A process managing the TOTP setup and validation. More...
Public Member Functions | |
| TotpProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login) | |
| Constructs the TotpProcess holding the TOTP "login". More... | |
| virtual | ~TotpProcess () |
| Destructor. | |
| void | processEnvironment () override |
| Processes the (initial) environment. More... | |
| std::unique_ptr< WWidget > | createSetupView () override |
| Creates the view to manage the TOTP code. More... | |
| std::unique_ptr< WWidget > | createInputView () override |
| Creates the view to input the TOTP code. | |
| Signal< AuthenticationResult > & | authenticated () |
| Signal emitted upon an authentication event. More... | |
 Public Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess | |
| AbstractMfaProcess (const AuthService &authService, AbstractUserDatabase &users, Login &login) | |
| Constructor. | |
| virtual const std::string & | provider () const |
| Returns the name of the provider for the process. More... | |
| void | setMfaThrottle (std::unique_ptr< AuthThrottle > authThrottle) |
| Sets the instance that manages throttling. More... | |
| Public Member Functions inherited from Wt::WObject | |
| void | addChild (std::unique_ptr< WObject > child) |
| Add a child WObject whose lifetime is determined by this WObject. | |
| template<typename Child > | |
| Child * | addChild (std::unique_ptr< Child > child) |
| Add a child WObject, returning a raw pointer. More... | |
| std::unique_ptr< WObject > | removeChild (WObject *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. | |
| template<typename Child > | |
| std::unique_ptr< Child > | removeChild (Child *child) |
| Remove a child WObject, so its lifetime is no longer determined by this WObject. More... | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. More... | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. More... | |
| virtual std::string | objectName () const |
| Returns the object name. More... | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. More... | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
| void | isNotStateless () |
| Marks the current function as not stateless. More... | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. More... | |
| Public Member Functions inherited from Wt::Core::observable | |
| observable () noexcept | |
| Default constructor. | |
| virtual | ~observable () |
| Destructor. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...)) noexcept |
| Protects a method call against object destruction. More... | |
| template<typename... Args, typename C > | |
| auto | bindSafe (void(C::*method)(Args...) const) const noexcept |
| Protects a const method call against object destruction. More... | |
| template<typename Function > | |
| auto | bindSafe (const Function &function) noexcept |
| Protects a function against object destruction. More... | |
Protected Member Functions | |
| virtual std::unique_ptr< WTemplate > | createBaseView () |
| Creates the base of the UI. More... | |
| virtual void | bindQRCode (WTemplate *view) |
| Binds the QR Code to the UI. More... | |
| virtual void | bindCodeInput (WTemplate *view, bool throttle) |
| Binds the code input field to the UI. More... | |
| virtual void | bindRememberMe (WTemplate *view) |
| Binds "remember-me" checkbox to the UI. More... | |
| virtual void | bindLoginButton (WTemplate *view, bool throttle) |
| Binds the "Login" button to the UI. More... | |
| virtual void | bindLogoutButton (WTemplate *view) |
| Binds the "Back" button to the UI. More... | |
| virtual void | update (WTemplate *view, bool throttle) |
| Updates the UI after a verification attempt. More... | |
| virtual void | verifyCode (WTemplate *view, bool throttle) |
| Verifies the entered code. More... | |
| const std::string & | currentSecretKey () const |
| The secret key of the user. More... | |
| Protected Member Functions inherited from Wt::Auth::Mfa::AbstractMfaProcess | |
| virtual Wt::WString | userIdentity () |
| Retrieves the current User's identity for the provider. More... | |
| virtual bool | createUserIdentity (const Wt::WString &identityValue) |
| Adds an Identity to the current User with the given value. More... | |
| virtual User | processMfaToken () |
| Processes an MFA authentication token. More... | |
| virtual void | setRememberMeCookie (User user) |
| Creates an MFA authentication token. More... | |
| virtual void | configureThrottling (WInteractWidget *button) |
| Configures client-side throttling on the process. More... | |
| virtual void | updateThrottling (WInteractWidget *button) |
| Updates client-side login throttling on the process. More... | |
| Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. More... | |
Additional Inherited Members | |
| Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
Detailed Description
A process managing the TOTP setup and validation.
This process allows the User that is trying to log in an extra step to validate their identity. They will have to provide the TOTP code as an extra step to validate their log-in additionally.
This process' functionality is twofold. If a User does not have TOTP set-up yet, they will be shown the QR code and the secret key. They can then add this to an authenticator app or extension of their choice (createSetupView()).
If they have it enabled already, they will simply be asked to provide a TOTP code to verify their identity as a second factor (createInputView()).
This process will also look in the environment for cookies, so that the MFA step can also be remembered (processEnvironment()). If the user logs in using a device they use often, they can opt to remember the login, which creates a cookie (see AuthService::setMfaTokenCookieName(), and AuthService::setMfaTokenValidity()). If this cookie remains in the user's browser, and in the local database (in the "auth_token" table, by default), the user's TOTP step can be skipped for a certain time (see AbstractMfaProcess::processMfaToken()).
