wrote function to verify one-time-passwords
This commit is contained in:
parent
d20e40203e
commit
2b07b0e6ae
42
rest.js
42
rest.js
|
@ -212,7 +212,7 @@ module.exports.create = function (bigconf, deps, app) {
|
||||||
app.handlePromise(req, res, promise, '[issuer@oauth3.org] save grants');
|
app.handlePromise(req, res, promise, '[issuer@oauth3.org] save grants');
|
||||||
};
|
};
|
||||||
|
|
||||||
Tokens.retrieveOtpCode = function (codeStore, codeId) {
|
Tokens.retrieveOtp = function (codeStore, codeId) {
|
||||||
return codeStore.get(codeId).then(function (code) {
|
return codeStore.get(codeId).then(function (code) {
|
||||||
if (!code) {
|
if (!code) {
|
||||||
return null;
|
return null;
|
||||||
|
@ -228,6 +228,44 @@ module.exports.create = function (bigconf, deps, app) {
|
||||||
return code;
|
return code;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
Tokens.validateOtp = function (codeStore, codeId, token) {
|
||||||
|
if (!codeId) {
|
||||||
|
return PromiseA.reject(new Error("Must provide authcode ID"));
|
||||||
|
}
|
||||||
|
if (!token) {
|
||||||
|
return PromiseA.reject(new Error("Must provide authcode code"));
|
||||||
|
}
|
||||||
|
return codeStore.get(codeId).then(function (code) {
|
||||||
|
if (!code) {
|
||||||
|
throw new Error('authcode specified does not exist or has expired');
|
||||||
|
}
|
||||||
|
|
||||||
|
return PromiseA.resolve().then(function () {
|
||||||
|
var attemptsLeft = 3 - (code.attempts && code.attempts.length || 0);
|
||||||
|
if (attemptsLeft <= 0) {
|
||||||
|
throw new Error('you have tried to authorize this code too many times');
|
||||||
|
}
|
||||||
|
if (code.code !== token) {
|
||||||
|
throw new Error('you have entered the code incorrectly. '+attemptsLeft+' attempts remaining');
|
||||||
|
}
|
||||||
|
// TODO: maybe impose a rate limit, although going fast doesn't help you break the
|
||||||
|
// system when you can only try 3 times total.
|
||||||
|
}).then(function () {
|
||||||
|
return codeStore.destroy(codeId).then(function () {
|
||||||
|
return code;
|
||||||
|
});
|
||||||
|
}, function (err) {
|
||||||
|
code.attempts = code.attempts || [];
|
||||||
|
code.attempts.unshift(new Date());
|
||||||
|
|
||||||
|
return codeStore.upsert(codeId, code).then(function () {
|
||||||
|
return PromiseA.reject(err);
|
||||||
|
}, function () {
|
||||||
|
return PromiseA.reject(err);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
};
|
||||||
Tokens.getPrivKey = function (store, experienceId) {
|
Tokens.getPrivKey = function (store, experienceId) {
|
||||||
return store.IssuerOauth3OrgPrivateKeys.get(experienceId).then(function (jwk) {
|
return store.IssuerOauth3OrgPrivateKeys.get(experienceId).then(function (jwk) {
|
||||||
if (jwk) {
|
if (jwk) {
|
||||||
|
@ -268,7 +306,7 @@ module.exports.create = function (bigconf, deps, app) {
|
||||||
var codeId = crypto.createHash('sha256').update(params.username_type+':'+params.username).digest('base64');
|
var codeId = crypto.createHash('sha256').update(params.username_type+':'+params.username).digest('base64');
|
||||||
codeId = makeB64UrlSafe(codeId);
|
codeId = makeB64UrlSafe(codeId);
|
||||||
|
|
||||||
return Tokens.retrieveOtpCode(codeStore, codeId).then(function (code) {
|
return Tokens.retrieveOtp(codeStore, codeId).then(function (code) {
|
||||||
if (code) {
|
if (code) {
|
||||||
return code;
|
return code;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue