coolaj86/node-authenticator.js
1
0
Fork 0
Code Issues 2 Pull Requests Releases Activity

Compare commits

base: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:v1.1.5
coolaj86:v1.1.4
coolaj86:v1.1.3
coolaj86:v1.1.2
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0
..
compare: coolaj86:v1.0.1
Branches Tags
coolaj86:master
coolaj86:v1.1.5
coolaj86:v1.1.4
coolaj86:v1.1.3
coolaj86:v1.1.2
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0

No commits in common. "master" and "v1.0.1" have entirely different histories.
master ... v1.0.1

4 changed files with 28 additions and 85 deletions
Show Stats Expand all files Collapse all files

79
README.md
View File

@ -1,17 +1,13 @@
Node.js Authenticator Node.js Authenticator
===================== =====================
| Sponsored by [ppl](https://ppl.family)
Two- and Multi- Factor Authenication (2FA / MFA) for node.js Two- and Multi- Factor Authenication (2FA / MFA) for node.js
![](https://blog.authy.com/assets/posts/authenticator.png)
There are a number of apps that various websites use to give you 6-digit codes to increase security when you log in: There are a number of apps that various websites use to give you 6-digit codes to increase security when you log in:
* Authy (shown above) [iPhone](https://itunes.apple.com/us/app/authy/id494168017?mt=8) | [Android](https://play.google.com/store/apps/details?id=com.authy.authy&hl=en) | [Chrome](https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en) | [Linux](https://www.authy.com/personal/) | [OS X](https://www.authy.com/personal/) | [BlackBerry](https://appworld.blackberry.com/webstore/content/38831914/?countrycode=US&lang=en) * Authy [iPhone](https://itunes.apple.com/us/app/authy/id494168017?mt=8) • [Android](https://play.google.com/store/apps/details?id=com.authy.authy&hl=en) • [Chrome](https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en) • [Linux](https://www.authy.com/personal/) • [OS X](https://www.authy.com/personal/) • [BlackBerry](https://appworld.blackberry.com/webstore/content/38831914/?countrycode=US&lang=en)
* Google Authenticator [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8) | [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en) * Google Authenticator [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8) [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en)
* Microsoft Authenticator [Windows Phone](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj) | [Android](https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator) * Microsoft Authenticator [Windows Phone](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj) [Android](https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator)
* GAuth [FxOS](https://marketplace.firefox.com/app/gauth/) * GAuth [FxOS](https://marketplace.firefox.com/app/gauth/)
There are many [Services that Support MFA](http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now), There are many [Services that Support MFA](http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now),
@ -21,31 +17,13 @@ This module uses [`notp`](https://github.com/guyht/notp) which implements `TOTP`
(the *Authenticator* standard), which is based on `HOTP` [(RFC 4226)](https://www.ietf.org/rfc/rfc4226.txt) (the *Authenticator* standard), which is based on `HOTP` [(RFC 4226)](https://www.ietf.org/rfc/rfc4226.txt)
to provide codes that are exactly compatible with all other *Authenticator* apps and services that use them. to provide codes that are exactly compatible with all other *Authenticator* apps and services that use them.
Browser & Commandline Authenticator Usage
---------------------
You may also be interested in
* [Browser Authenticator](https://git.coolaj86.com/coolaj86/browser-authenticator) over at <https://git.coolaj86.com/coolaj86/browser-authenticator>
* [Commandline Authenticator](https://git.coolaj86.com/coolaj86/authenticator-cli) over at <https://git.coolaj86.com/coolaj86/authenticator-cli>
Install
===== =====
**node.js api**
```bash ```bash
npm install authenticator --save npm install authenticator --save
``` ```
**command line**
```bash
npm install authenticator-cli --global
```
Usage
=====
**node.js api**
```javascript ```javascript
'use strict'; 'use strict';
@ -62,51 +40,29 @@ authenticator.verifyToken(formattedKey, formattedToken);
authenticator.verifyToken(formattedKey, '000 000'); authenticator.verifyToken(formattedKey, '000 000');
// null // null
authenticator.generateTotpUri(formattedKey, "john.doe@email.com", "ACME Co", 'SHA1', 6, 30);
//
// otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
``` ```
**command line** ### API
```
# see help
authenticator --help
# generate a key and display qr code ### generateKey()
authenticator --qr
```
API generates a 32-character (160-bit) base32 key
---
```javascript ### generateToken(formattedKey)
generateKey() // generates a 32-character (160-bit) base32 key
