Implemented U2F, refactored Two Factor authentication, registering U2F device and authentication should work. Works on Chrome on MacOS with a virtual device.

2025-05-10 05:33:56 +00:00 · 2018-07-12 21:46:50 +02:00 · 2018-07-12 21:46:50 +02:00 · dae92b9018
commit dae92b9018
parent dde7c0d99b
17 changed files with 816 additions and 272 deletions
--- a/migrations/2018-07-11-181453_create_u2f_twofactor/down.sql
+++ b/migrations/2018-07-11-181453_create_u2f_twofactor/down.sql
@ -0,0 +1,8 @@
+UPDATE users
+SET totp_secret = (
+    SELECT twofactor.data FROM twofactor
+    WHERE twofactor.type = 0 
+    AND twofactor.user_uuid = users.uuid
+);
+
+DROP TABLE twofactor;
--- a/migrations/2018-07-11-181453_create_u2f_twofactor/up.sql
+++ b/migrations/2018-07-11-181453_create_u2f_twofactor/up.sql
@ -0,0 +1,15 @@
+CREATE TABLE twofactor (
+  uuid      TEXT     NOT NULL PRIMARY KEY,
+  user_uuid TEXT     NOT NULL REFERENCES users (uuid),
+  type      INTEGER  NOT NULL,
+  enabled   BOOLEAN  NOT NULL,
+  data      TEXT     NOT NULL,
+
+  UNIQUE (user_uuid, type)
+);
+
+
+INSERT INTO twofactor (uuid, user_uuid, type, enabled, data) 
+SELECT lower(hex(randomblob(16))) , uuid, 0, 1, u.totp_secret FROM users u where u.totp_secret IS NOT NULL;
+
+UPDATE users SET totp_secret = NULL; -- Instead of recreating the table, just leave the columns empty