pico-auth 0.0.30 → 0.0.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/pico-auth.d.ts
CHANGED
|
@@ -37,7 +37,10 @@ declare module "core/auth" {
|
|
|
37
37
|
* @param jwtSpecs
|
|
38
38
|
* @returns
|
|
39
39
|
*/
|
|
40
|
-
export const authenticateWithScratchCard: (cardCode: string, userProvider: UserProvider, scratchCardProvider: ScratchCardProvider, jwtSpecs: JWTSpecs, requesterLogin?: string) => Promise<
|
|
40
|
+
export const authenticateWithScratchCard: (cardCode: string, userProvider: UserProvider, scratchCardProvider: ScratchCardProvider, jwtSpecs: JWTSpecs, requesterLogin?: string) => Promise<{
|
|
41
|
+
token: any;
|
|
42
|
+
user: any;
|
|
43
|
+
}>;
|
|
41
44
|
/**
|
|
42
45
|
* Will prepare user for MFA activation. Next step is to call verify with token generated in MFA app by the user.
|
|
43
46
|
*/
|
package/dist/pico-auth.esm.js
CHANGED
|
@@ -125,7 +125,10 @@ const authenticateWithScratchCard = async (cardCode, userProvider, scratchCardPr
|
|
|
125
125
|
// const token = jwt.sign(data, jwtSecretKey, {expiresIn: process.env.JWT_EXPIRY_TIME});
|
|
126
126
|
const token = jwt.sign(data, jwtSecretKey, { expiresIn: jwtSpecs.expiryTimeMs });
|
|
127
127
|
console.info(`Card authentication success. Requester:${requesterLogin} Target:${targetUser.id}`);
|
|
128
|
-
return
|
|
128
|
+
return {
|
|
129
|
+
token,
|
|
130
|
+
user: clearedUser
|
|
131
|
+
};
|
|
129
132
|
}
|
|
130
133
|
catch (error) {
|
|
131
134
|
// on any error we assume that it was a failed attempt
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const d=i.userSecretPath?c[i.userSecretPath]:c.mfa,l=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==d?void 0:d.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==d?void 0:d.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==l){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let d={time:Date.now(),user:n};const l=jwt.sign(d,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o=i?await t.getUser(i):void 0;if(o&&o.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked)`);if(i&&!o)throw new Error(`Failed card authentication attempt ${i} (Missing user)`);try{let s;try{s=await a.consume(e,o)}catch(e){throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked as Target)`);let n=t.getSafeUser?await t.getSafeUser(s):s;n=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(n):n;let c=r.secretKey,d={time:Date.now(),user:n};const l=jwt.sign(d,c,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${i} Target:${s.id}`),l}catch(e){throw new Error(`Failed card authentication attempt ${i}`)}},mfaRegister=async(e,t,a)=>new Promise(async(r,i)=>{let o=await a.getUser(t),s=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!s){s={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=s}s.secret.temp=n.base32,s.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})})}),mfaVerify=async(e,t,a)=>{var r,i;const o=t;let s=await a.getUser(e);const n=a.userSecretPath?s[a.userSecretPath]:s.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(i=null==n?void 0:n.secret)||void 0===i?void 0:i.temp,n.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1};export{authenticate,authenticateWithScratchCard,mfaEnabled,mfaRegister,mfaVerify};
|
|
1
|
+
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const d=i.userSecretPath?c[i.userSecretPath]:c.mfa,l=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==d?void 0:d.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==d?void 0:d.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==l){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let d={time:Date.now(),user:n};const l=jwt.sign(d,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o=i?await t.getUser(i):void 0;if(o&&o.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked)`);if(i&&!o)throw new Error(`Failed card authentication attempt ${i} (Missing user)`);try{let s;try{s=await a.consume(e,o)}catch(e){throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked as Target)`);let n=t.getSafeUser?await t.getSafeUser(s):s;n=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(n):n;let c=r.secretKey,d={time:Date.now(),user:n};const l=jwt.sign(d,c,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${i} Target:${s.id}`),{token:l,user:n}}catch(e){throw new Error(`Failed card authentication attempt ${i}`)}},mfaRegister=async(e,t,a)=>new Promise(async(r,i)=>{let o=await a.getUser(t),s=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!s){s={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=s}s.secret.temp=n.base32,s.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})})}),mfaVerify=async(e,t,a)=>{var r,i;const o=t;let s=await a.getUser(e);const n=a.userSecretPath?s[a.userSecretPath]:s.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(i=null==n?void 0:n.secret)||void 0===i?void 0:i.temp,n.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1};export{authenticate,authenticateWithScratchCard,mfaEnabled,mfaRegister,mfaVerify};
