Files
cloudron-box/src/routes/developer.js
T
Girish Ramakrishnan 9a0d5b918f totp: set window to 2
see https://github.com/speakeasyjs/speakeasy#specifying-a-window-for-verifying-hotp-and-totp

A TOTP is incremented every step time-step seconds. By default, the time-step is
30 seconds. Window of 2 means, +- 2 steps.

Fixes #633
2019-07-23 14:45:54 -07:00

36 lines
1.3 KiB
JavaScript

'use strict';
exports = module.exports = {
login: login
};
var clients = require('../clients.js'),
passport = require('passport'),
HttpError = require('connect-lastmile').HttpError,
HttpSuccess = require('connect-lastmile').HttpSuccess,
speakeasy = require('speakeasy');
function login(req, res, next) {
passport.authenticate('local', function (error, user) {
if (error) return next(new HttpError(500, error));
if (!user) return next(new HttpError(401, 'Invalid credentials'));
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
if (!user.ghost && user.twoFactorAuthenticationEnabled) {
if (!req.body.totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken, window: 2 });
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
}
const auditSource = { authType: 'cli', ip: ip };
clients.issueDeveloperToken(user, auditSource, function (error, result) {
if (error) return next(new HttpError(500, error));
next(new HttpSuccess(200, result));
});
})(req, res, next);
}