npm - pico-auth - Versions diffs - 0.0.8 → 0.0.10 - Mend

pico-auth 0.0.8 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/pico-auth.d.ts CHANGED Viewed

@@ -1,4 +1,8 @@
 declare module "core/auth" {
+    export interface JWTSpecs {
+        secretKey: string;
+        expiryTimeMs: number;
+    }
     export interface UserProvider {
         getUser(login: string): Promise<any>;
         putUser(user: any): Promise<any>;
@@ -12,7 +16,7 @@ declare module "core/auth" {
     /**
      * When mfaToken is provided
      */
-    export const authenticate: (login: string, password: string, mfaToken: string, impersonateEntity: string, userProvider: UserProvider, impersonateProvider: any) => Promise<any>;
+    export const authenticate: (login: string, password: string, mfaToken: string, impersonateEntity: string, userProvider: UserProvider, impersonateProvider: any, jwtSpecs: JWTSpecs) => Promise<any>;
     /**
      * Will prepare user for MFA activation. Next step is to call verify with token generated in MFA app by the user.
      */
@@ -25,5 +29,5 @@ declare module "core/auth" {
 }
 declare module "pico-auth" {
     export { mfaRegister, mfaVerify, mfaEnabled, authenticate } from "core/auth";
-    export type { UserProvider, ImpersonateProvider } from "core/auth";
+    export type { UserProvider, ImpersonateProvider, JWTSpecs } from "core/auth";
 }

package/dist/pico-auth.esm.js CHANGED Viewed

@@ -5,7 +5,7 @@ const jwt = require('jsonwebtoken');
 /**
  * When mfaToken is provided
  */
-const authenticate = async (login, password, mfaToken, impersonateEntity, userProvider, impersonateProvider) => {
+const authenticate = async (login, password, mfaToken, impersonateEntity, userProvider, impersonateProvider, jwtSpecs) => {
     var _a;
     let user = await userProvider.getUser(login);
     const mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
@@ -63,12 +63,14 @@ const authenticate = async (login, password, mfaToken, impersonateEntity, userPr
             }
             console.info(`Impersonate success. From: ${originalUser.login} into ${target}`);
         }
-        let jwtSecretKey = process.env.JWT_SECRET_KEY;
+        // let jwtSecretKey = process.env.JWT_SECRET_KEY;
+        let jwtSecretKey = jwtSpecs.secretKey;
         let data = {
             time: Date.now(),
             user: user
         };
-        const token = jwt.sign(data, jwtSecretKey, { expiresIn: process.env.JWT_EXPIRY_TIME });
+        // const token = jwt.sign(data, jwtSecretKey, {expiresIn: process.env.JWT_EXPIRY_TIME});
+        const token = jwt.sign(data, jwtSecretKey, { expiresIn: jwtSpecs.expiryTimeMs });
         console.log(`Successful login: ${user.id}`);
         return token;
     }

