logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

totp.ex (2721B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.MFA.TOTP do
  6.   @moduledoc """
  7.   This module represents functions to create secrets for
  8.   TOTP Application as well as validate them with a time based token.
  9.   """
  10.   alias Pleroma.Config
  12.   @config_ns [:instance, :multi_factor_authentication, :totp]
  14.   @doc """
  15.   https://github.com/google/google-authenticator/wiki/Key-Uri-Format
  16.   """
  17.   @spec provisioning_uri(String.t(), String.t(), list()) :: String.t()
  18.   def provisioning_uri(secret, label, opts \\ []) do
  19.     query =
  20.       %{
  21.         secret: secret,
  22.         issuer: Keyword.get(opts, :issuer, default_issuer()),
  23.         digits: Keyword.get(opts, :digits, default_digits()),
  24.         period: Keyword.get(opts, :period, default_period())
  25.       }
  26.       |> Enum.filter(fn {_, v} -> not is_nil(v) end)
  27.       |> Enum.into(%{})
  28.       |> URI.encode_query()
  30.     %URI{scheme: "otpauth", host: "totp", path: "/" <> label, query: query}
  31.     |> to_string()
  32.   end
  34.   defp default_period, do: Config.get(@config_ns ++ [:period])
  35.   defp default_digits, do: Config.get(@config_ns ++ [:digits])
  37.   defp default_issuer,
  38.     do: Config.get(@config_ns ++ [:issuer], Config.get([:instance, :name]))
  40.   @doc "Creates a random Base 32 encoded string"
  41.   def generate_secret do
  42.     Base.encode32(:crypto.strong_rand_bytes(10))
  43.   end
  45.   @doc "Generates a valid token based on a secret"
  46.   def generate_token(secret) do
  47.     :pot.totp(secret)
  48.   end
  50.   @doc """
  51.   Validates a given token based on a secret.
  53.   optional parameters:
  54.   `token_length` default `6`
  55.   `interval_length` default `30`
  56.   `window` default 0
  58.   Returns {:ok, :pass} if the token is valid and
  59.   {:error, :invalid_token} if it is not.
  60.   """
  61.   @spec validate_token(String.t(), String.t()) ::
  62.           {:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
  63.   def validate_token(secret, token)
  64.       when is_binary(secret) and is_binary(token) do
  65.     opts = [
  66.       token_length: default_digits(),
  67.       interval_length: default_period()
  68.     ]
  70.     validate_token(secret, token, opts)
  71.   end
  73.   def validate_token(_, _), do: {:error, :invalid_secret_and_token}
  75.   @doc "See `validate_token/2`"
  76.   @spec validate_token(String.t(), String.t(), Keyword.t()) ::
  77.           {:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
  78.   def validate_token(secret, token, options)
  79.       when is_binary(secret) and is_binary(token) do
  80.     case :pot.valid_totp(token, secret, options) do
  81.       true -> {:ok, :pass}
  82.       false -> {:error, :invalid_token}
  83.     end
  84.   end
  86.   def validate_token(_, _, _), do: {:error, :invalid_secret_and_token}
  87. end