Package com.axelor.auth

Class MFAService

java.lang.Object
com.axelor.auth.MFAService
public class MFAService extends Object
Service responsible for managing Multi-Factor Authentication (MFA) for users.

This service handles the configuration, verification, and lifecycle of MFA methods, including TOTP-based apps and email-based verification codes as well as providing recovery methods.

Core functionalities include:

  • Generating TOTP secrets and QR codes
  • Verifying TOTP tokens and email codes
  • Sending email codes via the configured mail service
  • Generating and managing sets of recovery codes
  • Managing default and valid MFA configurations per user
  • Testing MFA setups before activation

  • Field Details

    • TOTP_ALGORITHM

      public static final dev.samstevens.totp.code.HashingAlgorithm TOTP_ALGORITHM

    • TOTP_DIGITS

      public static final int TOTP_DIGITS
      See Also:

    • TOTP_PERIOD

      public static final int TOTP_PERIOD
      See Also:

    • EMAIL_CODE_VALIDITY

      public static final int EMAIL_CODE_VALIDITY
      See Also:

    • EMAIL_SEND_COOL_DOWN

      public static final Duration EMAIL_SEND_COOL_DOWN

    • CHARACTERS

      public static final String CHARACTERS
      See Also:

    • RECOVERY_CODE_PART_LENGTH

      public static final int RECOVERY_CODE_PART_LENGTH
      See Also:

  • Constructor Details

  • Method Details

    • enableMFA

      public void enableMFA(MFA mfa)

    • disableMFA

      public void disableMFA(MFA mfa)

    • getMethods

      public List<MFAMethod> getMethods(User user)

    • getMethods

      public List<MFAMethod> getMethods(MFA mfa)

    • configureTOTP

      public byte[] configureTOTP(MFA mfa)

    • removeTOTP

      public void removeTOTP(MFA mfa)

    • removeTOTP

      protected void removeTOTP(MFA mfa, boolean updateDefault)

    • removeEmail

      public void removeEmail(MFA mfa)

    • removeEmail

      protected void removeEmail(MFA mfa, boolean updateDefault)

    • generateQRCode

      protected byte[] generateQRCode(String secret, String username)

    • verifyCode

      public boolean verifyCode(User user, String mfaCode, String mfaMethod)

    • getEmailRetryAfter

      @Nullable public LocalDateTime getEmailRetryAfter(User user)

    • verifyEmailCode

      protected boolean verifyEmailCode(MFA mfa, String code)

    • sendEmailCode

      public LocalDateTime sendEmailCode(User user)

    • sendEmailConfirmation

      public LocalDateTime sendEmailConfirmation(MFA mfa)

    • getMFAEmailSubject

      protected String getMFAEmailSubject(User user, boolean isConfirmation, String code)

    • getMFAEmailBody

      protected String getMFAEmailBody(User user, boolean isConfirmation, String code)

    • getAppName

      protected String getAppName()

    • getMessage

      protected String getMessage(String key, Object... arguments)

    • validateMethod

      public void validateMethod(MFA mfa, String code, MFAMethod method)

    • setDefaultMethod

      public void setDefaultMethod(MFA mfa, MFAMethod method)

    • generateRecoveryCodes

      public List<String> generateRecoveryCodes(MFA mfa)

    • removeRecoveryCodes

      protected void removeRecoveryCodes(MFA mfa)

    • verifyRecoveryCode

      protected boolean verifyRecoveryCode(String code, User user)

    • getRelatedMfa

      @Nullable public MFA getRelatedMfa(User user, boolean create)

    • getRelatedMfa

      @Nullable public MFA getRelatedMfa(User user)

    • stringToList

      protected List<String> stringToList(String codes)

    • listToString

      protected String listToString(List<String> codes)