pico-auth 0.0.15 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/pico-auth.esm.js +8 -7
  2. package/dist/pico-auth.esm.min.js +1 -1
  3. package/dist/pico-auth.umd.js +8 -7
  4. package/dist/pico-auth.umd.min.js +1 -1
  5. package/package.json +1 -1
package/dist/pico-auth.esm.js CHANGED
@@ -11,15 +11,16 @@ const authenticate = async (login, password, mfaToken, impersonateEntity, userPr
11
11
  const mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
12
12
  const userPassword = userProvider.userPasswordPath ? user[userProvider.userPasswordPath] : user.password;
13
13
  if (mfaInfo === null || mfaInfo === void 0 ? void 0 : mfaInfo.enabled) {
14
+ console.log(`Validating ${mfaToken} vs mfa info ${JSON.stringify(mfaInfo)} `);
14
15
  // Validate the token against the user's saved secret
15
16
  const validated = speakeasy.totp.verify({
16
17
  secret: (_a = mfaInfo === null || mfaInfo === void 0 ? void 0 : mfaInfo.secret) === null || _a === void 0 ? void 0 : _a.actual,
17
18
  encoding: 'base32',
18
- mfaToken,
19
+ token: mfaToken,
19
20
  window: 1, // Adjust window size if tokens have a margin of error
20
21
  });
21
22
  if (!validated)
22
- throw new Error(`Failed authentication attempt ${login}`);
23
+ throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
23
24
  }
24
25
  if (md5(password || '') == userPassword) {
25
26
  // check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
@@ -85,9 +86,9 @@ const mfaRegister = async (appName, login, userProvider) => {
85
86
  return new Promise(async (resolve, _reject) => {
86
87
  let user = await userProvider.getUser(login);
87
88
  let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
88
- console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
89
+ // console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
89
90
  const secret = speakeasy.generateSecret({
90
- name: `${appName} (${login})`,
91
+ name: `${appName}: ${login}`,
91
92
  });
92
93
  if (!mfaInfo) {
93
94
  mfaInfo = {
@@ -97,14 +98,14 @@ const mfaRegister = async (appName, login, userProvider) => {
97
98
  },
98
99
  enabled: false
99
100
  };
100
- console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
101
+ // console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
101
102
  const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
102
103
  user[propName] = mfaInfo;
103
- console.log(`user = ${JSON.stringify(user)}`);
104
+ // console.log(`user = ${JSON.stringify(user)}`)
104
105
  }
105
106
  mfaInfo.secret.temp = secret.base32;
106
107
  mfaInfo.secret.actual = undefined;
107
- console.log(`user2 = ${JSON.stringify(user)}`);
108
+ // console.log(`user2 = ${JSON.stringify(user)}`)
108
109
  await userProvider.putUser(user);
109
110
  qrcode.toDataURL(secret.otpauth_url, (err, data) => {
110
111
  if (err) {
package/dist/pico-auth.esm.min.js CHANGED
@@ -1 +1 @@
1
- const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,r,a,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,u=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",mfaToken:r,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(md5(t||"")==u){const e=a,t=c;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const a=await s.getUser(e);if(r=r||await o.canImpersonate(c,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,r,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,r)=>new Promise((async(a,s)=>{let o=await r.getUser(t),i=r.userSecretPath?o[r.userSecretPath]:o.mfa;console.log(`mfaInfo = ${JSON.stringify(i)}`);const n=speakeasy.generateSecret({name:`${e} (${t})`});if(!i){i={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(i)}`);o[r.userSecretPath?r.userSecretPath:"mfa"]=i,console.log(`user = ${JSON.stringify(o)}`)}i.secret.temp=n.base32,i.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(o)}`),await r.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");a({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,r)=>{var a,s;const o=t;let i=await r.getUser(e);const n=r.userSecretPath?i[r.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(a=null==n?void 0:n.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await r.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
1
+ const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,d=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){console.log(`Validating ${a} vs mfa info ${JSON.stringify(l)} `);if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(md5(t||"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await s.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,a,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,a)=>new Promise((async(r,s)=>{let o=await a.getUser(t),i=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!i){i={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=i}i.secret.temp=n.base32,i.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,a)=>{var r,s;const o=t;let i=await a.getUser(e);const n=a.userSecretPath?i[a.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)||void 0===s?void 0:s.temp,n.enabled=!0,await a.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return null==r?void 0:r.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
package/dist/pico-auth.umd.js CHANGED
@@ -17,15 +17,16 @@
17
17
  const mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
18
18
  const userPassword = userProvider.userPasswordPath ? user[userProvider.userPasswordPath] : user.password;
19
19
  if (mfaInfo === null || mfaInfo === void 0 ? void 0 : mfaInfo.enabled) {
20
+ console.log(`Validating ${mfaToken} vs mfa info ${JSON.stringify(mfaInfo)} `);
20
21
  // Validate the token against the user's saved secret
