@1auth/authn 0.0.0-alpha.3 → 0.0.0-alpha.30

package/index.js

@@ -4,12 +4,15 @@ import { randomId, makeSymetricKey } from '@1auth/crypto'
 export const options = {
   store: undefined,
   notify: undefined,
-  table: 'credentials',
+  table: 'authentications',
+  idGenerate: true,
+  idPrefix: 'authn',
+  randomId: undefined,
   authenticationDuration: 500, // min duration authentication should take (ms)
   usernameExists: [] // hooks to allow what to be used as a username
 }
 export default (params) => {
-  Object.assign(options, params)
+  Object.assign(options, { randomId }, params)
 }
 export const getOptions = () => options
 
@@ -19,7 +22,6 @@ export const create = async (
   parentOptions
 ) => {
   const now = nowInSeconds()
-  id ??= await randomId.create()
   const type = parentOptions.id + '-' + parentOptions[credentialType].type
   const otp = parentOptions[credentialType].otp
   const expire = parentOptions[credentialType].expire
@@ -32,10 +34,9 @@ export const create = async (
     encryptedKey,
     sub
   )
-  return parentOptions.store.insert(options.table, {
+  const params = {
     expire,
     ...rest,
-    id,
     sub,
     type,
     otp,
@@ -43,7 +44,13 @@ export const create = async (
     value: encryptedData,
     create: now,
     update: now
-  })
+  }
+  if (options.idGenerate) {
+    id ??= await options.randomId.create(options.idPrefix)
+    params.id = id
+  }
+  const { id: serialId } = await options.store.insert(options.table, params)
+  return serialId
 }
 
 export const update = async (
@@ -57,7 +64,7 @@ export const update = async (
     encryptionKey,
     sub
   )
-  return parentOptions.store.update(
+  return options.store.update(
     options.table,
     { id, sub },
     {
@@ -77,17 +84,19 @@ export const subject = async (username) => {
 }
 
 export const authenticate = async (username, secret, parentOptions) => {
-  const timeout = setTimeout(() => {}, options.authenticationDuration)
+  const timeout = setTimeout(options.authenticationDuration)
   const type = parentOptions.id + '-' + parentOptions.secret.type
 
   const sub = await subject(username)
 
-  const credentials = await parentOptions.store.selectList(options.table, {
+  const credentials = await options.store.selectList(options.table, {
     sub,
     type
-  }) // TODO and verify is not null
+  })
   let valid, id, encryptionKey
   for (const credential of credentials) {
+    // non-opt credentials must be verified before use
+    if (!credential.otp && !credential.verify) continue
     let { value, encryptionKey: encryptedKey, ...rest } = credential
     value = await parentOptions.secret.decode(value, encryptedKey, sub)
     valid = await parentOptions.secret.verify(secret, value, rest)
@@ -98,9 +107,19 @@ export const authenticate = async (username, secret, parentOptions) => {
     }
   }
 
-  if (valid && parentOptions.secret.otp) {
-    await parentOptions.store.remove(options.table, { id, sub })
+  if (parentOptions.secret.otp) {
+    // delete OTP to prevent re-use
+    await options.store.remove(options.table, { id, sub })
+  } else if (valid && parentOptions.id !== 'WebAuthn') {
+    // WebAuthn has to update, skip here
+    const now = nowInSeconds()
+    await options.store.update(
+      options.table,
+      { id, sub },
+      { update: now, lastused: now }
+    )
   }
+
   await timeout
   if (!valid) throw new Error('401 Unauthorized')
   return { sub, id, encryptionKey, ...valid }
@@ -108,18 +127,19 @@ export const authenticate = async (username, secret, parentOptions) => {
 
 export const verifySecret = async (sub, id, parentOptions) => {
   // const type = parentOptions.id + '-' + parentOptions.secret.type
-  await parentOptions.store.update(
+  const now = nowInSeconds()
+  await options.store.update(
     options.table,
     { id, sub },
-    { verify: nowInSeconds() }
+    { update: now, verify: now }
   )
 }
 
 export const verify = async (credentialType, sub, token, parentOptions) => {
-  const timeout = setTimeout(() => {}, options.authenticationDuration)
+  const timeout = setTimeout(options.authenticationDuration)
   const type = parentOptions.id + '-' + parentOptions[credentialType].type
   let id
-  const credentials = await parentOptions.store.selectList(options.table, {
+  const credentials = await options.store.selectList(options.table, {
     sub,
     type
   })
@@ -129,7 +149,7 @@ export const verify = async (credentialType, sub, token, parentOptions) => {
   //     return rows
   //   }
   //
-  //   return parentOptions.store.select(options.table, { id: sub, type })
+  //   return options.store.select(options.table, { id: sub, type })
   // })
 
   let valid
@@ -147,7 +167,7 @@ export const verify = async (credentialType, sub, token, parentOptions) => {
     }
   }
   if (valid && parentOptions[credentialType].otp) {
-    await parentOptions.store.remove(options.table, { id, sub })
+    await options.store.remove(options.table, { id, sub })
   }
   if (!valid) throw new Error('401 Unauthorized')
   await timeout
@@ -155,7 +175,7 @@ export const verify = async (credentialType, sub, token, parentOptions) => {
 }
 
 export const expire = async (sub, id, parentOptions = options) => {
-  await parentOptions.store.remove(options.table, { id, sub })
+  await options.store.remove(options.table, { id, sub })
 }
 
 // TODO manage onboard state

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@1auth/authn",
-  "version": "0.0.0-alpha.3",
+  "version": "0.0.0-alpha.30",
   "description": "",
   "type": "module",
   "engines": {
@@ -48,8 +48,8 @@
     "url": "https://github.com/willfarrell/1auth/issues"
   },
   "homepage": "https://github.com/willfarrell/1auth",
-  "gitHead": "a02b1e01f039718f213d79b91d04ed660a955c73",
+  "gitHead": "bba2971096bfd6bcc30e7613fae272896456ecfa",
   "dependencies": {
-    "@1auth/crypto": "0.0.0-alpha.3"
+    "@1auth/crypto": "0.0.0-alpha.30"
   }
 }