Closed urizennnn closed 1 month ago
This PR introduces two new endpoints for enabling and verifying two-factor authentication (2FA) using TOTP:
Fixes https://github.com/hngprojects/hng_boilerplate_golang_web/issues/296
Enable 2FA:
Request:
POST: /auth/2fa/enable
Success Response:
{ "status": "success", "status_code": 201, "message": "Key created successfully", "data": { "qr_code": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEAAQMAAABmvDolAAAABlBMVEX///8AAABVwtN+AAADXElEQVR42uyYMY7rOBBEi1DAkDcwL2JI13JgQAIc+Fo0dBHqBgwZCKpFtezxzEYbrDUMhsGHvucJoNjd1cXG3/pb//caSM4sXB15n7dQr45At5DcmgF6wCdXAJeLX2OpIxnuXIr96SAg8p4cOQEYE1DhMqdhKVzbAuYcyAfLBQhcB4Z6docDGzA+MkkWT2YAjQGAn5eCkTnweaQ62x/58GHA0n4p9drHcP/28LMufhnQ6jJq98hWILwxk+mniHwY6KFKZB0fKkmyokcZ10hOfTPAkAvOrugrKN3QVxQ/Z9SX0n4ecDlwdUV7C0ynwAnRXvG3rSGgYMjwKyLGeaGKtHiF+4qjgB7WcTxT1APRpcg6qFq3ZoCBBcPC2m0RlzNChaN6E037jwFcNv2qXYphEnB1DPc1Fr+iGWAgp25TuMGKSGtJU5fxUvsDAMs0nZ3+e4706yARi/S31AzQx1BxCnooF23+RvVuBD5r8wBAHm+NJqSscJb/YTrHr47TAtAryrbnWC7nk7kt1m5hfQvIpwElOTP8LUVpl+V/GWelXDtAHwsQZd3ViXa3A59O+OqbBwCg2bvrIFvK4idH+Jn8yskGAJclF0FysbtB4RezPekowKydfk5qPcq0HsXTXF9DgCktOqoJyQ2qSIe3yTkCwDOIUlQ93B4sezRTO4B1Q1ViVAMP9Sq1Zw6v3n0IYE1Y8ZTs76+Yde/aARxDHTbUq74Cp52U/r/uFwcAlva6kG4wEfOTPGq3fcvJ3wcQcZEjtPHLGfo9clJ/fJuczwO8ryfYhd0zY9cHxbchQJvXP9fBDjDoaibJtdM8CDBrJ8pJxJ6OtMqjsh1AbrDLdu0qI7ewU1L78TgAlvbSLvgUC7oH7UjrmJoBBkIm0N+2GLieAvlQ7n0f1Hwc0D1rztpSNNdXr320I20KoNwgq03VZou7HCn5NV74PDDwFcRcPEkBQVf4OrYD2FRtKbCBnkwOHzQ3+LLuBwA2XbQ7sva2T8+KXvkxfvxlwCb/p+Apf6WvmEQq97rjgEi5YuuGWgri/tAYkFQXKeLSbUE3sjB9n2gdBKjbMIeq0CqIl/N7YNUEsIdbX8E7SU8V6erec5jPA8+099NAoMvBjMSYEP5VF78K/K2/9d/XPwEAAP//t6O0tRaI1+kAAAAASUVORK5CYII=", "secret": "CLRFZILMEJ7UC74ELOEG4R6W5AMLTHXM" } }
Unsuccessful Response:
{ "status": "error", "status_code": 400, "message": "User not found", "error": {} }
Verify 2FA:
POST: /auth/2fa/verify
{ "user_id": "01910de5-3f5a-7e8e-a82b-d671ccc89df6", "key": "583104" }
{ "status": "success", "status_code": 200, "message": "Key verified successfully", "data": { "message": "Key verified successfully" } }
{ "status": "error", "status_code": 400, "message": "Invalid key", "error": {} }
Frontend engineers can use the following HTML to render the QR code for enabling 2FA:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>QR Code Viewer</title> </head> <body> <h1>QR Code</h1> <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEAAQMAAABmvDolAAAABlBMVEX///8AAABVwtN+AAADXElEQVR42uyYMY7rOBBEi1DAkDcwL2JI13JgQAIc+Fo0dBHqBgwZCKpFtezxzEYbrDUMhsGHvucJoNjd1cXG3/pb//caSM4sXB15n7dQr45At5DcmgF6wCdXAJeLX2OpIxnuXIr96SAg8p4cOQEYE1DhMqdhKVzbAuYcyAfLBQhcB4Z6docDGzA+MkkWT2YAjQGAn5eCkTnweaQ62x/58GHA0n4p9drHcP/28LMufhnQ6jJq98hWILwxk+mniHwY6KFKZB0fKkmyokcZ10hOfTPAkAvOrugrKN3QVxQ/Z9SX0n4ecDlwdUV7C0ynwAnRXvG3rSGgYMjwKyLGeaGKtHiF+4qjgB7WcTxT1APRpcg6qFq3ZoCBBcPC2m0RlzNChaN6E037jwFcNv2qXYphEnB1DPc1Fr+iGWAgp25TuMGKSGtJU5fxUvsDAMs0nZ3+e4706yARi/S31AzQx1BxCnooF23+RvVuBD5r8wBAHm+NJqSscJb/YTrHr47TAtAryrbnWC7nk7kt1m5hfQvIpwElOTP8LUVpl+V/GWelXDtAHwsQZd3ViXa3A59O+OqbBwCg2bvrIFvK4idH+Jn8yskGAJclF0FysbtB4RezPekowKydfk5qPcq0HsXTXF9DgCktOqoJyQ2qSIe3yTkCwDOIUlQ93B4sezRTO4B1Q1ViVAMP9Sq1Zw6v3n0IYE1Y8ZTs76+Yde/aARxDHTbUq74Cp52U/r/uFwcAlva6kG4wEfOTPGq3fcvJ3wcQcZEjtPHLGfo9clJ/fJuczwO8ryfYhd0zY9cHxbchQJvXP9fBDjDoaibJtdM8CDBrJ8pJxJ6OtMqjsh1AbrDLdu0qI7ewU1L78TgAlvbSLvgUC7oH7UjrmJoBBkIm0N+2GLieAvlQ7n0f1Hwc0D1rztpSNNdXr320I20KoNwgq03VZou7HCn5NV74PDDwFcRcPEkBQVf4OrYD2FRtKbCBnkwOHzQ3+LLuBwA2XbQ7sva2T8+KXvkxfvxlwCb/p+Apf6WvmEQq97rjgEi5YuuGWgri/tAYkFQXKeLSbUE3sjB9n2gdBKjbMIeq0CqIl/N7YNUEsIdbX8E7SU8V6erec5jPA8+099NAoMvBjMSYEP5VF78K/K2/9d/XPwEAAP//t6O0tRaI1+kAAAAASUVORK5CYII=" alt="QR Code"> </body> </html>
Description
This PR introduces two new endpoints for enabling and verifying two-factor authentication (2FA) using TOTP:
Related Issue (Link to Github issue)
Fixes https://github.com/hngprojects/hng_boilerplate_golang_web/issues/296
How Has This Been Tested?
Testing Scenarios:
Enable 2FA:
Request:
Success Response:
Unsuccessful Response:
Verify 2FA:
Screenshots (if appropriate - Postman, etc):
Types of changes
Checklist:
Frontend Integration:
Frontend engineers can use the following HTML to render the QR code for enabling 2FA: