pico-auth 0.0.31 → 0.0.32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/pico-auth.esm.js
CHANGED
|
@@ -99,15 +99,15 @@ const authenticateWithScratchCard = async (cardCode, userProvider, scratchCardPr
|
|
|
99
99
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Blocked)`);
|
|
100
100
|
if (requesterLogin && !user)
|
|
101
101
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Missing user)`);
|
|
102
|
+
let targetUser;
|
|
103
|
+
try {
|
|
104
|
+
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
105
|
+
}
|
|
106
|
+
catch (error) {
|
|
107
|
+
// on any error we assume that it was a failed attempt
|
|
108
|
+
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
109
|
+
}
|
|
102
110
|
try {
|
|
103
|
-
let targetUser;
|
|
104
|
-
try {
|
|
105
|
-
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
106
|
-
}
|
|
107
|
-
catch (error) {
|
|
108
|
-
// on any error we assume that it was a failed attempt
|
|
109
|
-
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
110
|
-
}
|
|
111
111
|
if (!targetUser)
|
|
112
112
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
113
113
|
// also check if the target user is not blocked
|
|
@@ -127,7 +127,7 @@ const authenticateWithScratchCard = async (cardCode, userProvider, scratchCardPr
|
|
|
127
127
|
console.info(`Card authentication success. Requester:${requesterLogin} Target:${targetUser.id}`);
|
|
128
128
|
return {
|
|
129
129
|
token,
|
|
130
|
-
user: clearedUser
|
|
130
|
+
user: clearedUser // just in case its impersonation so the actual resultin user will be different that the requester login user
|
|
131
131
|
};
|
|
132
132
|
}
|
|
133
133
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const d=i.userSecretPath?c[i.userSecretPath]:c.mfa,l=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==d?void 0:d.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==d?void 0:d.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==l){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let d={time:Date.now(),user:n};const l=jwt.sign(d,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o=i?await t.getUser(i):void 0;if(
|
|
1
|
+
const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,i,o,s)=>{var n;let c=await i.getUser(e);const d=i.userSecretPath?c[i.userSecretPath]:c.mfa,l=i.userPasswordPath?c[i.userPasswordPath]:c.password;if(null==d?void 0:d.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==d?void 0:d.secret)||void 0===n?void 0:n.actual,encoding:"base32",token:a,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(c.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(md5(t||"")==l){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await i.getUser(e);if(a=a||await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=s.secretKey,n=i.getSafeUser?await i.getSafeUser(c):c;n=i.getUserPostAuthenticate?await i.getUserPostAuthenticate(n):n;let d={time:Date.now(),user:n};const l=jwt.sign(d,a,{expiresIn:s.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},authenticateWithScratchCard=async(e,t,a,r,i)=>{let o,s=i?await t.getUser(i):void 0;if(s&&s.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked)`);if(i&&!s)throw new Error(`Failed card authentication attempt ${i} (Missing user)`);try{o=await a.consume(e,s)}catch(e){throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`)}try{if(!o)throw new Error(`Failed card authentication attempt ${i} (Consume Failed)`);if(o.blocked)throw new Error(`Failed card authentication attempt ${i} (Blocked as Target)`);let e=t.getSafeUser?await t.getSafeUser(o):o;e=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(e):e;let a=r.secretKey,s={time:Date.now(),user:e};const n=jwt.sign(s,a,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${i} Target:${o.id}`),{token:n,user:e}}catch(e){throw new Error(`Failed card authentication attempt ${i}`)}},mfaRegister=async(e,t,a)=>new Promise(async(r,i)=>{let o=await a.getUser(t),s=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e}: ${t}`});if(!s){s={secret:{temp:void 0,actual:void 0},enabled:!1};o[a.userSecretPath?a.userSecretPath:"mfa"]=s}s.secret.temp=n.base32,s.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})})}),mfaVerify=async(e,t,a)=>{var r,i;const o=t;let s=await a.getUser(e);const n=a.userSecretPath?s[a.userSecretPath]:s.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)||void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(i=null==n?void 0:n.secret)||void 0===i?void 0:i.temp,n.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1};export{authenticate,authenticateWithScratchCard,mfaEnabled,mfaRegister,mfaVerify};
|
package/dist/pico-auth.umd.js
CHANGED
|
@@ -105,15 +105,15 @@
|
|
|
105
105
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Blocked)`);
