diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2021-12-01 23:11:29 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-01 23:11:29 +1100 |
| commit | ad8e844af648650be2de59d846ef74d5756d2ae3 (patch) | |
| tree | 5c2faeb14a010b5cb3957785a4c237a770215691 /internal/storage/sql_provider.go | |
| parent | 01b77384f965fb2172bbf7c5ac00d086e437efa1 (diff) | |
feat(totp): algorithm and digits config (#2634)
Allow users to configure the TOTP Algorithm and Digits. This should be used with caution as many TOTP applications do not support it. Some will also fail to notify the user that there is an issue. i.e. if the algorithm in the QR code is sha512, they continue to generate one time passwords with sha1. In addition this drastically refactors TOTP in general to be more user friendly by not forcing them to register a new device if the administrator changes the period (or algorithm).
Fixes #1226.
Diffstat (limited to 'internal/storage/sql_provider.go')
| -rw-r--r-- | internal/storage/sql_provider.go | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/internal/storage/sql_provider.go b/internal/storage/sql_provider.go index 9f448165f..6a983bd79 100644 --- a/internal/storage/sql_provider.go +++ b/internal/storage/sql_provider.go @@ -12,19 +12,21 @@ import ( "github.com/sirupsen/logrus" "github.com/authelia/authelia/v4/internal/authentication" + "github.com/authelia/authelia/v4/internal/configuration/schema" "github.com/authelia/authelia/v4/internal/logging" "github.com/authelia/authelia/v4/internal/models" ) // NewSQLProvider generates a generic SQLProvider to be used with other SQL provider NewUp's. -func NewSQLProvider(name, driverName, dataSourceName, encryptionKey string) (provider SQLProvider) { +func NewSQLProvider(config *schema.Configuration, name, driverName, dataSourceName string) (provider SQLProvider) { db, err := sqlx.Open(driverName, dataSourceName) provider = SQLProvider{ db: db, - key: sha256.Sum256([]byte(encryptionKey)), + key: sha256.Sum256([]byte(config.Storage.EncryptionKey)), name: name, driverName: driverName, + config: config, errOpen: err, log: logging.Logger(), @@ -64,10 +66,6 @@ func NewSQLProvider(name, driverName, dataSourceName, encryptionKey string) (pro sqlFmtRenameTable: queryFmtRenameTable, } - key := sha256.Sum256([]byte(encryptionKey)) - - provider.key = key - return provider } @@ -77,6 +75,7 @@ type SQLProvider struct { key [32]byte name string driverName string + config *schema.Configuration errOpen error log *logrus.Logger @@ -251,7 +250,7 @@ func (p *SQLProvider) SaveTOTPConfiguration(ctx context.Context, config models.T } if _, err = p.db.ExecContext(ctx, p.sqlUpsertTOTPConfig, - config.Username, config.Algorithm, config.Digits, config.Period, config.Secret); err != nil { + config.Username, config.Issuer, config.Algorithm, config.Digits, config.Period, config.Secret); err != nil { return fmt.Errorf("error upserting TOTP configuration: %w", err) } @@ -273,7 +272,7 @@ func (p *SQLProvider) LoadTOTPConfiguration(ctx context.Context, username string if err = p.db.QueryRowxContext(ctx, p.sqlSelectTOTPConfig, username).StructScan(config); err != nil { if errors.Is(err, sql.ErrNoRows) { - return nil, ErrNoTOTPSecret + return nil, ErrNoTOTPConfiguration } return nil, fmt.Errorf("error selecting TOTP configuration: %w", err) |