Girish Ramakrishnan
9a0d5b918f
see https://github.com/speakeasyjs/speakeasy#specifying-a-window-for-verifying-hotp-and-totp A TOTP is incremented every step time-step seconds. By default, the time-step is 30 seconds. Window of 2 means, +- 2 steps. Fixes #633
36 lines
1.3 KiB
JavaScript
36 lines
1.3 KiB
JavaScript
'use strict';
|
|
|
|
exports = module.exports = {
|
|
login: login
|
|
};
|
|
|
|
var clients = require('../clients.js'),
|
|
passport = require('passport'),
|
|
HttpError = require('connect-lastmile').HttpError,
|
|
HttpSuccess = require('connect-lastmile').HttpSuccess,
|
|
speakeasy = require('speakeasy');
|
|
|
|
function login(req, res, next) {
|
|
passport.authenticate('local', function (error, user) {
|
|
if (error) return next(new HttpError(500, error));
|
|
if (!user) return next(new HttpError(401, 'Invalid credentials'));
|
|
|
|
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
|
|
|
|
if (!user.ghost && user.twoFactorAuthenticationEnabled) {
|
|
if (!req.body.totpToken) return next(new HttpError(401, 'A totpToken must be provided'));
|
|
|
|
let verified = speakeasy.totp.verify({ secret: user.twoFactorAuthenticationSecret, encoding: 'base32', token: req.body.totpToken, window: 2 });
|
|
if (!verified) return next(new HttpError(401, 'Invalid totpToken'));
|
|
}
|
|
|
|
const auditSource = { authType: 'cli', ip: ip };
|
|
clients.issueDeveloperToken(user, auditSource, function (error, result) {
|
|
if (error) return next(new HttpError(500, error));
|
|
|
|
next(new HttpSuccess(200, result));
|
|
});
|
|
})(req, res, next);
|
|
}
|
|
|