[feature] add TOTP two-factor authentication (2FA) (#3960)

* [feature] add TOTP two-factor authentication (2FA) * use byteutil.S2B to avoid allocations when comparing + generating password hashes * don't bother with string conversion for consts * use io.ReadFull * use MustGenerateSecret for backup codes * rename util functions
2025-06-05 21:59:39 +02:00 · 2025-04-07 16:14:41 +02:00
parent 6f24205a26
commit 365b575341
78 changed files with 5593 additions and 825 deletions
--- a/internal/api/model/user.go
+++ b/internal/api/model/user.go
@ -60,6 +60,9 @@ type User struct {
 	// Time when the last "please reset your password" email was sent, if at all. (ISO 8601 Datetime)
 	// example: 2021-07-30T09:20:25+00:00
 	ResetPasswordSentAt string `json:"reset_password_sent_at,omitempty"`
+	// Time at which 2fa was enabled for this user. (ISO 8601 Datetime)
+	// example: 2021-07-30T09:20:25+00:00
+	TwoFactorEnabledAt string `json:"two_factor_enabled_at,omitempty"`
 }

 // PasswordChangeRequest models user password change parameters.