feat: add Phoenix integration for recovery code strategy#724
Merged
Conversation
Add LiveViews, components, router macros, and overrides for recovery code authentication: - `RecoveryCodeVerifyLive` + `VerifyForm` — verification page with token-based and step-up modes (mirrors TOTP verify flow) - `RecoveryCodeDisplayLive` + `DisplayCodes` — code generation and display page for authenticated users - `RecoveryCode.Input` — function components for recovery code forms - `recovery_code_verify_route/3` and `recovery_code_display_route/3` router macros - Cross-link from TOTP verify page to recovery code verify page via overridable `recovery_code_link_path` on `Verify2faForm` - Default and override registrations for all new components
- `RecoveryCodeHelpers` — helper functions for checking if a user has recovery codes configured - `Plug.RequireRecoveryCodes` — plug to enforce recovery code setup, with halt/redirect options (mirrors `Plug.RequireTotp` pattern) - `LiveSession.RequireRecoveryCodes` — LiveView on_mount hook for the same purpose
Add recovery code overrides to both default (Tailwind) and DaisyUI override modules. Also adds the recovery code cross-link overrides to the TOTP Verify2faForm in DaisyUI.
Adds `mix ash_authentication_phoenix.add_strategy.recovery_code` task that adds `recovery_code_verify_route` and `recovery_code_display_route` to the router. Registered in the main `add_strategy` dispatcher so `mix ash_authentication_phoenix.add_strategy recovery_code` works.
Modify the auth controller's success/4 to match on the :confirm_setup phase and redirect to /recovery-codes, so users are prompted to generate recovery codes immediately after setting up TOTP.
The recovery code igniter now: - Sets recovery_code_link_path on the TOTP Verify2faForm override so the "Use a recovery code instead" link appears on the TOTP verify page - Sets totp_link_path on the RecoveryCode VerifyForm override so the "Use authenticator app instead" link appears on the recovery code page - Adds a success/4 clause for :confirm_setup redirecting to /recovery-codes - Registers in the install task's @phoenix_strategy_tasks map
- Tutorial: covers routes, cross-linking with TOTP, auth controller integration, metadata, enforcement plugs, and helper functions - Update TOTP 2FA guide to reference recovery codes instead of generic "backup codes" section
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
RequireRecoveryCodes) and LiveSession hooksCompanion PR
Depends on team-alembic/ash_authentication#1135 which adds the core recovery code strategy.
Test plan
mix checkpasses