pico-auth 0.0.12 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/pico-auth.esm.js
CHANGED
|
@@ -85,6 +85,7 @@ const mfaRegister = async (appName, login, userProvider) => {
|
|
|
85
85
|
return new Promise(async (resolve, _reject) => {
|
|
86
86
|
let user = await userProvider.getUser(login);
|
|
87
87
|
let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
|
|
88
|
+
console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
|
|
88
89
|
const secret = speakeasy.generateSecret({
|
|
89
90
|
name: `${appName} (${login})`,
|
|
90
91
|
});
|
|
@@ -96,10 +97,13 @@ const mfaRegister = async (appName, login, userProvider) => {
|
|
|
96
97
|
},
|
|
97
98
|
enabled: false
|
|
98
99
|
};
|
|
100
|
+
console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
|
|
99
101
|
userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa = mfaInfo;
|
|
102
|
+
console.log(`user = ${JSON.stringify(user)}`);
|
|
100
103
|
}
|
|
101
104
|
mfaInfo.secret.temp = secret.base32;
|
|
102
105
|
mfaInfo.secret.actual = undefined;
|
|
106
|
+
console.log(`user2 = ${JSON.stringify(user)}`);
|
|
103
107
|
await userProvider.putUser(user);
|
|
104
108
|
qrcode.toDataURL(secret.otpauth_url, (err, data) => {
|
|
105
109
|
if (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,
|
|
1
|
+
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,r,a,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,u=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",mfaToken:r,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(md5(t||"")==u){const e=a,t=c;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const a=await s.getUser(e);if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,r,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,r)=>new Promise((async(a,s)=>{let o=await r.getUser(t),i=r.userSecretPath?o[r.userSecretPath]:o.mfa;console.log(`mfaInfo = ${JSON.stringify(i)}`);const n=speakeasy.generateSecret({name:`${e} (${t})`});i||(i={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(i)}`),r.userSecretPath?o[r.userSecretPath]:o.mfa=i,console.log(`user = ${JSON.stringify(o)}`)),i.secret.temp=n.base32,i.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(o)}`),await r.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");a({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,r)=>{var a,s;const o=t;let i=await r.getUser(e);const n=r.userSecretPath?i[r.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(a=null==n?void 0:n.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await r.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
|
package/dist/pico-auth.umd.js
CHANGED
|
@@ -91,6 +91,7 @@
|
|
|
91
91
|
return new Promise(async (resolve, _reject) => {
|
|
92
92
|
let user = await userProvider.getUser(login);
|
|
93
93
|
let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
|
|
94
|
+
console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
|
|
94
95
|
const secret = speakeasy.generateSecret({
|
|
95
96
|
name: `${appName} (${login})`,
|
|
96
97
|
});
|
|
@@ -102,10 +103,13 @@
|
|
|
102
103
|
},
|
|
103
104
|
enabled: false
|
|
104
105
|
};
|
|
106
|
+
console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
|
|
105
107
|
userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa = mfaInfo;
|
|
108
|
+
console.log(`user = ${JSON.stringify(user)}`);
|
|
106
109
|
}
|
|
107
110
|
mfaInfo.secret.temp = secret.base32;
|
|
108
111
|
mfaInfo.secret.actual = undefined;
|
|
112
|
+
console.log(`user2 = ${JSON.stringify(user)}`);
|
|
109
113
|
await userProvider.putUser(user);
|
|
110
114
|
qrcode.toDataURL(secret.otpauth_url, (err, data) => {
|
|
111
115
|
if (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),o=require("md5"),a=require("jsonwebtoken");e.authenticate=async(e,r,s,n,i,c,l)=>{var u;let d=await i.getUser(e);const f=i.userSecretPath?d[i.userSecretPath]:d.mfa,m=i.userPasswordPath?d[i.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",mfaToken:s,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(o(r||"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const o=await i.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=o}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,o={time:Date.now(),user:d};const s=a.sign(o,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),s}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const o=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==o?void 0:o.enabled},e.mfaRegister=async(e,o,a)=>new Promise((async(s,n)=>{let i=await a.getUser(o),c=a.userSecretPath?i[a.userSecretPath]:i.mfa;console.log(`mfaInfo = ${JSON.stringify(c)}`);const l=t.generateSecret({name:`${e} (${o})`});c||(c={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(c)}`),a.userSecretPath?i[a.userSecretPath]:i.mfa=c,console.log(`user = ${JSON.stringify(i)}`)),c.secret.temp=l.base32,c.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(i)}`),await a.putUser(i),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");s({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,o)=>{var a,s;const n=r;let i=await o.getUser(e);const c=o.userSecretPath?i[o.userSecretPath]:i.mfa;return t.totp.verify({secret:null===(a=null==c?void 0:c.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:n})?(c.secret.actual=null===(s=null==c?void 0:c.secret)||void 0===s?void 0:s.temp,c.enabled=!0,await o.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
|