go-urlsh/internal/db/multifactor.go

115 lines
3.6 KiB
Go
Raw Permalink Normal View History

2024-05-04 17:06:01 +02:00
package db
import (
"context"
2024-09-30 13:19:01 +02:00
"errors"
2024-05-04 17:06:01 +02:00
"fmt"
"log"
2024-05-04 17:06:01 +02:00
2024-09-30 13:19:01 +02:00
"code.lila.network/adoralaura/go-urlsh/internal/misc"
2024-05-04 17:06:01 +02:00
"code.lila.network/adoralaura/go-urlsh/models"
2024-09-30 13:19:01 +02:00
"github.com/uptrace/bun"
2024-05-04 17:06:01 +02:00
)
// UserHasMFA checks the DB if given models.User has MFA enabled.
// Returns (true, nil) if User has MFA enabled, (false, nil) if not.
// (false, error) if a DB error happened
2024-05-04 17:06:01 +02:00
func UserHasMFA(user models.User) (bool, error) {
numrows, err := models.DB.NewSelect().Model((*models.MFAConfig)(nil)).Where("username = ?", user.UserName).Where("active = ?", true).Count(context.Background())
if err != nil {
return false, fmt.Errorf("[UserHasMFA] error getting MFA count from database: %q", err)
}
if numrows >= 1 {
return true, nil
}
return false, nil
}
2024-09-30 13:19:01 +02:00
// scratchCodeUnique checks the database if the generated scratch code
// is unique (not in the database yet)
2024-09-30 13:19:01 +02:00
func scratchCodeIsUnique(db *bun.DB, scratchcode string) bool {
var dbitem models.MFAScratchCode
2024-09-30 13:19:01 +02:00
numrows, err := db.NewSelect().Model(&dbitem).Where("code = ?", scratchcode).Count(context.Background())
if err != nil {
return false
}
if numrows != 0 {
return false
}
return true
}
// RemoveMFAFromDB removes MFA entries for given models.User from the database.
// Returns nil on success, error otherwise.
func RemoveMFAFromDB(user models.User) error {
hasMfa, err := UserHasMFA(user)
if err != nil {
return fmt.Errorf("[RemoveMFAFromDB] Error removing MFA from DB for user %v: %w", user.UserName, err)
}
if !hasMfa {
return nil
}
_, err = models.DB.NewDelete().Model((*models.MFAConfig)(nil)).Where("username = ?", user.UserName).Exec(context.Background())
if err != nil {
log.Println(err.Error())
return fmt.Errorf("[RemoveMFAFromDB] Error removing MFA Config from DB for user %v: %w", user.UserName, err)
}
_, err = models.DB.NewDelete().Model((*models.MFAScratchCode)(nil)).Where("username = ?", user.UserName).Exec(context.Background())
if err != nil {
log.Println(err.Error())
return fmt.Errorf("[RemoveMFAFromDB] Error removing MFA scratch codes from DB for user %v: %w", user.UserName, err)
}
return nil
}
2024-09-30 13:19:01 +02:00
// UserHasFailedMFAAttempt checks the DB for failed MFA Setup attempts
// e.g. inactive MFA config
func UserHasFailedMFAAttempt(user models.User) (bool, error) {
//var mfaconfig models.MFAConfig
//numrows, err := models.DB.NewSelect().Model(&mfaconfig).
// Where("username = ?", user.UserName).Where("active = ?", false).
// Count(context.Background())
//if err != nil {
// return false, err
//}
return true, nil
}
// GenerateNewScratchcodes generates new unique scratch codes, inserts them into the database
// and returns the scratch codes as []models.MFAScratchCode, and nil if successful. Returns empty
// []models.MFAScratchCode and an error if something failed
func GenerateNewScratchcodes(db *bun.DB, user models.User) ([]models.MFAScratchCode, error) {
scratchcodes := []models.MFAScratchCode{}
scratchcodeFailed := 0
// generate four unique(!) scratch codes for the user
for len(scratchcodes) != 4 {
if scratchcodeFailed > 15 {
return []models.MFAScratchCode{}, errors.New("failed to generate new scratch codes: maximum tries exceeded")
}
code := misc.RandomString(8)
if scratchCodeIsUnique(db, code) {
scratchcodes = append(scratchcodes, models.MFAScratchCode{
IsUsed: false, Code: code, UserName: user.UserName})
} else {
scratchcodeFailed++
}
}
_, err := db.NewInsert().Model(&scratchcodes).Exec(context.Background())
if err != nil {
return []models.MFAScratchCode{}, fmt.Errorf("error inserting new scratch codes to DB: %w", err)
}
return scratchcodes, nil
}