1 unstable release
0.1.0 | Mar 10, 2022 |
---|
#1095 in Authentication
12KB
123 lines
This crate provides a ready-to-use TOTP solution.
It supports some features not directly related to Totp:
- Scratch code: extra codes that can be used in emergency, which can improve UX.
- Forbid code reusing: permits only one successful attempt in single time frame for safety.
These features require you to save the struct after every successful attempt. To make it easier, serde::Serialize and serde::Deserialize are derived on it.
Disable code reusing in real life
Don't forget to use exclusive lock in your DB (or whatever you persist the struct) to ensure the load-verify-save process is atomic, or attacker may reuse the code even if you disable code reusing.
License
eztotp
is free software: you can redistribute it and/or modify it under
one of following licenses:
- Mozilla Public License, v. 2.0.
- GNU Lesser General Public License, either version 3 of the License, or (at your option) any later version.
eztotp
is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
You should have received a copy of the GNU Lesser General Public License and
Mozilla Public License along with eztotp
. If not, see
Dependencies
~1.5–2.3MB
~42K SLoC