|
package/dist/pico-auth.umd.js
CHANGED
|
@@ -131,7 +131,10 @@
|
|
|
131
131
|
// const token = jwt.sign(data, jwtSecretKey, {expiresIn: process.env.JWT_EXPIRY_TIME});
|
|
132
132
|
const token = jwt.sign(data, jwtSecretKey, { expiresIn: jwtSpecs.expiryTimeMs });
|
|
133
133
|
console.info(`Card authentication success. Requester:${requesterLogin} Target:${targetUser.id}`);
|
|
134
|
-
return
|
|
134
|
+
return {
|
|
135
|
+
token,
|
|
136
|
+
user: clearedUser
|
|
137
|
+
};
|
|
135
138
|
}
|
|
136
139
|
catch (error) {
|
|
137
140
|
// on any error we assume that it was a failed attempt
|
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const h=s.userSecretPath?u[s.userSecretPath]:u.mfa,f=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==h?void 0:h.enabled){if(!t.totp.verify({secret:null===(d=null==h?void 0:h.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==f){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n=o?await t.getUser(o):void 0;if(n&&n.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked)`);if(o&&!n)throw new Error(`Failed card authentication attempt ${o} (Missing user)`);try{let s;try{s=await a.consume(e,n)}catch(e){throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked as Target)`);let c=t.getSafeUser?await t.getSafeUser(s):s;c=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(c):c;let l=r.secretKey,d={time:Date.now(),user:c};const u=i.sign(d,l,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${o} Target:${s.id}`),u}catch(e){throw new Error(`Failed card authentication attempt ${o}`)}},e.mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1},e.mfaRegister=async(e,r,i)=>new Promise(async(o,n)=>{let s=await i.getUser(r),c=i.userSecretPath?s[i.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${r}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[i.userSecretPath?i.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await i.putUser(s),a.toDataURL(l.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");o({qr_code:t,secret:l.base32})})}),e.mfaVerify=async(e,a,r)=>{var i,o;const n=a;let s=await r.getUser(e);const c=r.userSecretPath?s[r.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,encoding:"base32",token:n})?(c.secret.actual=null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,c.enabled=!0,await r.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})});
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const h=s.userSecretPath?u[s.userSecretPath]:u.mfa,f=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==h?void 0:h.enabled){if(!t.totp.verify({secret:null===(d=null==h?void 0:h.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==f){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n=o?await t.getUser(o):void 0;if(n&&n.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked)`);if(o&&!n)throw new Error(`Failed card authentication attempt ${o} (Missing user)`);try{let s;try{s=await a.consume(e,n)}catch(e){throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`)}if(!s)throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`);if(s.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked as Target)`);let c=t.getSafeUser?await t.getSafeUser(s):s;c=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(c):c;let l=r.secretKey,d={time:Date.now(),user:c};const u=i.sign(d,l,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${o} Target:${s.id}`),{token:u,user:c}}catch(e){throw new Error(`Failed card authentication attempt ${o}`)}},e.mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1},e.mfaRegister=async(e,r,i)=>new Promise(async(o,n)=>{let s=await i.getUser(r),c=i.userSecretPath?s[i.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${r}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[i.userSecretPath?i.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await i.putUser(s),a.toDataURL(l.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");o({qr_code:t,secret:l.base32})})}),e.mfaVerify=async(e,a,r)=>{var i,o;const n=a;let s=await r.getUser(e);const c=r.userSecretPath?s[r.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,encoding:"base32",token:n})?(c.secret.actual=null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,c.enabled=!0,await r.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})});
|