Packages
ash_authentication
5.0.0-rc.6
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/strategies/totp/dsl.ex
# SPDX-FileCopyrightText: 2022 Alembic Pty Ltd
#
# SPDX-License-Identifier: MIT
defmodule AshAuthentication.Strategy.Totp.Dsl do
@moduledoc """
Defines the Spark DSL entity for this strategy.
"""
alias AshAuthentication.Strategy.Totp
@doc false
@spec dsl :: map
def dsl do
%Spark.Dsl.Entity{
name: :totp,
describe: """
Adds TOTP-based one-time passcode authentication.
""",
args: [{:optional, :name, :totp}],
target: Totp,
identifier: :name,
schema: [
name: [
type: :atom,
doc: "Uniquely identifies the strategy.",
required: true
],
brute_force_strategy: [
type:
{:or,
[
{:literal, :rate_limit},
{:tuple, [{:literal, :audit_log}, :atom]},
{:tuple, [{:literal, :preparation}, {:behaviour, Ash.Resource.Preparation}]}
]},
doc: "How you are mitigating brute-force token checks.",
required: true
],
identity_field: [
type: :atom,
doc:
"The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`.",
default: :username,
required: false
],
issuer: [
type: :string,
doc: "The TOTP issuer to use. Defaults to the strategy name.",
required: false
],
secret_field: [
type: :atom,
doc: "The name of the attribute within which to store the TOTP secret.",
default: :totp_secret,
required: false
],
read_secret_from: [
type: :atom,
doc:
"The attribute or calculation to read the TOTP secret from. Defaults to `secret_field`. Useful with AshCloak where encrypted values are read via calculations.",
required: false
],
secret_length: [
type: :pos_integer,
doc:
"The number of bytes to use when generating secrets. Default is 20 as per the [HOTP RFC](https://tools.ietf.org/html/rfc4226#section-4).",
default: 20,
required: false
],
last_totp_at_field: [
type: :atom,
doc:
"The name of the attribute or calculation used to track the last successful TOTP time.",
default: :last_totp_at,
required: false
],
period: [
type: :pos_integer,
doc: "The period (in seconds) in which the code is valid.",
default: 30,
required: false
],
grace_period: [
type: {:or, [:non_neg_integer, {:literal, nil}]},
doc:
"The number of additional previous time periods to accept when validating TOTP codes. For example, `1` also accepts the previous period's code. See the [NimbleTOTP grace period docs](https://hexdocs.pm/nimble_totp/NimbleTOTP.html#valid?/3-grace-period). Defaults to `nil` (no grace period).",
default: nil,
required: false
],
setup_enabled?: [
type: :boolean,
doc:
"If you do not want the setup action to be generated/validated you disable it by setting this to false.",
required: false,
default: true
],
setup_action_name: [
type: :atom,
doc: "The name to use for the setup action. Defaults to `setup_with_<strategy_name>`.",
required: false
],
totp_url_field: [
type: :atom,
doc:
"The name to use for the TOTP URL calculation. Defaults to `totp_url_for_<strategy_name>`.",
required: false
],
sign_in_enabled?: [
type: :boolean,
doc:
"If you do not want users to be able to sign in using this strategy, set this to false.",
required: false,
default: false
],
sign_in_action_name: [
type: :atom,
doc:
"The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>`.",
required: false
],
verify_enabled?: [
type: :boolean,
doc:
"If you do not want users to be able to verify their TOTP codes outside of the sign-in action (or you want to handle it yourself), set this to false.",
required: false,
default: true
],
verify_action_name: [
type: :atom,
doc:
"The name to use for the verify action. Defaults to `verify_with_<strategy_name>`.",
required: false
],
confirm_setup_enabled?: [
type: :boolean,
doc:
"When enabled, setup generates a token that must be confirmed with a valid TOTP code before the secret is stored.",
required: false,
default: false
],
confirm_setup_action_name: [
type: :atom,
doc:
"The name to use for the confirm setup action. Defaults to `confirm_setup_with_<strategy_name>`.",
required: false
],
setup_token_lifetime: [
type:
{:or,
[
:pos_integer,
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
]},
doc:
"How long the setup token is valid. If no unit is provided, then `minutes` is assumed. Defaults to 10 minutes.",
required: false,
default: {10, :minutes}
],
audit_log_window: [
type:
{:or,
[
:pos_integer,
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
]},
doc:
"Time window for counting failed attempts when using the `{:audit_log, ...}` brute force strategy. If no unit is provided, then `minutes` is assumed. Defaults to 5 minutes.",
required: false,
default: {5, :minutes}
],
audit_log_max_failures: [
type: :pos_integer,
doc:
"Maximum allowed failures within the window before blocking when using the `{:audit_log, ...}` brute force strategy. Defaults to 5.",
required: false,
default: 5
]
]
}
end
end