[feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA) * use byteutil.S2B to avoid allocations when comparing + generating password hashes * don't bother with string conversion for consts * use io.ReadFull * use MustGenerateSecret for backup codes * rename util functions
2025-10-31 05:52:25 -05:00 · 2025-04-07 16:14:41 +02:00 · 2025-04-07 16:14:41 +02:00 · 365b575341
commit 365b575341
parent 6f24205a26
78 changed files with 5593 additions and 825 deletions
--- a/internal/util/secret_test.go
+++ b/internal/util/secret_test.go
@ -0,0 +1,40 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package util_test
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/superseriousbusiness/gotosocial/internal/util"
+)
+
+func TestMustGenerateSecret(t *testing.T) {
+	var (
+		rStr = `^[0123456789ABCDEFGHJKMNPQRSTVWXYZ]{32}$`
+		r    = regexp.MustCompile(rStr)
+	)
+
+	for i := 0; i < 10; i++ {
+		secret := util.MustGenerateSecret()
+		if !r.MatchString(secret) {
+			t.Logf("%d: secret %s does not match regex %s", i, secret, rStr)
+			t.Fail()
+		}
+	}
+}