feat: 2FA totp integration (#729) (#734)

(cherry picked from commit f2858e4)

Co-authored-by: Tanmoy Sarkar <[email protected]>

Author: mergify[bot]

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/testcontainers/testcontainers-go v0.31.0
 	github.com/vektah/gqlparser/v2 v2.5.12
+	github.com/xlzd/gotp v0.1.0
 	golang.org/x/term v0.21.0
 	gopkg.in/yaml.v3 v3.0.1
 	gorm.io/driver/postgres v1.5.7

go.sum

@@ -325,6 +325,8 @@ github.com/vektah/gqlparser/v2 v2.5.12 h1:COMhVVnql6RoaF7+aTBWiTADdpLGyZWU3K/NwW
 github.com/vektah/gqlparser/v2 v2.5.12/go.mod h1:WQQjFc+I1YIzoPvZBhUQX7waZgg3pMLi0r8KymvAE2w=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/xlzd/gotp v0.1.0 h1:37blvlKCh38s+fkem+fFh7sMnceltoIEBYTVXyoa5Po=
+github.com/xlzd/gotp v0.1.0/go.mod h1:ndLJ3JKzi3xLmUProq4LLxCuECL93dG9WASNLpHz8qg=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

swiftwave_service/cmd/user.go

@@ -14,9 +14,11 @@ import (
 func init() {
 	userManagementCmd.AddCommand(createUserCmd)
 	userManagementCmd.AddCommand(deleteUserCmd)
+	userManagementCmd.AddCommand(disableTotpCmd)
 	createUserCmd.Flags().StringP("username", "u", "", "Username")
 	createUserCmd.Flags().StringP("password", "p", "", "Password [Optional]")
 	deleteUserCmd.Flags().StringP("username", "u", "", "Username")
+	disableTotpCmd.Flags().StringP("username", "u", "", "Username")
 }
 
 var userManagementCmd = &cobra.Command{
@@ -136,3 +138,34 @@ var deleteUserCmd = &cobra.Command{
 		printSuccess("Deleted user > " + username)
 	},
 }
+
+var disableTotpCmd = &cobra.Command{
+	Use:   "disable-totp",
+	Short: "Disable Totp for a user",
+	Long:  "Disable Totp for a user",
+	Run: func(cmd *cobra.Command, args []string) {
+		username := cmd.Flag("username").Value.String()
+		if username == "" {
+			printError("Username is required")
+			err := cmd.Help()
+			if err != nil {
+				return
+			}
+			return
+		}
+		// Initiating database client
+		dbClient, err := db.GetClient(config.LocalConfig, 10)
+		if err != nil {
+			printError("Failed to connect to database")
+			return
+		}
+		// Disable Totp
+		err = core.DisableTotp(context.Background(), *dbClient, username)
+		if err != nil {
+			printError("Failed to disable Totp")
+			printError("Reason: " + err.Error())
+			return
+		}
+		printSuccess("Disabled Totp for user > " + username)
+	},
+}

swiftwave_service/core/models.go

@@ -41,6 +41,8 @@ type User struct {
 	Username     string   `json:"username" gorm:"unique"`
 	Role         UserRole `json:"role" gorm:"default:'user'"`
 	PasswordHash string   `json:"password_hash"`
+	TotpEnabled  bool     `json:"totp_enabled" gorm:"default:false"`
+	TotpSecret   string   `json:"totp_secret"`
 }
 
 // ************************************************************************************* //

swiftwave_service/core/user.operations.go

@@ -76,3 +76,15 @@ func ChangePassword(ctx context.Context, db gorm.DB, username string, oldPasswor
 	err = db.Save(&user).Error
 	return err
 }
+
+// DisableTotp : disable Totp for user
+func DisableTotp(ctx context.Context, db gorm.DB, username string) error {
+	user, err := FindUserByUsername(ctx, db, username)
+	if err != nil {
+		return errors.New("user not found")
+	}
+	// disable TOTP
+	user.TotpEnabled = false
+	err = db.Save(&user).Error
+	return err
+}

swiftwave_service/db/migrations/20240606063101_add_totp_support.down.sql

@@ -0,0 +1,2 @@
+-- reverse: modify "users" table
+ALTER TABLE "public"."users" DROP COLUMN "totp_secret", DROP COLUMN "totp_enabled";

swiftwave_service/db/migrations/20240606063101_add_totp_support.up.sql

@@ -0,0 +1,2 @@
+-- modify "users" table
+ALTER TABLE "public"."users" ADD COLUMN "totp_enabled" boolean NULL DEFAULT false, ADD COLUMN "totp_secret" text NULL;

swiftwave_service/db/migrations/atlas.sum

@@ -1,4 +1,4 @@
-h1:ats7Dhdc37WkTpGvkMFA0GlEzBlFmXB3EBwYk6vd+c8=
+h1:MRdojbnoeAO6RPVZNvsQv+HbTbJc1JqIOUkC+XRGPDo=
 20240413191732_init.down.sql h1:HoitObGwuKF/akF4qg3dol2FfNTLCEuf6wHYDuCez8I=
 20240413191732_init.up.sql h1:USKdQx/yTz1KJ0+mDwYGhKm3WzX7k+I9+6B6SxImwaE=
 20240414051823_server_custom_ssh_port_added.down.sql h1:IC1DFQBQceTPTRdZOo5/WqytH+ZbgcKrQuMCkhArF/0=
@@ -23,3 +23,5 @@ h1:ats7Dhdc37WkTpGvkMFA0GlEzBlFmXB3EBwYk6vd+c8=
 20240602144400_add_application_resource_limit_and_reserve.up.sql h1:Qs5+63C2xrVKbRjDAQ+/Aw0x9JVj7c0Msli1Fv5c48Q=
 20240603064438_add_uid_gid_in_cifs_pv.down.sql h1:EVlD++5wMSaSGQA4gPMyZiBaOjVvm/QURa1t4RwdIwQ=
 20240603064438_add_uid_gid_in_cifs_pv.up.sql h1:eJqHJ0QQxzz21//f3iU9hvVavHxbPoUrKPGt914/0Ik=
+20240606063101_add_totp_support.down.sql h1:PaklVxao4OkfGMxp0x2AOeUBtZcVuY3aDl9BmQWOJE0=
+20240606063101_add_totp_support.up.sql h1:Ty6yz+Qd1xOMXMtYMDQAu8bJtBiqoG3B54djDinX4hE=