package/dist/pico-auth.esm.min.js CHANGED Viewed

	@@ -1 +1 @@
1	- const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,s,o)=>{var n;let i=await s.getUser(e);const c=s.userSecretPath?i[s.userSecretPath]:i.mfa,l=s.userPasswordPath?i[s.userPasswordPath]:i.password;if(null==c?void 0:c.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==c?void 0:c.secret)\|\|void 0===n?void 0:n.actual,encoding:"base32",mfaToken:a,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(md5(t\|\|"")==l){const e=r,t=i;if(e){let a=!1;if(e.startsWith("@")){if(a=a\|\|await o.canImpersonate(i,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(i,e)}else{const r=await s.getUser(e);if(a=a\|\|await o.canImpersonate(i,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);i=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=~~process~~.~~env.JWT_SECRET_KEY~~,n={time:Date.now(),user:i};const c=jwt.sign(n,a,{expiresIn:~~process~~.~~env.JWT_EXPIRY_TIME~~});return console.log(`Successful login: ${i.id}`),c}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,a)=>new Promise((async(r,s)=>{let o=await a.getUser(t),n=a.userSecretPath?o[a.userSecretPath]:o.mfa;const i=speakeasy.generateSecret({name:`${e} (${t})`});n\|\|(n={secret:{temp:void 0,actual:void 0},enabled:!1}),n.secret.temp=i.base32,n.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(i.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:i.base32})}))})),mfaVerify=async(e,t,a)=>{var r,s;const o=t;let n=await a.getUser(e);const i=a.userSecretPath?n[a.userSecretPath]:n.mfa;return speakeasy.totp.verify({secret:null===(r=null==i?void 0:i.secret)\|\|void 0===r?void 0:r.temp,encoding:"base32",token:o})?(i.secret.actual=null===(s=null==i?void 0:i.secret)\|\|void 0===s?void 0:s.temp,i.enabled=!0,await a.putUser(n),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return null==r?void 0:r.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};
1	+ const speakeasy=require("speakeasy"),qrcode=require("qrcode"),md5=require("md5"),jwt=require("jsonwebtoken"),authenticate=async(e,t,a,r,s,o,i)=>{var n;let c=await s.getUser(e);const l=s.userSecretPath?c[s.userSecretPath]:c.mfa,d=s.userPasswordPath?c[s.userPasswordPath]:c.password;if(null==l?void 0:l.enabled){if(!speakeasy.totp.verify({secret:null===(n=null==l?void 0:l.secret)\|\|void 0===n?void 0:n.actual,encoding:"base32",mfaToken:a,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(md5(t\|\|"")==d){const e=r,t=c;if(e){let a=!1;if(e.startsWith("@")){if(a=a\|\|await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await o.impersonateOrg(c,e)}else{const r=await s.getUser(e);if(a=a\|\|await o.canImpersonate(c,e),!a)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);c=r}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let a=i.secretKey,n={time:Date.now(),user:c};const l=jwt.sign(n,a,{expiresIn:i.expiryTimeMs});return console.log(`Successful login: ${c.id}`),l}throw new Error(`Failed authentication attempt ${e}`)},mfaRegister=async(e,t,a)=>new Promise((async(r,s)=>{let o=await a.getUser(t),i=a.userSecretPath?o[a.userSecretPath]:o.mfa;const n=speakeasy.generateSecret({name:`${e} (${t})`});i\|\|(i={secret:{temp:void 0,actual:void 0},enabled:!1}),i.secret.temp=n.base32,i.secret.actual=void 0,await a.putUser(o),qrcode.toDataURL(n.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");r({qr_code:t,secret:n.base32})}))})),mfaVerify=async(e,t,a)=>{var r,s;const o=t;let i=await a.getUser(e);const n=a.userSecretPath?i[a.userSecretPath]:i.mfa;return speakeasy.totp.verify({secret:null===(r=null==n?void 0:n.secret)\|\|void 0===r?void 0:r.temp,encoding:"base32",token:o})?(n.secret.actual=null===(s=null==n?void 0:n.secret)\|\|void 0===s?void 0:s.temp,n.enabled=!0,await a.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},mfaEnabled=async(e,t)=>{let a=await t.getUser(e);const r=t.userSecretPath?a[t.userSecretPath]:a.mfa;return null==r?void 0:r.enabled};export{authenticate,mfaEnabled,mfaRegister,mfaVerify};

package/dist/pico-auth.umd.js CHANGED Viewed

@@ -11,7 +11,7 @@
     /**
      * When mfaToken is provided
      */
-    const authenticate = async (login, password, mfaToken, impersonateEntity, userProvider, impersonateProvider) => {
+    const authenticate = async (login, password, mfaToken, impersonateEntity, userProvider, impersonateProvider, jwtSpecs) => {
         var _a;
         let user = await userProvider.getUser(login);
         const mfaInfo = userProvider.userSecretPath ? user[userProvider.userSecretPath] : user.mfa;
@@ -69,12 +69,14 @@
                 }
                 console.info(`Impersonate success. From: ${originalUser.login} into ${target}`);
             }
-            let jwtSecretKey = process.env.JWT_SECRET_KEY;
+            // let jwtSecretKey = process.env.JWT_SECRET_KEY;
+            let jwtSecretKey = jwtSpecs.secretKey;
             let data = {
                 time: Date.now(),
                 user: user
             };
-            const token = jwt.sign(data, jwtSecretKey, { expiresIn: process.env.JWT_EXPIRY_TIME });
+            // const token = jwt.sign(data, jwtSecretKey, {expiresIn: process.env.JWT_EXPIRY_TIME});
+            const token = jwt.sign(data, jwtSecretKey, { expiresIn: jwtSpecs.expiryTimeMs });
             console.log(`Successful login: ${user.id}`);
             return token;
         }