If a developer wants to force all users to use this functionality, they can do so by enabling AuthService::setMfaRequired().
Whether or not this process is executed when logging in, is managed by AuthModel::hasMfaStep().
Constructor & Destructor Documentation
◆ TotpProcess()
| Wt::Auth::Mfa::TotpProcess::TotpProcess | ( | const AuthService & | authService, |
| AbstractUserDatabase & | users, | ||
| Login & | login | ||
| ) |
Constructs the TotpProcess holding the TOTP "login".
For the provided authentication service authService this will either request a TOTP code from the user as a second factor, or initiate the process to add the TOTP secret to their record, allowing for future TOTP code requests.
Optionally, if authentication tokens are enabled (see AuthService::setAuthTokensEnabled()), this step can be temporarily bypassed, for as long as the token is valid (see AuthService::mfaTokenValidity()).
Member Function Documentation
◆ authenticated()
| Signal<AuthenticationResult>& Wt::Auth::Mfa::TotpProcess::authenticated | ( | ) |
Signal emitted upon an authentication event.
This event can be a success, failure, or error.
The additional string can provide more information on the attempt, indicating the type of error, or the reason for the failure. The status and message are both stored in an instance of the AuthenticationResult.
This can be used to reliably check whether the user has logged in with MFA. Previously the Login::changed() signal had been fired, when the user logged in, but it could still be that the state was not LoginState::Weak or LoginState::Strong, but LoginState::RequiresMfa. This signal can be listened to, to ensure that, on success, the user will actually be logged in.
Side-effects to the login can then be attached to this signal.
◆ bindCodeInput()
|
protectedvirtual |
Binds the code input field to the UI.
This creates and binds the field where the generated TOTP code will be entered.
The throttle parameter manages whether or not pressing "enter" on this field will result in the verification of the code being subject to throttling (see AuthThrottle).
- See also
- createBaseView()
◆ bindLoginButton()
|
protectedvirtual |
Binds the "Login" button to the UI.
This button will run the verification process on the entered TOTP code.
The throttle parameter manages whether or not pressing the button will result in the verification of the code being subject to throttling (see AuthThrottle).
- See also
- createBaseView()
◆ bindLogoutButton()
|
protectedvirtual |
Binds the "Back" button to the UI.
This button can be pressed to return to the original login page. This may be handy in case the user isn't able to provide the TOTP code.
- See also
- createBaseView()
◆ bindQRCode()
|
protectedvirtual |
Binds the QR Code to the UI.
This binds both the rendered QR code, as well as the secret itself (to be copied over to a authenticator app).
- See also
- createBaseView()
◆ bindRememberMe()
|
protectedvirtual |
Binds "remember-me" checkbox to the UI.
This creates and binds the checkbox which enables "remember-me" functionality, if this is enabled (see AuthService::setAuthTokensEnabled()).
- See also
- createBaseView()
◆ createBaseView()
|
protectedvirtual |
Creates the base of the UI.
This retrieves the message Wt.Auth.template.totp from Wt's resource bundle. This is used as the main template to build the UI from, and bind all elements to it.
◆ createSetupView()
|
overridevirtual |
Creates the view to manage the TOTP code.
This either adds a new code to the user, or expects a code to be entered based on their existing TOTP secret key.
Implements Wt::Auth::Mfa::AbstractMfaProcess.
◆ currentSecretKey()
|
protected |
The secret key of the user.
Either this is a newly generated key, in case the user is setting up their TOTP access. Or this is the one stored in the database. In case of the latter being true, be careful not to display this in the browser.
◆ processEnvironment()
|
overridevirtual |
Processes the (initial) environment.
This can be called to tell the widget to look through the environment for the relevant cookies. It will handle the side-effect of finding such a cookie, and it still being valid. The user will be logged in, in a weak state (LoginState::Weak), and the authenticated() signal will be fired, with an AuthenticationStatus::Success.
Reimplemented from Wt::Auth::Mfa::AbstractMfaProcess.
◆ update()
|
protectedvirtual |
Updates the UI after a verification attempt.
This updates the view with the effects of the verification attempt. Displaying a message in case it did not succeed, and updating the styling of the input field.
The throttle parameter manages whether or not the attempt will result in the verification of the code being subject to throttling (see AuthThrottle).
- See also
- createBaseView()
◆ verifyCode()
|
protectedvirtual |
Verifies the entered code.
The code the user provided is verified, and the UI is updated accordingly (using update()).
This also handles the actual authentication, in case the verification is successful. This logs in the user (see Login::login()), and fires the authenticated() signal.
In case of the "remember-me" functionality being enabled, it will create the cookie.
