hailey.at / cocoon
An atproto PDS written in Go
fork atom

Implement 2FA (email) #3

merged
opened by willdot.net targeting main from willdot.net/cocoon: email-auth-factor

This implements 2FA (email only at the moment).

I have run this on my test account and tested various flows:

  • Turning 2FA on and off through the Bluesky app
  • Turning 2FA on and the updating my email address to a new one, and observing that 2FA is disabled
  • Logging in with 2FA enabled
  • Using a 3rd party app (tangled) to log into my account via OAuth and being able to provide the 2FA token (including providing the wrong password and token as well to ensure that when the correct password and token is provided, the flow continues as normal)
  • Logging into my PDS directly via the /account/login route with 2FA turned on
  • Create a new account and observing that the two_factor_type is preset to none

The UI for the the PDS /account/login screen is far from perfect and could use some improvements. For example once you're entered the handle and password, the page refreshes with the new token input, but the handle and password fields are now empty :(

0
by willdot.net 3 comments
expand 5 commits
e6c68509
implement enabling / disabling email auth factor (not currently checked on auth checks though)
c1d1e734
implement 2fa on creating a session
12a6212a
refactor the 2FA code into it's own field on model and generate a new email type
834dc6d8
implement providing 2FA token on PDS account login screen
cf6bcf64
refactor so that there's a 2FA type on the repo which replaces EmailAuthFactor
hailey.at

i can deal with the merge conflict, that just poor timing haha

willdot.net

Ha! Huge panic looking at all those conflict files but huge relief to see it鈥檚 only logging changes. Should be easy to sort out, I鈥檒l do it in the morning.

hailey.at

cool thank you! yea it should be very easy to clean up i think...i'd do it myself but actually not sure what the best way to do it with tangled is (on github i could usually just push right to your pr, idt i can do that here)

sign up or login to add to the discussion
1
by willdot.net 0 comments
expand 6 commits
e6c68509
implement enabling / disabling email auth factor (not currently checked on auth checks though)
c1d1e734
implement 2fa on creating a session
12a6212a
refactor the 2FA code into it's own field on model and generate a new email type
834dc6d8
implement providing 2FA token on PDS account login screen
cf6bcf64
refactor so that there's a 2FA type on the repo which replaces EmailAuthFactor
1c502e6b
another merge conflict
sign up or login to add to the discussion
2
by willdot.net 2 comments
expand 5 commits
1b9eeb5b
implement enabling / disabling email auth factor (not currently checked on auth checks though)
f720a386
implement 2fa on creating a session
86972c4f
refactor the 2FA code into it's own field on model and generate a new email type
9b2309fd
implement providing 2FA token on PDS account login screen
4fd89fcc
refactor so that there's a 2FA type on the repo which replaces EmailAuthFactor
willdot.net

Merge conflicts solved.

hailey.at

thank you!! woo! i might try to build on top of this and get at least oath working, maybe just totp for now

pull request successfully merged
sign up or login to add to the discussion
Labels

None yet.

Participants 2
AT URI
at://did:plc:dadhhalkfcq3gucaq25hjqon/sh.tangled.repo.pull/3mbho3gx4yz22