generateToken(formattedKey) // generates a 6-digit (20-bit) decimal time-based token generates a 6-digit (20-bit) decimal time-based token
verifyToken(formattedKey, formattedToken) // validates a time-based token within a +/- 30 second (90 seconds) window ### verifyToken(formattedKey, formattedToken)
// returns `null` on failure or an object such as `{ delta: 0 }` on success
// generates an `OTPAUTH://` scheme URI for QR Code generation. validates a time-based token within a +/- 30 second (90 seconds) window
generateTotpUri(formattedKey, accountName, issuer, algorithm, digits, period)
```
**OTPAuth Scheme** returns `null` on failure or an object such as `{ delta: 0 }` on success
* <https://github.com/google/google-authenticator/wiki/Key-Uri-Format>
* `otpauth://totp/<<ISSUER>>:<<ACCOUNT_NAME>>?secret=<<BASE32_KEY>>&issuer=<<ISSUER>>`
* `otpauth://totp/<<ISSUER>>:<<ACCOUNT_NAME>>?secret=<<BASE32_KEY>>&issuer=<<ISSUER>>&algorithm=<<ALGO>>&digits=<<INT>>&period=<<SECONDS>>`
Note that `ISSUER` is specified twice for backwards / forwards compatibility.
QR Code QR Code
------- -------
See <https://davidshimjs.github.io/qrcodejs/> and <https://github.com/soldair/node-qrcode>. See <https://davidshimjs.github.io/qrcodejs/> and <https://github.com/soldair/node-qrcode>.
![](http://cdn9.howtogeek.com/wp-content/uploads/2014/10/sshot-7-22.png)
Example use with `qrcode.js` in the browser: Example use with `qrcode.js` in the browser:
```javascript ```javascript
@ -152,4 +108,13 @@ and humans who are handicapped or otherwise struggle with quick fine motor skill
Why not SpeakEasy? Why not SpeakEasy?
------------------ ------------------
It doesn't use native node crypto and there are open security issues which have been left unaddressed. I took a look at the code and I didn't feel comfortable using it.
For any module related to security I want to see that the code is clean,
well-maintained, and that any security-related bugs are addressed.
The author was obviously not well-versed in JavaScript at the time
that he wrote it and it hasn't been cleaned up since.
Also, the author hasn't been responsive to issues and pull requests.
The notp author has been responsive, but notp doesn't do everything I would like.

12
authenticator.js
View File

@ -57,15 +57,3 @@ function verifyGoogleAuthToken(key, token) {
module.exports.generateKey = generateGoogleAuthKey; module.exports.generateKey = generateGoogleAuthKey;
module.exports.generateToken = generateGoogleAuthToken; module.exports.generateToken = generateGoogleAuthToken;
module.exports.verifyToken = verifyGoogleAuthToken; module.exports.verifyToken = verifyGoogleAuthToken;
module.exports.generateTotpUri = function (secret, accountName, issuer, algo, digits, period) {
// Full OTPAUTH URI spec as explained at
// https://github.com/google/google-authenticator/wiki/Key-Uri-Format
return 'otpauth://totp/'
+ encodeURI(issuer || '') + ':' + encodeURI(accountName || '')
+ '?secret=' + secret.replace(/[\s\.\_\-]+/g, '').toUpperCase()
+ '&issuer=' + encodeURIComponent(issuer || '')
+ '&algorithm=' + (algo || 'SHA1')
+ '&digits=' + (digits || 6)
+ '&period=' + (period || 30)
;
};

4
bin/authenticator.js
View File

@ -1,4 +0,0 @@
#!/usr/bin/env node
'use strict';
module.exports = require('authenticator-cli/bin/authenticator');

18
package.json
View File

@ -1,17 +1,14 @@
{ {
"name": "authenticator", "name": "authenticator",
"version": "1.1.5", "version": "1.0.1",
"description": "Two- / Multi- Factor Authenication (2FA / MFA) for node.js", "description": "Two- / Multi- Factor Authenication (2FA / MFA) for node.js",
"main": "authenticator.js", "main": "authenticator.js",
"scripts": { "scripts": {
"test": "node example.js" "test": "node example.js"
}, },
"bin": {
"authenticator": "bin/authenticator.js"
},
"repository": { "repository": {
"type": "git", "type": "git",
"url": "git+https://git.coolaj86.com/coolaj86/node-authenticator.js.git" "url": "git+https://github.com/Daplie/node-authenticator.git"
}, },
"keywords": [ "keywords": [
"authenticator", "authenticator",
@ -22,20 +19,17 @@
"base32", "base32",
"code", "code",
"generator", "generator",
"one-time",
"time-based",
"authy", "authy",
"google", "google",
"microsoft" "microsoft"
], ],
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)", "author": "AJ ONeal <coolaj86@gmail.com> (http://coolaj86.com/)",
"license": "(MIT or Apache-2.0)", "license": "Apache-2.0",
"bugs": { "bugs": {
"url": "https://git.coolaj86.com/coolaj86/node-authenticator.js/issues" "url": "https://github.com/Daplie/node-authenticator/issues"
}, },
"homepage": "https://git.coolaj86.com/coolaj86/node-authenticator.js#readme", "homepage": "https://github.com/Daplie/node-authenticator#readme",
"dependencies": { "dependencies": {
"authenticator-cli": "^1.0.5",
"notp": "^2.0.3", "notp": "^2.0.3",
"thirty-two": "0.0.2" "thirty-two": "0.0.2"
} }