pico-auth 0.0.14 → 0.0.19

package/dist/pico-auth.esm.js

@@ -19,7 +19,7 @@ const authenticate = async (login, password, mfaToken, impersonateEntity, userPr
             window: 1, // Adjust window size if tokens have a margin of error
         });
         if (!validated)
-            throw new Error(`Failed authentication attempt ${login}`);
+            throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
     }
     if (md5(password || '') == userPassword) {
         // check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
@@ -85,9 +85,9 @@ const mfaRegister = async (appName, login, userProvider) => {
     return new Promise(async (resolve, _reject) => {
         let user = await userProvider.getUser(login);
         let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
-        console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
+        // console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
         const secret = speakeasy.generateSecret({
-            name: `${appName} (${login})`,
+            name: `${appName}: ${login}`,
         });
         if (!mfaInfo) {
             mfaInfo = {
@@ -97,13 +97,14 @@ const mfaRegister = async (appName, login, userProvider) => {
                 },
                 enabled: false
             };
-            console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
-            userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa = mfaInfo;
-            console.log(`user = ${JSON.stringify(user)}`);
+            // console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
+            const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
+            user[propName] = mfaInfo;
+            // console.log(`user = ${JSON.stringify(user)}`)
         }
         mfaInfo.secret.temp = secret.base32;
         mfaInfo.secret.actual = undefined;
-        console.log(`user2 = ${JSON.stringify(user)}`);
+        // console.log(`user2 = ${JSON.stringify(user)}`)
         await userProvider.putUser(user);
         qrcode.toDataURL(secret.otpauth_url, (err, data) => {
             if (err) {

package/dist/pico-auth.esm.min.js

@@ -1 +1 @@
-const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,r,a,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,u=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",mfaToken:r,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(md5(t||"")==u){const e=a,t=c;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const a=await s.getUser(e);if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,r,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,r)=>new Promise((async(a,s)=>{let o=await r.getUser(t),i=r.userSecretPath?o[r.userSecretPath]:o.mfa;console.log(`mfaInfo = ${JSON.stringify(i)}`);const n=speakeasy.generateSecret({name:`${e} (${t})`});i||(i={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(i)}`),r.userSecretPath?o[r.userSecretPath]:o.mfa=i,console.log(`user = ${JSON.stringify(o)}`)),i.secret.temp=n.base32,i.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(o)}`),await r.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");a({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,r)=>{var a,s;const o=t;let i=await r.getUser(e);const n=r.userSecretPath?i[r.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(a=null==n?void 0:n.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await r.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
+const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,d=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",mfaToken:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(md5(t||"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await s.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,a,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,a)=>new Promise((async(r,s)=>{let o=await a.getUser(t),i=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!i){i={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=i}i.secret.temp=n.base32,i.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,a)=>{var r,s;const o=t;let i=await a.getUser(e);const n=a.userSecretPath?i[a.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await a.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return null==r?void 0:r.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};

package/dist/pico-auth.umd.js

@@ -25,7 +25,7 @@
                 window: 1, // Adjust window size if tokens have a margin of error
             });
             if (!validated)
-                throw new Error(`Failed authentication attempt ${login}`);
+                throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
         }
         if (md5(password || '') == userPassword) {
             // check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
@@ -91,9 +91,9 @@
         return new Promise(async (resolve, _reject) => {
             let user = await userProvider.getUser(login);
             let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
-            console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
+            // console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
             const secret = speakeasy.generateSecret({
-                name: `${appName} (${login})`,
+                name: `${appName}: ${login}`,
             });
             if (!mfaInfo) {
                 mfaInfo = {
@@ -103,13 +103,14 @@
                     },
                     enabled: false
                 };
-                console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
-                userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa = mfaInfo;
-                console.log(`user = ${JSON.stringify(user)}`);
+                // console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
+                const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
+                user[propName] = mfaInfo;
+                // console.log(`user = ${JSON.stringify(user)}`)
             }
             mfaInfo.secret.temp = secret.base32;
             mfaInfo.secret.actual = undefined;
-            console.log(`user2 = ${JSON.stringify(user)}`);
+            // console.log(`user2 = ${JSON.stringify(user)}`)
             await userProvider.putUser(user);
             qrcode.toDataURL(secret.otpauth_url, (err, data) => {
                 if (err) {

package/dist/pico-auth.umd.min.js

@@ -1 +1 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),o=require("md5"),a=require("jsonwebtoken");e.authenticate=async(e,r,s,n,i,c,l)=>{var u;let d=await i.getUser(e);const f=i.userSecretPath?d[i.userSecretPath]:d.mfa,m=i.userPasswordPath?d[i.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",mfaToken:s,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(o(r||"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const o=await i.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=o}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,o={time:Date.now(),user:d};const s=a.sign(o,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),s}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const o=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==o?void 0:o.enabled},e.mfaRegister=async(e,o,a)=>new Promise((async(s,n)=>{let i=await a.getUser(o),c=a.userSecretPath?i[a.userSecretPath]:i.mfa;console.log(`mfaInfo = ${JSON.stringify(c)}`);const l=t.generateSecret({name:`${e} (${o})`});c||(c={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(c)}`),a.userSecretPath?i[a.userSecretPath]:i.mfa=c,console.log(`user = ${JSON.stringify(i)}`)),c.secret.temp=l.base32,c.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(i)}`),await a.putUser(i),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");s({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,o)=>{var a,s;const n=r;let i=await o.getUser(e);const c=o.userSecretPath?i[o.userSecretPath]:i.mfa;return t.totp.verify({secret:null===(a=null==c?void 0:c.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:n})?(c.secret.actual=null===(s=null==c?void 0:c.secret)||void 0===s?void 0:s.temp,c.enabled=!0,await o.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),a=require("md5"),o=require("jsonwebtoken");e.authenticate=async(e,r,i,n,s,c,l)=>{var u;let d=await s.getUser(e);const f=s.userSecretPath?d[s.userSecretPath]:d.mfa,m=s.userPasswordPath?d[s.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",mfaToken:i,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(a(r||"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const a=await s.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,a={time:Date.now(),user:d};const i=o.sign(a,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),i}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled},e.mfaRegister=async(e,a,o)=>new Promise((async(i,n)=>{let s=await o.getUser(a),c=o.userSecretPath?s[o.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${a}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[o.userSecretPath?o.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await o.putUser(s),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");i({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,a)=>{var o,i;const n=r;let s=await a.getUser(e);const c=a.userSecretPath?s[a.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,encoding:"base32",token:n})?(c.secret.actual=null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,c.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pico-auth",
-  "version": "0.0.14",
+  "version": "0.0.19",
   "description": "Minimal auth with user/pass, impersonation and mfa authentication",
   "main": "dist/pico-auth.umd.js",
   "types": "dist/pico-auth.d.ts",