diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2025-04-07 16:14:41 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-04-07 16:14:41 +0200 |
| commit | 365b5753419238bb96bc3f9b744d380ff20cbafc (patch) | |
| tree | 6b8e8b605c4cddeb6e3bc0f574ffbc856657e56c /internal/api/model | |
| parent | [bugfix] Don't assume `"manuallyApprovesFollowers": true` if not set (#3978) (diff) | |
| download | gotosocial-365b5753419238bb96bc3f9b744d380ff20cbafc.tar.xz | |
[feature] add TOTP two-factor authentication (2FA) (#3960)
* [feature] add TOTP two-factor authentication (2FA)
* use byteutil.S2B to avoid allocations when comparing + generating password hashes
* don't bother with string conversion for consts
* use io.ReadFull
* use MustGenerateSecret for backup codes
* rename util functions
Diffstat (limited to 'internal/api/model')
| -rw-r--r-- | internal/api/model/oauth.go | 6 | ||||
| -rw-r--r-- | internal/api/model/user.go | 3 |
2 files changed, 6 insertions, 3 deletions
diff --git a/internal/api/model/oauth.go b/internal/api/model/oauth.go index 19097502d..a4840b10a 100644 --- a/internal/api/model/oauth.go +++ b/internal/api/model/oauth.go @@ -22,13 +22,13 @@ type OAuthAuthorize struct { // Forces the user to re-login, which is necessary for authorizing with multiple accounts from the same instance. ForceLogin string `form:"force_login" json:"force_login"` // Should be set equal to `code`. - ResponseType string `form:"response_type" json:"response_type"` + ResponseType string `form:"response_type" json:"response_type" validate:"required"` // Client ID, obtained during app registration. - ClientID string `form:"client_id" json:"client_id"` + ClientID string `form:"client_id" json:"client_id" validate:"required"` // Set a URI to redirect the user to. // If this parameter is set to urn:ietf:wg:oauth:2.0:oob then the authorization code will be shown instead. // Must match one of the redirect URIs declared during app registration. - RedirectURI string `form:"redirect_uri" json:"redirect_uri"` + RedirectURI string `form:"redirect_uri" json:"redirect_uri" validate:"required"` // List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters). // Must be a subset of scopes declared during app registration. If not provided, defaults to read. Scope string `form:"scope" json:"scope"` diff --git a/internal/api/model/user.go b/internal/api/model/user.go index 9226406d6..a0d13a501 100644 --- a/internal/api/model/user.go +++ b/internal/api/model/user.go @@ -60,6 +60,9 @@ type User struct { // Time when the last "please reset your password" email was sent, if at all. (ISO 8601 Datetime) // example: 2021-07-30T09:20:25+00:00 ResetPasswordSentAt string `json:"reset_password_sent_at,omitempty"` + // Time at which 2fa was enabled for this user. (ISO 8601 Datetime) + // example: 2021-07-30T09:20:25+00:00 + TwoFactorEnabledAt string `json:"two_factor_enabled_at,omitempty"` } // PasswordChangeRequest models user password change parameters. |