}
+
 	// Set up Google OAuth2 if we have credentials in the
 	// file oauth2.toml for it.
 	_, err := toml.DecodeFile("oauth2.toml", &oauthcreds)
@@ -225,7 +248,7 @@ func main() {
 
 	// Authed routes
 	mux.Group(func(mux chi.Router) {
-		mux.Use(authboss.Middleware(ab, true, false), lock.Middleware(ab), confirm.Middleware(ab))
+		mux.Use(authboss.Middleware(ab, true, false, true), lock.Middleware(ab), confirm.Middleware(ab))
 		mux.MethodFunc("GET", "/blogs/new", newblog)
 		mux.MethodFunc("GET", "/blogs/{id}/edit", edit)
 		mux.MethodFunc("POST", "/blogs/{id}/edit", update)
@@ -503,3 +526,12 @@ func badRequest(w http.ResponseWriter, err error) bool {
 	fmt.Fprintln(w, "Bad request:", err)
 	return true
 }
+
+type smsLogSender struct {
+}
+
+// Send an SMS
+func (s smsLogSender) Send(number, text string) error {
+	fmt.Println("sms sent to:", number, "contents:", text)
+	return nil
+}

storer.go

@@ -8,6 +8,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/volatiletech/authboss"
 	aboauth "github.com/volatiletech/authboss/oauth2"
+	"github.com/volatiletech/authboss/otp/twofactor/sms2fa"
+	"github.com/volatiletech/authboss/otp/twofactor/totp2fa"
 )
 
 var nextUserID int
@@ -45,6 +47,11 @@ type User struct {
 	OAuth2RefreshToken string
 	OAuth2Expiry       time.Time
 
+	// 2fa
+	TOTPSecretKey  string
+	SMSPhoneNumber string
+	RecoveryCodes  string
+
 	// Remember is in another table
 }
 
@@ -61,6 +68,9 @@ var (
 	_ authboss.RecoverableUser = assertUser
 	_ authboss.ArbitraryUser   = assertUser
 
+	_ totp2fa.User = assertUser
+	_ sms2fa.User  = assertUser
+
 	_ authboss.CreatingServerStorer    = assertStorer
 	_ authboss.ConfirmingServerStorer  = assertStorer
 	_ authboss.RecoveringServerStorer  = assertStorer
@@ -103,6 +113,15 @@ func (u *User) PutRecoverVerifier(token string) { u.RecoverVerifier = token }
 // PutRecoverExpiry into user
 func (u *User) PutRecoverExpiry(expiry time.Time) { u.RecoverTokenExpiry = expiry }
 
+// PutTOTPSecretKey into user
+func (u *User) PutTOTPSecretKey(key string) { u.TOTPSecretKey = key }
+
+// PutSMSPhoneNumber into user
+func (u *User) PutSMSPhoneNumber(key string) { u.SMSPhoneNumber = key }
+
+// PutRecoveryCodes into user
+func (u *User) PutRecoveryCodes(key string) { u.RecoveryCodes = key }
+
 // PutOAuth2UID into user
 func (u *User) PutOAuth2UID(uid string) { u.OAuth2UID = uid }
 
@@ -161,12 +180,14 @@ func (u User) GetRecoverVerifier() string { return u.RecoverVerifier }
 // GetRecoverExpiry from user
 func (u User) GetRecoverExpiry() time.Time { return u.RecoverTokenExpiry }
 
-// GetArbitrary from user
-func (u User) GetArbitrary() map[string]string {
-	return map[string]string{
-		"name": u.Name,
-	}
-}
+// GetTOTPSecretKey from user
+func (u User) GetTOTPSecretKey() string { return u.TOTPSecretKey }
+
+// GetSMSPhoneNumber from user
+func (u User) GetSMSPhoneNumber() string { return u.SMSPhoneNumber }
+
+// GetRecoveryCodes from user
+func (u User) GetRecoveryCodes() string { return u.RecoveryCodes }
 
 // IsOAuth2User returns true if the user was created with oauth2
 func (u User) IsOAuth2User() bool { return len(u.OAuth2UID) != 0 }
@@ -186,6 +207,13 @@ func (u User) GetOAuth2RefreshToken() (refreshToken string) { return u.OAuth2Ref
 // GetOAuth2Expiry from user
 func (u User) GetOAuth2Expiry() (expiry time.Time) { return u.OAuth2Expiry }
 
+// GetArbitrary from user
+func (u User) GetArbitrary() map[string]string {
+	return map[string]string{
+		"name": u.Name,
+	}
+}
+
 // MemStorer stores users in memory
 type MemStorer struct {
 	Users  map[string]User