21
22
  const validated = speakeasy.totp.verify({
22
23
  secret: (_a = mfaInfo === null || mfaInfo === void 0 ? void 0 : mfaInfo.secret) === null || _a === void 0 ? void 0 : _a.actual,
23
24
  encoding: 'base32',
24
- mfaToken,
25
+ token: mfaToken,
25
26
  window: 1, // Adjust window size if tokens have a margin of error
26
27
  });
27
28
  if (!validated)
28
- throw new Error(`Failed authentication attempt ${login}`);
29
+ throw new Error(`Failed authentication attempt ${login} (MFA Enabled)`);
29
30
  }
30
31
  if (md5(password || '') == userPassword) {
31
32
  // check if impersonate mode - this is not yet implemented fully just copy pasta from GRM project
@@ -91,9 +92,9 @@
91
92
  return new Promise(async (resolve, _reject) => {
92
93
  let user = await userProvider.getUser(login);
93
94
  let mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
94
- console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`);
95
+ // console.log(`mfaInfo = ${JSON.stringify(mfaInfo)}`)
95
96
  const secret = speakeasy.generateSecret({
96
- name: `${appName} (${login})`,
97
+ name: `${appName}: ${login}`,
97
98
  });
98
99
  if (!mfaInfo) {
99
100
  mfaInfo = {
@@ -103,14 +104,14 @@
103
104
  },
104
105
  enabled: false
105
106
  };
106
- console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`);
107
+ // console.log(`mfaInfo2 = ${JSON.stringify(mfaInfo)}`)
107
108
  const propName = userProvider.userSecretPath ? userProvider.userSecretPath : "mfa";
108
109
  user[propName] = mfaInfo;
109
- console.log(`user = ${JSON.stringify(user)}`);
110
+ // console.log(`user = ${JSON.stringify(user)}`)
110
111
  }
111
112
  mfaInfo.secret.temp = secret.base32;
112
113
  mfaInfo.secret.actual = undefined;
113
- console.log(`user2 = ${JSON.stringify(user)}`);
114
+ // console.log(`user2 = ${JSON.stringify(user)}`)
114
115
  await userProvider.putUser(user);
115
116
  qrcode.toDataURL(secret.otpauth_url, (err, data) => {
116
117
  if (err) {
package/dist/pico-auth.umd.min.js CHANGED
@@ -1 +1 @@
1
- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),o=require("md5"),a=require("jsonwebtoken");e.authenticate=async(e,r,s,i,n,c,l)=>{var u;let d=await n.getUser(e);const f=n.userSecretPath?d[n.userSecretPath]:d.mfa,m=n.userPasswordPath?d[n.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",mfaToken:s,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(o(r||"")==m){const e=i,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const o=await n.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=o}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,o={time:Date.now(),user:d};const s=a.sign(o,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),s}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const o=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==o?void 0:o.enabled},e.mfaRegister=async(e,o,a)=>new Promise((async(s,i)=>{let n=await a.getUser(o),c=a.userSecretPath?n[a.userSecretPath]:n.mfa;console.log(`mfaInfo = ${JSON.stringify(c)}`);const l=t.generateSecret({name:`${e} (${o})`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1},console.log(`mfaInfo2 = ${JSON.stringify(c)}`);n[a.userSecretPath?a.userSecretPath:"mfa"]=c,console.log(`user = ${JSON.stringify(n)}`)}c.secret.temp=l.base32,c.secret.actual=void 0,console.log(`user2 = ${JSON.stringify(n)}`),await a.putUser(n),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");s({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,o)=>{var a,s;const i=r;let n=await o.getUser(e);const c=o.userSecretPath?n[o.userSecretPath]:n.mfa;return t.totp.verify({secret:null===(a=null==c?void 0:c.secret)||void 0===a?void 0:a.temp,encoding:"base32",token:i})?(c.secret.actual=null===(s=null==c?void 0:c.secret)||void 0===s?void 0:s.temp,c.enabled=!0,await o.putUser(n),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
1
+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),a=require("md5"),o=require("jsonwebtoken");e.authenticate=async(e,r,i,n,s,c,l)=>{var u;let d=await s.getUser(e);const f=s.userSecretPath?d[s.userSecretPath]:d.mfa,m=s.userPasswordPath?d[s.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){console.log(`Validating ${i} vs mfa info ${JSON.stringify(f)} `);if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)||void 0===u?void 0:u.actual,encoding:"base32",token:i,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(a(r||"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const a=await s.getUser(e);if(r=r||await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,a={time:Date.now(),user:d};const i=o.sign(a,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),i}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled},e.mfaRegister=async(e,a,o)=>new Promise((async(i,n)=>{let s=await o.getUser(a),c=o.userSecretPath?s[o.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${a}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[o.userSecretPath?o.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await o.putUser(s),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");i({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,a)=>{var o,i;const n=r;let s=await a.getUser(e);const c=a.userSecretPath?s[a.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,encoding:"base32",token:n})?(c.secret.actual=null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,c.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pico-auth",
3
- "version": "0.0.15",
3
+ "version": "0.0.20",
4
4
  "description": "Minimal auth with user/pass, impersonation and mfa authentication",
5
5
  "main": "dist/pico-auth.umd.js",
6
6
  "types": "dist/pico-auth.d.ts",