Skip to content

✨ Adds HOTP MFA code support #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nefrob wants to merge 10 commits into
base: develop
Choose a base branch
from
Open

✨ Adds HOTP MFA code support #206

nefrob wants to merge 10 commits into from

Conversation

@nefrob
Copy link

@nefrob nefrob commented Feb 1, 2023
edited
Loading

Resolves #204.
Resolves #205.

Adds support for counter based 2fa codes for all 2fa methods except app/yubi key.

  • HOTP codes are guaranteed to be unique by incrementing a counter each time a code is generated
  • Consequently generating a new code invalidates the previously generated code
  • Storing a timestamp on code generation allows us to use validity windows
  • Clearing the timestamp on successful verify invalidates the current code so it can't be used again

To switch to HOTP based codes simply override the default message dispatcher used in the trench settings.

Action Items:

  • Correctly generate migrations? I ran python manage.py makemigrations from inside the test project
  • Regenerate documentation?

nefrob
nefrob commented Feb 1, 2023
View reviewed changes
nefrob
nefrob commented Feb 2, 2023
View reviewed changes
nefrob
nefrob commented Feb 2, 2023
View reviewed changes
@nefrob nefrob marked this pull request as draft February 2, 2023 03:41
@nefrob nefrob marked this pull request as ready for review February 3, 2023 05:07
nefrob
nefrob commented Feb 4, 2023
View reviewed changes
@nefrob nefrob changed the title ✨ Adds HOTP 2fa code support ✨ Adds HOTP MFA code support Feb 4, 2023
kkray-rodinia
kkray-rodinia reviewed Feb 9, 2023
View reviewed changes
@nefrob nefrob mentioned this pull request Feb 13, 2023
Closed
wmaciejewskimer
wmaciejewskimer approved these changes Mar 17, 2023
View reviewed changes
Copy link
Collaborator

@wmaciejewskimer wmaciejewskimer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me

@nefrob nefrob mentioned this pull request May 31, 2023
Open
@nefrob nefrob mentioned this pull request Jun 30, 2023
Closed
@izimobil
Copy link

izimobil commented Jun 14, 2024

Hi,
Very interesting PR, do you need any help to get this merged ?
Thanks.

@nefrob
Copy link
Author

nefrob commented Jun 14, 2024
edited
Loading

@izimobil someone with merge access on this repo would have to do it. It's been a while since I've looked at this PR/repo though so it might need some updates before then as well.

You can always fork this repo and merge this PR there if you need these changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wmaciejewskimer wmaciejewskimer wmaciejewskimer approved these changes

+1 more reviewer

@kkray-rodinia kkray-rodinia kkray-rodinia approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Twilio/SMS should support counter based codes Current develop branch needs makemigrations run to add 0005 migration

4 participants

@nefrob @izimobil @kkray-rodinia @wmaciejewskimer