coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(auth): implement TOTP two-factor authentication with enrollment and verification

Browse Source 
Adds TOTP (Time-based One-Time Password) two-factor authentication support including:
- New TOTP service with secret generation, QR code provisioning, and code verification
- New auth endpoints for enrollment, verification, status, and backup code management
- New TOTP authentication method type and user methods for TOTP management
- Backup codes generation and verification for account recovery
- Updated OIDC endpoints with timezone-aware datetime handling and RFC-compliant responses
- Added "roles" scope support for OIDC userinfo and ID tokens
- New pyotp dependency for TOTP operations
- Comprehensive unit tests for TOTP service
This commit is contained in:
Cory Hawklvelt
2026-01-14 18:06:17 +10:30
parent 977abf66df
commit cfd79190ee
26 changed files with 2176 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/models/session.py
+6 -6
View File
@@ -1,5 +1,5 @@
"""Session model."""
from datetime import datetime, timedelta
from datetime import datetime, timedelta, timezone
from app.extensions import db
from app.models.base import BaseModel
from app.utils.constants import SessionStatus
@@ -34,7 +34,7 @@ class Session(BaseModel):
def is_active(self):
"""Check if session is currently active."""
now = datetime.utcnow()
now = datetime.now(timezone.utc)
return (
self.status == SessionStatus.ACTIVE
and self.expires_at > now
@@ -43,7 +43,7 @@ class Session(BaseModel):
def is_expired(self):
"""Check if session has expired."""
return datetime.utcnow() > self.expires_at
return datetime.now(timezone.utc) > self.expires_at
def refresh(self, duration_seconds=86400):
"""
@@ -52,8 +52,8 @@ class Session(BaseModel):
Args:
duration_seconds: New session duration in seconds
"""
self.expires_at = datetime.utcnow() + timedelta(seconds=duration_seconds)
self.last_activity_at = datetime.utcnow()
self.expires_at = datetime.now(timezone.utc) + timedelta(seconds=duration_seconds)
self.last_activity_at = datetime.now(timezone.utc)
db.session.commit()
def revoke(self, reason=None):
@@ -64,7 +64,7 @@ class Session(BaseModel):
reason: Optional reason for revocation
"""
self.status = SessionStatus.REVOKED
self.revoked_at = datetime.utcnow()
self.revoked_at = datetime.now(timezone.utc)
if reason:
self.revoked_reason = reason
db.session.commit()