AshAuthentication.Phoenix.TotpHelpers (ash_authentication_phoenix v3.0.0-rc.6)

View Source

Helper functions for working with TOTP two-factor authentication.

These helpers can be used in plugs, LiveView on_mount hooks, and templates to check if a user has TOTP configured and make decisions about requiring two-factor authentication.

Usage in Plugs

defmodule MyAppWeb.RequireTotpPlug do
  import Plug.Conn
  import AshAuthentication.Phoenix.TotpHelpers

  def init(opts), do: opts

  def call(conn, _opts) do
    user = conn.assigns[:current_user]

    if user && totp_configured?(user) do
      conn
    else
      conn
      |> put_flash(:error, "Please configure two-factor authentication")
      |> redirect(to: "/auth/totp/setup")
      |> halt()
    end
  end
end

Usage in LiveView

def mount(_params, session, socket) do
  socket = assign_new(socket, :current_user, fn -> get_user_from_session(session) end)
  user = socket.assigns.current_user

  if user && AshAuthentication.Phoenix.TotpHelpers.totp_configured?(user) do
    {:ok, socket}
  else
    {:ok, push_redirect(socket, to: "/auth/totp/setup")}
  end
end

Summary

Functions

get_totp_strategy(resource, opts \\ [])

Returns the TOTP strategy for a resource.

totp_available?(resource)

Returns true if TOTP is available for the given resource.

totp_configured?(user, opts \\ [])

Returns true if the user has TOTP configured.

totp_secret_field(resource, opts \\ [])

Returns the secret field name for the TOTP strategy.

Functions

get_totp_strategy(resource, opts \\ [])

@spec get_totp_strategy(
  module(),
  keyword()
) :: {:ok, AshAuthentication.Strategy.Totp.t()} | {:error, :no_totp_strategy}

Returns the TOTP strategy for a resource.

Options

  • :strategy - The specific strategy name to look for. If not provided, returns the first TOTP strategy found.

Examples

iex> get_totp_strategy(MyApp.User)
{:ok, %AshAuthentication.Strategy.Totp{...}}

iex> get_totp_strategy(MyApp.User, strategy: :totp)
{:ok, %AshAuthentication.Strategy.Totp{...}}

iex> get_totp_strategy(MyApp.Resource.WithoutTotp)
{:error, :no_totp_strategy}

totp_available?(resource)

@spec totp_available?(module()) :: boolean()

Returns true if TOTP is available for the given resource.

Examples

iex> totp_available?(MyApp.User)
true

iex> totp_available?(MyApp.Resource.WithoutTotp)
false

totp_configured?(user, opts \\ [])

@spec totp_configured?(
  Ash.Resource.record(),
  keyword()
) :: boolean()

Returns true if the user has TOTP configured.

This checks if the TOTP secret (via read_secret_from) on the user has a value. This supports both direct attribute access and calculations (e.g., for AshCloak).

Options

  • :strategy - The TOTP strategy to check against. If not provided, the first TOTP strategy for the resource will be used.

Examples

iex> totp_configured?(user)
true

iex> totp_configured?(user, strategy: :backup_totp)
false

totp_secret_field(resource, opts \\ [])

@spec totp_secret_field(
  module(),
  keyword()
) :: {:ok, atom()} | {:error, :no_totp_strategy}

Returns the secret field name for the TOTP strategy.

Options

  • :strategy - The specific strategy name. Defaults to the first TOTP strategy.

Examples

iex> totp_secret_field(MyApp.User)
{:ok, :totp_secret}