package/dist/pico-auth.umd.min.js CHANGED Viewed

	@@ -1 +1 @@
1	- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),a=require("md5"),o=require("jsonwebtoken");e.authenticate=async(e,r,n,s,i,c)=>{var l;let u=await i.getUser(e);const d=i.userSecretPath?u[i.userSecretPath]:u.mfa,f=i.userPasswordPath?u[i.userPasswordPath]:u.password;if(null==d?void 0:d.enabled){if(!t.totp.verify({secret:null===(l=null==d?void 0:d.secret)\|\|void 0===l?void 0:l.actual,encoding:"base32",mfaToken:n,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(a(r\|\|"")==f){const e=s,t=u;if(e){let r=!1;if(e.startsWith("@")){if(r=r\|\|await c.canImpersonate(u,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(u,e)}else{const a=await i.getUser(e);if(r=r\|\|await c.canImpersonate(u,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);u=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=~~process~~.~~env.JWT_SECRET_KEY~~,a={time:Date.now(),user:u};const n=o.sign(a,r,{expiresIn:~~process~~.~~env.JWT_EXPIRY_TIME~~});return console.log(`Successful login: ${u.id}`),n}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled},e.mfaRegister=async(e,a,o)=>new Promise((async(n,s)=>{let i=await o.getUser(a),c=o.userSecretPath?i[o.userSecretPath]:i.mfa;const l=t.generateSecret({name:`${e} (${a})`});c\|\|(c={secret:{temp:void 0,actual:void 0},enabled:!1}),c.secret.temp=l.base32,c.secret.actual=void 0,await o.putUser(i),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");n({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,a)=>{var o,n;const s=r;let i=await a.getUser(e);const c=a.userSecretPath?i[a.userSecretPath]:i.mfa;return t.totp.verify({secret:null===(o=null==c?void 0:c.secret)\|\|void 0===o?void 0:o.temp,encoding:"base32",token:s})?(c.secret.actual=null===(n=null==c?void 0:c.secret)\|\|void 0===n?void 0:n.temp,c.enabled=!0,await a.putUser(i),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));
1	+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e\|\|self).picoAuth={})}(this,(function(e){"use strict";const t=require("speakeasy"),r=require("qrcode"),a=require("md5"),o=require("jsonwebtoken");e.authenticate=async(e,r,i,n,s,c,l)=>{var u;let d=await s.getUser(e);const f=s.userSecretPath?d[s.userSecretPath]:d.mfa,m=s.userPasswordPath?d[s.userPasswordPath]:d.password;if(null==f?void 0:f.enabled){if(!t.totp.verify({secret:null===(u=null==f?void 0:f.secret)\|\|void 0===u?void 0:u.actual,encoding:"base32",mfaToken:i,window:1}))throw new Error(`Failed authentication attempt ${e}`)}if(a(r\|\|"")==m){const e=n,t=d;if(e){let r=!1;if(e.startsWith("@")){if(r=r\|\|await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);await c.impersonateOrg(d,e)}else{const a=await s.getUser(e);if(r=r\|\|await c.canImpersonate(d,e),!r)throw new Error(`Failed impersonate attempt. From: ${t.id} into ${e}`);d=a}console.info(`Impersonate success. From: ${t.login} into ${e}`)}let r=l.secretKey,a={time:Date.now(),user:d};const i=o.sign(a,r,{expiresIn:l.expiryTimeMs});return console.log(`Successful login: ${d.id}`),i}throw new Error(`Failed authentication attempt ${e}`)},e.mfaEnabled=async(e,t)=>{let r=await t.getUser(e);const a=t.userSecretPath?r[t.userSecretPath]:r.mfa;return null==a?void 0:a.enabled},e.mfaRegister=async(e,a,o)=>new Promise((async(i,n)=>{let s=await o.getUser(a),c=o.userSecretPath?s[o.userSecretPath]:s.mfa;const l=t.generateSecret({name:`${e} (${a})`});c\|\|(c={secret:{temp:void 0,actual:void 0},enabled:!1}),c.secret.temp=l.base32,c.secret.actual=void 0,await o.putUser(s),r.toDataURL(l.otpauth_url,((e,t)=>{if(e)throw new Error("Error generating QR code");i({qr_code:t,secret:l.base32})}))})),e.mfaVerify=async(e,r,a)=>{var o,i;const n=r;let s=await a.getUser(e);const c=a.userSecretPath?s[a.userSecretPath]:s.mfa;return t.totp.verify({secret:null===(o=null==c?void 0:c.secret)\|\|void 0===o?void 0:o.temp,encoding:"base32",token:n})?(c.secret.actual=null===(i=null==c?void 0:c.secret)\|\|void 0===i?void 0:i.temp,c.enabled=!0,await a.putUser(s),!0):(console.log(`Failed mfa verification for ${e}`),!1)},Object.defineProperty(e,"__esModule",{value:!0})}));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pico-auth",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "description": "Minimal auth with user/pass, impersonation and mfa authentication",
   "main": "dist/pico-auth.umd.js",
   "types": "dist/pico-auth.d.ts",