feat(totp): reuse policy

This prevents the reuse of previously used codes being reused within the validity period. This is prevented in a smart way by recording the step multiplied by the period and hashing that value as a string with the HMAC-SHA256 algorithm, with a HMAC key unique to recording these values (auto generated). Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
author: James Elliott <james-d-elliott@users.noreply.github.com> 2023-11-30 20:29:25 +1100
committer: James Elliott <james-d-elliott@users.noreply.github.com> 2024-03-04 20:29:12 +1100
commit: 5d3e7a0183c9842c2cc4e6b12fe8300297110a71 (patch)
tree: bf9aa9a3c6c2ca4a70bd1fa12134b5b1a74f9209 /config.template.yml
parent: e4e878f05f8ae1e1784b3ac190459b2d506f796c (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/config.template.yml b/config.template.yml
index 1004f2706..62bf2b15e 100644
--- a/config.template.yml
+++ b/config.template.yml
@@ -209,6 +209,21 @@ totp:
   ## The size of the generated shared secrets. Default is 32 and is sufficient in most use cases, minimum is 20.
   # secret_size: 32
 
+  ## The allowed algorithms for a user to pick from.
+  # allowed_algorithms:
+  # - 'SHA1'
+
+  ## The allowed digits for a user to pick from.
+  # allowed_digits:
+  # - 6
+
+  ## The allowed periods for a user to pick from.
+  # allowed_periods:
+  # - 30
+
+  ## Disable the reuse security policy which prevents replays of one-time password code values.
+  # disable_reuse_security_policy: false
+
 ##
 ## WebAuthn Configuration
 ##
author	James Elliott <james-d-elliott@users.noreply.github.com>	2023-11-30 20:29:25 +1100
committer	James Elliott <james-d-elliott@users.noreply.github.com>	2024-03-04 20:29:12 +1100
commit	5d3e7a0183c9842c2cc4e6b12fe8300297110a71 (patch)
tree	bf9aa9a3c6c2ca4a70bd1fa12134b5b1a74f9209 /config.template.yml
parent	e4e878f05f8ae1e1784b3ac190459b2d506f796c (diff)