UNPKG

passport-backup-codes

Version:

Backup codes authentication strategy for Passport.

github.com/oktapodia/passport-backup-codes

oktapodia/passport-backup-codes

142 lines (122 loc) 3.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
/** * Module dependencies. */ var passport = require('passport-strategy') , util = require('util'); /** * `Strategy` constructor. * * The backup codes strategy authentication strategy authenticates requests based on the * single use code value submitted through an HTML-based form. * * Applications must supply a `setup` callback which accepts `user`, and then * calls the `done` callback. * * Optionally, `options` can be used to change the fields in which the * credentials are found. * * Options: * - `codeField` field name where the single use code value is found, defaults to _code_ * - `window` size of time step delay window, defaults to 6 * * Examples: * * passport.use(new BackupCodesStrategy( * function (user, done) { * if (user.codes) { * return done(null, user.codes); * } * return done(null, false); * }, * function (user, code, done) { * user.codes = user.codes.filter((value) => { * return code !== value; * }); * * return done(); * }); * )); * * @param {Object} options * @param {Function} setup * @param {Function} tearDown * @api public */ function Strategy(options, setup, tearDown) { if (typeof options == 'function') { tearDown = setup; setup = options; options = {}; } if (!setup) { throw new TypeError('BackupCodesStrategy requires a setup callback'); } if (!tearDown) { throw new TypeError('BackupCodesStrategy requires a tearDown callback'); } this._codeField = options.codeField || 'code'; this._passReqToCallback = options.passReqToCallback || false; passport.Strategy.call(this); this._setup = setup; this._tearDown = tearDown; this.name = 'backup-codes'; } /** * Inherit from `passport.Strategy`. */ util.inherits(Strategy, passport.Strategy); /** * Authenticate request based on single use code values. * * @param {Object} req * @api protected */ Strategy.prototype.authenticate = function(req, options) { const value = lookup(req.body, this._codeField) || lookup(req.query, this._codeField); const self = this; function verified(err, codes) { if (err) { return self.error(err); } if (!Array.isArray(codes)) { return self.error('The `codes` provided must be an array'); } if (!codes.includes(value)) { return self.fail('Invalid code'); } console.log('OK'); if (self._passReqToCallback) { return self._tearDown(req, req.user, value, tearDownFunc); } else { return self._tearDown(req.user, value, tearDownFunc); } } /** * Function called to remove the code after using it * @param err * @param codes * @returns {Test|undefined|void|*} */ function tearDownFunc(err, codes) { if (err) { return self.error(err); } return self.success(req.user); } try { if (self._passReqToCallback) { this._setup(req, req.user, verified); } else { this._setup(req.user, verified); } } catch (ex) { return self.error(ex); } function lookup(obj, field) { if (!obj) { return null; } var chain = field.split(']').join('').split('['); for (var i = 0, len = chain.length; i < len; i++) { var prop = obj[chain[i]]; if (typeof(prop) === 'undefined') { return null; } if (typeof(prop) !== 'object') { return prop; } obj = prop; } return null; } }; /** * Expose `Strategy`. */ module.exports = Strategy;