Library struct representing an MFA credential (e.g., TOTP enrollment).
Maps to and from the generated UserMfaCredential Ecto schema in the host app.
Contains all fields needed for TOTP verification, lockout tracking, and replay
prevention.
Fields
:id- Database primary key:user_id- The owning user's ID:type- MFA type as string (e.g., "totp"):encrypted_secret- Encrypted TOTP secret (via cloak_ecto):last_used_at- Last successful verification timestamp:last_verified_step- Last accepted TOTP time step (replay prevention, D-41):failed_attempts- Failed MFA attempt counter (D-31):locked_until- Lockout expiry timestamp (nil if not locked):enabled_at- When MFA was enabled:inserted_at- Record creation timestamp:updated_at- Record update timestamp
Summary
Functions
Creates a Credential struct from an Ecto schema struct or map.
Converts a Credential struct to a map suitable for Ecto changeset params.
Types
@type t() :: %Sigra.MFA.Credential{ enabled_at: DateTime.t() | nil, encrypted_secret: binary() | nil, failed_attempts: non_neg_integer(), id: term(), inserted_at: DateTime.t() | nil, last_used_at: DateTime.t() | nil, last_verified_step: integer() | nil, locked_until: DateTime.t() | nil, type: String.t() | nil, updated_at: DateTime.t() | nil, user_id: term() }
Functions
Creates a Credential struct from an Ecto schema struct or map.
Maps fields by name from the source to the Credential struct. Unknown fields in the source are ignored.
Examples
iex> Sigra.MFA.Credential.from_schema(%{type: "totp", user_id: 42})
%Sigra.MFA.Credential{type: "totp", user_id: 42, failed_attempts: 0}Converts a Credential struct to a map suitable for Ecto changeset params.
Drops :id, :inserted_at, and :updated_at (managed by Ecto) and
removes nil values.
Examples
iex> credential = %Sigra.MFA.Credential{user_id: 42, type: "totp"}
iex> params = Sigra.MFA.Credential.to_params(credential)
iex> params.user_id
42