Wt  4.11.0
Loading...
Searching...
No Matches
Public Member Functions | List of all members
Wt::Auth::Mfa::TotpProcess Class Reference

A process managing the TOTP setup and validation. More...

Inheritance diagram for Wt::Auth::Mfa::TotpProcess:
[legend]

Public Member Functions

 TotpProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login)
 Constructs the TotpProcess holding the TOTP "login".
 
virtual ~TotpProcess ()
 Destructor.
 
void processEnvironment () override
 Processes the (initial) environment.
 
std::unique_ptr< WWidgetcreateSetupView () override
 Creates the view to manage the TOTP code.
 
std::unique_ptr< WWidgetcreateInputView () override
 Creates the view to input the TOTP code.
 
Signal< AuthenticationResult > & authenticated ()
 Signal emitted upon an authentication event.
 
- Public Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess
 AbstractMfaProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login)
 Constructor.
 
virtual const std::string & provider () const
 Returns the name of the provider for the process.
 
void setMfaThrottle (std::unique_ptr< AuthThrottle > authThrottle)
 Sets the instance that manages throttling.
 
- Public Member Functions inherited from Wt::WObject
void addChild (std::unique_ptr< WObject > child)
 Add a child WObject whose lifetime is determined by this WObject.
 
template<typename Child >
ChildaddChild (std::unique_ptr< Child > child)
 Add a child WObject, returning a raw pointer.
 
std::unique_ptr< WObjectremoveChild (WObject *child)
 Remove a child WObject, so its lifetime is no longer determined by this WObject.
 
template<typename Child >
std::unique_ptr< ChildremoveChild (Child *child)
 Remove a child WObject, so its lifetime is no longer determined by this WObject.
 
virtual const std::string id () const
 Returns the (unique) identifier for this object.
 
virtual void setObjectName (const std::string &name)
 Sets an object name.
 
virtual std::string objectName () const
 Returns the object name.
 
void resetLearnedSlots ()
 Resets learned stateless slot implementations.
 
template<class T >
void resetLearnedSlot (void(T::*method)())
 Resets a learned stateless slot implementation.
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)())
 Declares a slot to be stateless and learn client-side behaviour on first invocation.
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)(), void(T::*undoMethod)())
 Declares a slot to be stateless and learn client-side behaviour in advance.
 
void isNotStateless ()
 Marks the current function as not stateless.
 
template<class T >
WStatelessSlot * implementJavaScript (void(T::*method)(), const std::string &jsCode)
 Provides a JavaScript implementation for a method.
 
- Public Member Functions inherited from Wt::Core::observable
 observable () noexcept
 Default constructor.
 
virtual ~observable ()
 Destructor.
 
template<typename... Args, typename C >
auto bindSafe (void(C::*method)(Args...)) noexcept
 Protects a method call against object destruction.
 
template<typename... Args, typename C >
auto bindSafe (void(C::*method)(Args...) const) const noexcept
 Protects a const method call against object destruction.
 
template<typename Function >
auto bindSafe (const Function &function) noexcept
 Protects a function against object destruction.
 

Additional Inherited Members

- Public Types inherited from Wt::WObject
typedef void(WObject::* Method) ()
 Typedef for a WObject method without arguments.
 
- Protected Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess
virtual Wt::WString userIdentity ()
 Retrieves the current User's identity for the provider.
 
virtual bool createUserIdentity (const Wt::WString &identityValue)
 Adds an Identity to the current User with the given value.
 
virtual User processMfaToken ()
 Processes an MFA authentication token.
 
virtual void setRememberMeCookie (User user)
 Creates an MFA authentication token.
 
virtual void configureThrottling (WInteractWidget *button)
 Configures client-side throttling on the process.
 
virtual void updateThrottling (WInteractWidget *button)
 Updates client-side login throttling on the process.
 
- Protected Member Functions inherited from Wt::WObject
virtual WStatelessSlot * getStateless (Method method)
 On-demand stateless slot implementation.
 

Detailed Description

A process managing the TOTP setup and validation.

This process allows the User that is trying to log in an extra step to validate their identity. They will have to provide the TOTP code as an extra step to validate their log-in additionally.

This process' functionality is twofold. If a User does not have TOTP set-up yet, they will be shown the QR code and the secret key. They can then add this to an authenticator app or extension of their choice (createSetupView()).

If they have it enabled already, they will simply be asked to provide a TOTP code to verify their identity as a second factor (createInputView()).

This process will also look in the environment for cookies, so that the MFA step can also be remembered (processEnvironment()). If the user logs in using a device they use often, they can opt to remember the login, which creates a cookie (see AuthService::setMfaTokenCookieName(), and AuthService::setMfaTokenValidity()). If this cookie remains in the user's browser, and in the local database (in the "auth_token" table, by default), the user's TOTP step can be skipped for a certain time (see AbstractMfaProcess::processMfaToken()).

If a developer wants to force all users to use this functionality, they can do so by enabling AuthService::setMfaRequired().

Whether or not this process is executed when logging in, is managed by AuthModel::hasMfaStep().

See also
AuthService::setMfaRequired()
validateCode()

Constructor & Destructor Documentation

◆ TotpProcess()

Wt::Auth::Mfa::TotpProcess::TotpProcess ( const AuthService authService,
AbstractUserDatabase users,
Login login 
)

Constructs the TotpProcess holding the TOTP "login".

For the provided authentication service authService this will either request a TOTP code from the user as a second factor, or initiate the process to add the TOTP secret to their record, allowing for future TOTP code requests.

Optionally, if authentication tokens are enabled (see AuthService::setAuthTokensEnabled()), this step can be temporarily bypassed, for as long as the token is valid (see AuthService::mfaTokenValidity()).

Member Function Documentation

◆ authenticated()

Signal< AuthenticationResult > & Wt::Auth::Mfa::TotpProcess::authenticated ( )

Signal emitted upon an authentication event.

This event can be a success, failure, or error.

The additional string can provide more information on the attempt, indicating the type of error, or the reason for the failure. The status and message are both stored in an instance of the AuthenticationResult.

This can be used to reliably check whether the user has logged in with MFA. Previously the Login::changed() signal had been fired, when the user logged in, but it could still be that the state was not LoginState::Weak or LoginState::Strong, but LoginState::RequiresMfa. This signal can be listened to, to ensure that, on success, the user will actually be logged in.

Side-effects to the login can then be attached to this signal.

◆ createSetupView()

std::unique_ptr< WWidget > Wt::Auth::Mfa::TotpProcess::createSetupView ( )
overridevirtual

Creates the view to manage the TOTP code.

This either adds a new code to the user, or expects a code to be entered based on their existing TOTP secret key.

Implements Wt::Auth::Mfa::AbstractMfaProcess.

◆ processEnvironment()

void Wt::Auth::Mfa::TotpProcess::processEnvironment ( )
overridevirtual

Processes the (initial) environment.

This can be called to tell the widget to look through the environment for the relevent cookies. It will handle the side-effect of finding such a cookie, and it still being valid. The user will be logged in, in a weak state (LoginState::Weak), and the authenticated() signal will be fired, with an AuthenticationStatus::Success.

Reimplemented from Wt::Auth::Mfa::AbstractMfaProcess.