pico-auth 0.0.28 → 0.0.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/pico-auth.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ declare module "core/auth" {
|
|
|
16
16
|
impersonateOrg(user: any, target: string): Promise<any>;
|
|
17
17
|
}
|
|
18
18
|
export interface ScratchCardProvider {
|
|
19
|
-
consume(
|
|
19
|
+
consume(cardCode: string, user?: BaseUser): Promise<BaseUser>;
|
|
20
20
|
}
|
|
21
21
|
export interface BaseUser {
|
|
22
22
|
id?: string;
|
package/dist/pico-auth.esm.js
CHANGED
|
@@ -95,12 +95,12 @@ const authenticate = async (login, password, mfaToken, impersonateEntity, userPr
|
|
|
95
95
|
*/
|
|
96
96
|
const authenticateWithScratchCard = async (requesterLogin, cardCode, userProvider, scratchCardProvider, jwtSpecs) => {
|
|
97
97
|
let user = await userProvider.getUser(requesterLogin);
|
|
98
|
-
if (user.blocked)
|
|
98
|
+
if (user && user.blocked)
|
|
99
99
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Blocked)`);
|
|
100
100
|
try {
|
|
101
101
|
let targetUser;
|
|
102
102
|
try {
|
|
103
|
-
targetUser = await scratchCardProvider.consume(
|
|
103
|
+
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
104
104
|
}
|
|
105
105
|
catch (error) {
|
|
106
106
|
// on any error we assume that it was a failed attempt
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const l=i.userSecretPath?c[i.userSecretPath]:c.mfa,d=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let l={time:Date.now(),user:n};const d=jwt.sign(l,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o=await a.getUser(e);if(o.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked)`);try{let s;try{s=await r.consume(o
|
|
1
|
+
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const l=i.userSecretPath?c[i.userSecretPath]:c.mfa,d=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let l={time:Date.now(),user:n};const d=jwt.sign(l,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o=await a.getUser(e);if(o&&o.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked)`);try{let s;try{s=await r.consume(t,o)}catch(t){throw new Error(`Failed card authentication attempt ${e} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${e} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked as Target)`);let n=a.getSafeUser?await a.getSafeUser(s):s;n=a.getUserPostAuthenticate?await a.getUserPostAuthenticate(n):n;let c=i.secretKey,l={time:Date.now(),user:n};const d=jwt.sign(l,c,{expiresIn:i.expiryTimeMs});return console.info(`Card authentication success. Requester:${e} Target:${s.id}`),d}catch(t){throw new Error(`Failed card authentication attempt ${e}`)}},mfaRegister=async(e,t,a)=>new Promise(async(r,i)=>{let o=await a.getUser(t),s=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!s){s={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=s}s.secret.temp=n.base32,s.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})})}),mfaVerify=async(e,t,a)=>{var r,i;const o=t;let s=await a.getUser(e);const n=a.userSecretPath?s[a.userSecretPath]:s.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(i=null==n?void 0:n.secret)||void 0===i?void 0:i.temp,n.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1};export{authenticate,authenticateWithScratchCard,mfaEnabled,mfaRegister,mfaVerify};
|
package/dist/pico-auth.umd.js
CHANGED
|
@@ -101,12 +101,12 @@
|
|
|
101
101
|
*/
|
|
102
102
|
const authenticateWithScratchCard = async (requesterLogin, cardCode, userProvider, scratchCardProvider, jwtSpecs) => {
|
|
103
103
|
let user = await userProvider.getUser(requesterLogin);
|
|
104
|
-
if (user.blocked)
|
|
104
|
+
if (user && user.blocked)
|
|
105
105
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Blocked)`);
|
|
106
106
|
try {
|
|
107
107
|
let targetUser;
|
|
108
108
|
try {
|
|
109
|
-
targetUser = await scratchCardProvider.consume(
|
|
109
|
+
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
110
110
|
}
|
|
111
111
|
catch (error) {
|
|
112
112
|
// on any error we assume that it was a failed attempt
|
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const f=s.userSecretPath?u[s.userSecretPath]:u.mfa,h=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(d=null==f?void 0:f.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==h){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n=await a.getUser(e);if(n.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked)`);try{let s;try{s=await r.consume(n
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const f=s.userSecretPath?u[s.userSecretPath]:u.mfa,h=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(d=null==f?void 0:f.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==h){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n=await a.getUser(e);if(n&&n.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked)`);try{let s;try{s=await r.consume(t,n)}catch(t){throw new Error(`Failed card authentication attempt ${e} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${e} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${e} (Blocked as Target)`);let c=a.getSafeUser?await a.getSafeUser(s):s;c=a.getUserPostAuthenticate?await a.getUserPostAuthenticate(c):c;let l=o.secretKey,d={time:Date.now(),user:c};const u=i.sign(d,l,{expiresIn:o.expiryTimeMs});return console.info(`Card authentication success. Requester:${e} Target:${s.id}`),u}catch(t){throw new Error(`Failed card authentication attempt ${e}`)}},e.mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1},e.mfaRegister=async(e,r,i)=>new Promise(async(o,n)=>{let s=await i.getUser(r),c=i.userSecretPath?s[i.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${r}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[i.userSecretPath?i.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await i.putUser(s),a.toDataURL(l.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");o({qr_code:t,secret:l.base32})})}),e.mfaVerify=async(e,a,r)=>{var i,o;const n=a;let s=await r.getUser(e);const c=r.userSecretPath?s[r.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,encoding:"base32",token:n})?(c.secret.actual=null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,c.enabled=!0,await r.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})});
|