|
|
106
106
|
if (requesterLogin && !user)
|
|
107
107
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Missing user)`);
|
|
108
|
+
let targetUser;
|
|
109
|
+
try {
|
|
110
|
+
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
111
|
+
}
|
|
112
|
+
catch (error) {
|
|
113
|
+
// on any error we assume that it was a failed attempt
|
|
114
|
+
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
115
|
+
}
|
|
108
116
|
try {
|
|
109
|
-
let targetUser;
|
|
110
|
-
try {
|
|
111
|
-
targetUser = await scratchCardProvider.consume(cardCode, user);
|
|
112
|
-
}
|
|
113
|
-
catch (error) {
|
|
114
|
-
// on any error we assume that it was a failed attempt
|
|
115
|
-
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
116
|
-
}
|
|
117
117
|
if (!targetUser)
|
|
118
118
|
throw new Error(`Failed card authentication attempt ${requesterLogin} (Consume Failed)`);
|
|
119
119
|
// also check if the target user is not blocked
|
|
@@ -133,7 +133,7 @@
|
|
|
133
133
|
console.info(`Card authentication success. Requester:${requesterLogin} Target:${targetUser.id}`);
|
|
134
134
|
return {
|
|
135
135
|
token,
|
|
136
|
-
user: clearedUser
|
|
136
|
+
user: clearedUser // just in case its impersonation so the actual resultin user will be different that the requester login user
|
|
137
137
|
};
|
|
138
138
|
}
|
|
139
139
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const h=s.userSecretPath?u[s.userSecretPath]:u.mfa,f=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==h?void 0:h.enabled){if(!t.totp.verify({secret:null===(d=null==h?void 0:h.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==f){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n=o?await t.getUser(o):void 0;if(
|
|
1
|
+
!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).picoAuth={})}(this,function(e){"use strict";const t=require("speakeasy"),a=require("qrcode"),r=require("md5"),i=require("jsonwebtoken");e.authenticate=async(e,a,o,n,s,c,l)=>{var d;let u=await s.getUser(e);const h=s.userSecretPath?u[s.userSecretPath]:u.mfa,f=s.userPasswordPath?u[s.userPasswordPath]:u.password;if(null==h?void 0:h.enabled){if(!t.totp.verify({secret:null===(d=null==h?void 0:h.secret)||void 0===d?void 0:d.actual,encoding:"base32",token:o,window:1}))throw new Error(`Failed authentication attempt ${e} (MFA Enabled)`)}if(u.blocked)throw new Error(`Failed authentication attempt ${e} (Blocked)`);if(r(a||"")==f){const e=n,t=u;if(e){let a=!1;if(e.startsWith("@")){if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const r=await s.getUser(e);if(a=a||await c.canImpersonate(u,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=l.secretKey,r=s.getSafeUser?await s.getSafeUser(u):u;r=s.getUserPostAuthenticate?await s.getUserPostAuthenticate(r):r;let o={time:Date.now(),user:r};const d=i.sign(o,a,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${u.id}`),d}throw new Error(`Failed authentication attempt ${e}`)},e.authenticateWithScratchCard=async(e,t,a,r,o)=>{let n,s=o?await t.getUser(o):void 0;if(s&&s.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked)`);if(o&&!s)throw new Error(`Failed card authentication attempt ${o} (Missing user)`);try{n=await a.consume(e,s)}catch(e){throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`)}try{if(!n)throw new Error(`Failed card authentication attempt ${o} (Consume Failed)`);if(n.blocked)throw new Error(`Failed card authentication attempt ${o} (Blocked as Target)`);let e=t.getSafeUser?await t.getSafeUser(n):n;e=t.getUserPostAuthenticate?await t.getUserPostAuthenticate(e):e;let a=r.secretKey,s={time:Date.now(),user:e};const c=i.sign(s,a,{expiresIn:r.expiryTimeMs});return console.info(`Card authentication success. Requester:${o} Target:${n.id}`),{token:c,user:e}}catch(e){throw new Error(`Failed card authentication attempt ${o}`)}},e.mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return(null==r?void 0:r.enabled)||!1},e.mfaRegister=async(e,r,i)=>new Promise(async(o,n)=>{let s=await i.getUser(r),c=i.userSecretPath?s[i.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e}: ${r}`});if(!c){c={secret:{temp:void 0,actual:void 0},enabled:!1};s[i.userSecretPath?i.userSecretPath:"mfa"]=c}c.secret.temp=l.base32,c.secret.actual=void 0,await i.putUser(s),a.toDataURL(l.otpauth_url,(e,t)=>{if(e)throw new Error("Error generating QR code");o({qr_code:t,secret:l.base32})})}),e.mfaVerify=async(e,a,r)=>{var i,o;const n=a;let s=await r.getUser(e);const c=r.userSecretPath?s[r.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(i=null==c?void 0:c.secret)||void 0===i?void 0:i.temp,encoding:"base32",token:n})?(c.secret.actual=null===(o=null==c?void 0:c.secret)||void 0===o?void 0:o.temp,c.enabled=!0,await r.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})});
|