pico-auth 0.0.15 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/pico-auth.esm.js
CHANGED
|
@@ -19,7 +19,7 @@ const authenticate = async (login, password, mfaToken, impersonateEntity, userPr
|
|
|
19
19
|
window: 1, // Adjust window size if tokens have a margin of error
|
|
20
20
|
});
|
|
21
21
|
if (!validated)
|
|
22
|
-
throw new Error(`Failed authentication attempt ${login}`);
|
|
22
|
+
throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
|
|
23
23
|
}
|
|
24
24
|
if (md5(password || '') == userPassword) {
|
|
25
25
|
// check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
|
|
@@ -85,9 +85,9 @@ const mfaRegister = async (appName, login, userProvider) => {
|
|
|
85
85
|
return new Promise(async (resolve, _reject) => {
|
|
86
86
|
let user = await userProvider.getUser(login);
|
|
87
87
|
let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
|
|
88
|
-
console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
|
|
88
|
+
// console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
|
|
89
89
|
const secret = speakeasy.generateSecret({
|
|
90
|
-
name: `${appName}
|
|
90
|
+
name: `${appName}: ${login}`,
|
|
91
91
|
});
|
|
92
92
|
if (!mfaInfo) {
|
|
93
93
|
mfaInfo = {
|
|
@@ -97,14 +97,14 @@ const mfaRegister = async (appName, login, userProvider) => {
|
|
|
97
97
|
},
|
|
98
98
|
enabled: false
|
|
99
99
|
};
|
|
100
|
-
console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
|
|
100
|
+
// console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
|
|
101
101
|
const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
|
|
102
102
|
user[propName] = mfaInfo;
|
|
103
|
-
console.log(`user = ${JSON.stringify(user)}`)
|
|
103
|
+
// console.log(`user = ${JSON.stringify(user)}`)
|
|
104
104
|
}
|
|
105
105
|
mfaInfo.secret.temp = secret.base32;
|
|
106
106
|
mfaInfo.secret.actual = undefined;
|
|
107
|
-
console.log(`user2 = ${JSON.stringify(user)}`)
|
|
107
|
+
// console.log(`user2 = ${JSON.stringify(user)}`)
|
|
108
108
|
await userProvider.putUser(user);
|
|
109
109
|
qrcode.toDataURL(secret.otpauth_url, (err, data) => {
|
|
110
110
|
if (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,r,
|
|
1
|
+
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,d=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",mfaToken:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(md5(t||"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await s.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,a,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,a)=>new Promise((async(r,s)=>{let o=await a.getUser(t),i=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!i){i={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=i}i.secret.temp=n.base32,i.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,a)=>{var r,s;const o=t;let i=await a.getUser(e);const n=a.userSecretPath?i[a.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await a.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return null==r?void 0:r.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
|
package/dist/pico-auth.umd.js
CHANGED
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
window: 1, // Adjust window size if tokens have a margin of error
|
|
26
26
|
});
|
|
27
27
|
if (!validated)
|
|
28
|
-
throw new Error(`Failed authentication attempt ${login}`);
|
|
28
|
+
throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
|
|
29
29
|
}
|
|
30
30
|
if (md5(password || '') == userPassword) {
|
|
31
31
|
// check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
|
|
@@ -91,9 +91,9 @@
|
|
|
91
91
|
return new Promise(async (resolve, _reject) => {
|
|
92
92
|
let user = await userProvider.getUser(login);
|
|
93
93
|
let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
|
|
94
|
-
console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
|
|
94
|
+
// console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
|
|
95
95
|
const secret = speakeasy.generateSecret({
|
|
96
|
-
name: `${appName}
|
|
96
|
+
name: `${appName}: ${login}`,
|
|
97
97
|
});
|
|
98
98
|
if (!mfaInfo) {
|
|
99
99
|
mfaInfo = {
|
|
@@ -103,14 +103,14 @@
|
|
|
103
103
|
},
|
|
104
104
|
enabled: false
|
|
105
105
|
};
|
|
106
|
-
console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
|
|
106
|
+
// console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
|
|
107
107
|
const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
|
|
108
108
|
user[propName] = mfaInfo;
|
|
109
|
-
console.log(`user = ${JSON.stringify(user)}`)
|
|
109
|
+
// console.log(`user = ${JSON.stringify(user)}`)
|
|
110
110
|
}
|
|
111
111
|
mfaInfo.secret.temp = secret.base32;
|
|
112
112
|
mfaInfo.secret.actual = undefined;
|
|
113
|
-
console.log(`user2 = ${JSON.stringify(user)}`)
|
|
113
|
+
// console.log(`user2 = ${JSON.stringify(user)}`)
|
|
114
114
|
await userProvider.putUser(user);
|
|
115
115
|
qrcode.toDataURL(secret.otpauth_url, (err, data) => {
|
|
116
116
|
if (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),a=require("md5"),o=require("jsonwebtoken");e.authenticate=async(e,r,i,n,s,c,l)=>{var u;let d=await s.getUser(e);const f=s.userSecretPath?d[s.userSecretPath]:d.mfa,m=s.userPasswordPath?d[s.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",mfaToken:i,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(a(r||"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const a=await s.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,a={time:Date.now(),user:d};const i=o.sign(a,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),i}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled},e.mfaRegister=async(e,a,o)=>new Promise((async(i,n)=>{let s=await o.getUser(a),c=o.userSecretPath?s[o.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${a}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[o.userSecretPath?o.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await o.putUser(s),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");i({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,a)=>{var o,i;const n=r;let s=await a.getUser(e);const c=a.userSecretPath?s[a.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,encoding:"base32",token:n})?(c.secret.actual=null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,c.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
|