1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Auth.TOTPAuthenticator do
9 alias Pleroma.Web.Plugs.AuthenticationPlug
11 @doc "Verify code or check backup code."
12 @spec verify(String.t(), User.t()) ::
13 {:ok, :pass} | {:error, :invalid_token | :invalid_secret_and_token}
17 multi_factor_authentication_settings:
18 %{enabled: true, totp: %{secret: secret, confirmed: true}} = _
21 when is_binary(token) and byte_size(token) > 0 do
22 TOTP.validate_token(secret, token)
25 def verify(_, _), do: {:error, :invalid_token}
27 @spec verify_recovery_code(User.t(), String.t()) ::
28 {:ok, :pass} | {:error, :invalid_token}
29 def verify_recovery_code(
30 %User{multi_factor_authentication_settings: %{enabled: true, backup_codes: codes}} = user,
33 when is_list(codes) and is_binary(code) do
34 hash_code = Enum.find(codes, fn hash -> AuthenticationPlug.checkpw(code, hash) end)
37 MFA.invalidate_backup_code(user, hash_code)
40 {:error, :invalid_token}
44 def verify_recovery_code(_, _), do: {:error, :invalid_token}