1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
//! SPI trait for out-of-band identity verification during account recovery.
/// Defines how your application sends and verifies recovery challenges.
///
/// Implement this trait to integrate your preferred out-of-band identity
/// verification mechanism (email codes, SMS OTP, TOTP, admin approval, etc.).
///
/// # Security
///
/// - [`send_challenge`](RecoveryChallenger::send_challenge) **must not** reveal
/// whether the credential exists. If the credential is unknown, either silently
/// succeed (recommended) or send a generic "if this account exists..." message.
/// - [`verify_response`](RecoveryChallenger::verify_response) should use
/// constant-time comparison to prevent timing attacks on challenge codes.
///
/// # Example
///
/// ```rust,ignore
/// struct EmailChallenger { /* ... */ }
///
/// impl RecoveryChallenger for EmailChallenger {
/// fn send_challenge(&self, credential_identifier: &[u8]) -> Result<(), String> {
/// let email = std::str::from_utf8(credential_identifier)
/// .map_err(|e| e.to_string())?;
/// let code = generate_secure_code();
/// self.store_code(email, code.clone());
/// self.email_service.send(email, &format!("Code: {}", code));
/// Ok(())
/// }
///
/// fn verify_response(
/// &self,
/// credential_identifier: &[u8],
/// challenge_response: &str,
/// ) -> bool {
/// let email = std::str::from_utf8(credential_identifier).ok();
/// email.and_then(|e| self.remove_code(e))
/// .map(|stored| subtle::ConstantTimeEq::ct_eq(
/// stored.as_bytes(), challenge_response.as_bytes()
/// ).into())
/// .unwrap_or(false)
/// }
/// }
/// ```