Sigra.Plug.RequireMFA (Sigra v1.20.0)

Copy Markdown View Source

MFA session gate plug.

Checks the session type from conn.private[:sigra_session]. If the session type is :mfa_pending, redirects to the MFA challenge page and halts. Standard and remember_me sessions pass through.

This plug must come AFTER Sigra.Plug.RequireAuthenticated in the pipeline. The ordering is: FetchSession -> RequireAuthenticated -> RequireMFA.

Options

  • :mfa_path - Path to the MFA challenge page. Default: "/users/mfa".
  • :logout_path - Path to the logout endpoint. Default: "/users/log_out".

Example

plug Sigra.Plug.RequireMFA, mfa_path: "/users/mfa"

Summary

Functions

call(conn, opts)

Check session type and redirect if MFA verification is pending.

init(opts)

Initialize the plug with the given options.

Functions

call(conn, opts)

(since 0.6.0)

Check session type and redirect if MFA verification is pending.

If the session type is :mfa_pending, only the MFA challenge path and logout path are allowed. All other paths redirect to :mfa_path. If no session exists, the request passes through (unauthenticated requests are handled by RequireAuthenticated).

init(opts)

(since 0.6.0)

Initialize the plug with the given options.

Sets default :mfa_path to "/users/mfa" and :logout_path to "/users/log_out" if not provided.