long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d7abb8a4649f1060cdc53a466ca9c86c7bd4e3b
user-system/internal/service
History
long-agent 4acd19f420 fix: P0-07 prevent login bypassing TOTP verification 
- Add RequiresTOTP, TempToken, UserID fields to LoginResponse
- Add isTOTPRequiredForLogin() to check if TOTP is needed after password
- Add VerifyTOTPAfterPasswordLogin() for completing login with TOTP
- Login() now checks if TOTP is required after password verification

When user has TOTP enabled and device is not trusted:
- Login returns {requires_totp: true, user_id: <id>} instead of token
- Frontend should prompt for TOTP code
- Frontend calls VerifyTOTPAfterPasswordLogin to complete login

Note: Frontend changes are required to handle the new login flow.
The TempToken field is reserved for future use.
2026-04-18 14:19:15 +08:00
..
prompts
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
auth_admin_bootstrap_internal_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_admin_bootstrap.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
auth_bootstrap_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_capabilities_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_capabilities.go
feat: complete production readiness improvements
2026-04-12 16:15:32 +08:00
auth_contact_binding_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_contact_binding.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
auth_core_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_email_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_email.go
fix: suppress gosec G115/G118 false positive warnings
2026-04-08 22:50:42 +08:00
auth_login_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_oauth_internal_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_password_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_runtime_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_runtime.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
auth_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_setters_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth_social_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
auth.go
fix: P0-07 prevent login bypassing TOTP verification
2026-04-18 14:19:15 +08:00
boundary_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
business_logic_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
captcha.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
classified_error_test.go
test: add service layer unit tests for webhook/metadata/error/config
2026-04-09 15:30:26 +08:00
classified_error.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
config_defaults_test.go
test: add service layer unit tests for webhook/metadata/error/config
2026-04-09 15:30:26 +08:00
custom_field_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
custom_field.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
device_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
device.go
feat: complete production readiness improvements
2026-04-12 16:15:32 +08:00
email_config_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
email_provider_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
email.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
export_helper_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
export_internal_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
export_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
export.go
feat: complete production readiness improvements
2026-04-12 16:15:32 +08:00
header_util_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
header_util.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
login_log_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
login_log_util_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
login_log.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
operation_log.go
feat: 系统全面优化 - 设备管理/登录日志导出/性能监控/设置页面
2026-04-07 12:08:16 +08:00
password_reset_internal_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
password_reset_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
password_reset.go
fix: P0-04 prevent password reset code replay attack
2026-04-18 10:26:36 +08:00
permission_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
permission.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
request_metadata_test.go
test: add service layer unit tests for webhook/metadata/error/config
2026-04-09 15:30:26 +08:00
request_metadata.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
role_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
role.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
scale_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
service_simple_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
settings_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
settings.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
sms_provider_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
sms_util_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
sms.go
feat: 系统全面优化 - 设备管理/登录日志导出/性能监控/设置页面
2026-04-07 12:08:16 +08:00
stats_internal_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
stats_operation_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
stats_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
stats.go
feat: complete production readiness improvements
2026-04-12 16:15:32 +08:00
theme_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
theme.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
totp_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
totp.go
feat: backend core - auth, user, role, permission, device, webhook, monitoring, cache, repository, service, middleware, API handlers
2026-04-02 11:19:50 +08:00
user_roles_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
user_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
user_service.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
warmup_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
webhook_service_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
webhook_util_test.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00
webhook.go
test: add comprehensive test coverage and improve code quality
2026-04-17 20:43:50 +08:00