A process managing the TOTP setup and validation. More...
Public Member Functions | |
| TotpProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login) | |
| Constructs the TotpProcess holding the TOTP "login". More... | |
| virtual | ~TotpProcess () |
| Destructor. | |
| void | processEnvironment () override |
| Processes the (initial) environment. More... | |
| std::unique_ptr< WWidget > | createSetupView () override |
| Creates the view to manage the TOTP code. More... | |
| std::unique_ptr< WWidget > | createInputView () override |
| Creates the view to input the TOTP code. | |
| Signal< AuthenticationResult > & | authenticated () |
| Signal emitted upon an authentication event. More... | |
 Public Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess | |
| AbstractMfaProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login) | |
| Constructor. | |
| virtual const std::string & | provider () const |
| Returns the name of the provider for the process. More... | |
| void | setMfaThrottle (std::unique_ptr< AuthThrottle > authThrottle) |
| Sets the instance that manages throttling. More... | |
| Public Member Functions inherited from Wt::WObject | |
| void | addChild (std::unique_ptr< WObject > child) |
| Add a child WObject whose lifetime is determined by this WObject. | |
| template<typename Child > | |
| Child * | addChild (std::unique_ptr< Child > child) |
| Add a child WObject, returning a raw pointer. More... | |
| std::unique_ptr< WObject > | removeChild (WObject *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| template<typename Child > | |
| std::unique_ptr< Child > | removeChild (Child *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. More... | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. More... | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. More... | |
| virtual std::string | objectName () const |
| Returns the object name. More... | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. More... | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
| void | isNotStateless () |
| Marks the current function as not stateless. More... | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. More... | |
| Public Member Functions inherited from Wt::Core::observable | |
| observable () noexcept | |
| Default constructor. | |
| virtual | ~observable () |
| Destructor. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...)) noexcept |
| Protects a method call against object destruction. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
| Protects a const method call against object destruction. More... | |
| template<typename Function > | |
| auto | bindSafe (const Function &function) noexcept |
| Protects a function against object destruction. More... | |
Additional Inherited Members | |
| Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
| Protected Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess | |
| virtual Wt::WString | userIdentity () |
| Retrieves the current User's identity for the provider. More... | |
| virtual bool | createUserIdentity (const Wt::WString &identityValue) |
| Adds an Identity to the current User with the given value. More... | |
| virtual User | processMfaToken () |
| Processes an MFA authentication token. More... | |
| virtual void | setRememberMeCookie (User user) |
| Creates an MFA authentication token. More... | |
| virtual void | configureThrottling (WInteractWidget *button) |
| Configures client-side throttling on the process. More... | |
| virtual void | updateThrottling (WInteractWidget *button) |
| Updates client-side login throttling on the process. More... | |
| Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. More... | |
Detailed Description
A process managing the TOTP setup and validation.
This process allows the User that is trying to log in an extra step to validate their identity. They will have to provide the TOTP code as an extra step to validate their log-in additionally.
This process' functionality is twofold. If a User does not have TOTP set-up yet, they will be shown the QR code and the secret key. They can then add this to an authenticator app or extension of their choice (createSetupView()).
If they have it enabled already, they will simply be asked to provide a TOTP code to verify their identity as a second factor (createInputView()).
This process will also look in the environment for cookies, so that the MFA step can also be remembered (processEnvironment()). If the user logs in using a device they use often, they can opt to remember the login, which creates a cookie (see AuthService::setMfaTokenCookieName(), and AuthService::setMfaTokenValidity()). If this cookie remains in the user's browser, and in the local database (in the "auth_token" table, by default), the user's TOTP step can be skipped for a certain time (see AbstractMfaProcess::processMfaToken()).
If a developer wants to force all users to use this functionality, they can do so by enabling AuthService::setMfaRequired().
Whether or not this process is executed when logging in, is managed by AuthModel::hasMfaStep().
Constructor & Destructor Documentation
◆ TotpProcess()
| Wt::Auth::Mfa::TotpProcess::TotpProcess | ( | const AuthService & | authService, |
| AbstractUserDatabase & | users, | ||
| Login & | login | ||
| ) |
Constructs the TotpProcess holding the TOTP "login".
For the provided authentication service authService this will either request a TOTP code from the user as a second factor, or initiate the process to add the TOTP secret to their record, allowing for future TOTP code requests.
Optionally, if authentication tokens are enabled (see AuthService::setAuthTokensEnabled()), this step can be temporarily bypassed, for as long as the token is valid (see AuthService::mfaTokenValidity()).
Member Function Documentation
◆ authenticated()
| Signal<AuthenticationResult>& Wt::Auth::Mfa::TotpProcess::authenticated | ( | ) |
Signal emitted upon an authentication event.
This event can be a success, failure, or error.
The additional string can provide more information on the attempt, indicating the type of error, or the reason for the failure. The status and message are both stored in an instance of the AuthenticationResult.
This can be used to reliably check whether the user has logged in with MFA. Previously the Login::changed() signal had been fired, when the user logged in, but it could still be that the state was not LoginState::Weak or LoginState::Strong, but LoginState::RequiresMfa. This signal can be listened to, to ensure that, on success, the user will actually be logged in.
Side-effects to the login can then be attached to this signal.
◆ createSetupView()
|
overridevirtual |
Creates the view to manage the TOTP code.
This either adds a new code to the user, or expects a code to be entered based on their existing TOTP secret key.
Implements Wt::Auth::Mfa::AbstractMfaProcess.
◆ processEnvironment()
|
overridevirtual |
Processes the (initial) environment.
This can be called to tell the widget to look through the environment for the relevent cookies. It will handle the side-effect of finding such a cookie, and it still being valid. The user will be logged in, in a weak state (LoginState::Weak), and the authenticated() signal will be fired, with an AuthenticationStatus::Success.
Reimplemented from Wt::Auth::Mfa::AbstractMfaProcess.
