Exemplo n.º 1
0
func TOTPConfirmHandler(w http.ResponseWriter, r *http.Request) {
	user := GetUser(r, false)
	if user == nil {
		ReturnJSON(API_UNAUTHORIZED, "Unauthorized")
	}

	totpCode := GetParam(r, "code")
	if !totp.Authenticate(user.TOTPKey, totpCode, nil) {
		ReturnJSON(API_INVALID_PARAM, "Wrong TOTP Code")
	}

	// Google auth authenticated.
	session := seshcookie.Session.Get(r)
	session["totpConfirmed"] = "true"
	UpdateUserSetTOTPConfirmed(user.Id)

	resJSON, err := json.Marshal(map[string]interface{}{
		"status": "OK",
		"data": map[string]interface{}{
			"user": user,
		},
	})
	if err != nil {
		panic(err)
	}
	// NOTE: we can't use ReturnJSON() here because
	// that throws a panic, which skips the cookie header writing,
	// performed by 'seshcookie'.
	w.Header().Set("Content-Type", "application/json")
	w.WriteHeader(200)
	w.Write(resJSON)
}
Exemplo n.º 2
0
func main() {
	img, _ := totp.BarcodeImage("testing-totp", []byte("foobar"), nil)
	ioutil.WriteFile("barcode.png", img, 0777)
	fmt.Println("Barcode image written to barcode.png")
	fmt.Println("Enter your token and I will tell you whether it is right")

	in := bufio.NewReader(os.Stdin)
	input := ""

	for input != "q" {
		input, _ := in.ReadString('\n')
		input = strings.TrimRight(input, "\n")
		ok := totp.Authenticate([]byte("foobar"), input, nil)
		fmt.Println(fmt.Sprintf("%v", ok))
	}
}