You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@milagro.apache.org by sa...@apache.org on 2016/08/05 14:19:29 UTC
[02/37] incubator-milagro-mfa-js-lib git commit: Add otp auth flow
Add otp auth flow
Project: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/commit/f2726680
Tree: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/tree/f2726680
Diff: http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/diff/f2726680
Branch: refs/heads/add-documentation
Commit: f272668080dc8fe4878ae667b56593fda1e02a53
Parents: b376277
Author: Boyan Bakov <bo...@certivox.com>
Authored: Fri Dec 18 15:45:16 2015 +0200
Committer: Vladislav Mitov <vl...@certivox.com>
Committed: Fri Dec 18 18:55:25 2015 +0200
----------------------------------------------------------------------
example/exampleJquery.html | 2 +-
lib/mpin.js | 126 ++++++++++++++++++++++++++++------------
2 files changed, 90 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/blob/f2726680/example/exampleJquery.html
----------------------------------------------------------------------
diff --git a/example/exampleJquery.html b/example/exampleJquery.html
index b8826cb..de1b29e 100644
--- a/example/exampleJquery.html
+++ b/example/exampleJquery.html
@@ -33,7 +33,7 @@ and open the template in the editor.
//// MPIN init
window.mpin = mpin = new mpinjs({
- server: "http://192.168.10.63:8005"
+ server: "http://ssodemo.certivox.com"
});
mpin.init(function (err, data) {
http://git-wip-us.apache.org/repos/asf/incubator-milagro-mfa-js-lib/blob/f2726680/lib/mpin.js
----------------------------------------------------------------------
diff --git a/lib/mpin.js b/lib/mpin.js
index 39e73bf..7db5fd7 100644
--- a/lib/mpin.js
+++ b/lib/mpin.js
@@ -6,9 +6,9 @@
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -50,8 +50,13 @@ var mpinjs = (function () {
Mpin.prototype.init = function (cb) {
var self = this, _initUrl;
- _initUrl = this.opts.server;
- _initUrl += this.opts.rpsPrefix || "/rps/clientSettings";
+ if (this.opts.server.slice(-1) === "/") {
+ _initUrl = this.opts.server;
+ } else {
+ _initUrl = this.opts.server + "/";
+ }
+ _initUrl += this.opts.rpsPrefix || "rps";
+ _initUrl += "/clientSettings";
this.request({url: _initUrl}, function (err, data) {
if (err && cb) {
@@ -175,6 +180,8 @@ var mpinjs = (function () {
}
token = MPINAuth.calculateMPinToken(Users[userId].mpinId, pin, Users[userId].csHex);
+ delete Users[userId].csHex;
+
this.addToUser(userId, {token: token, status: Status.register});
return true;
@@ -217,7 +224,7 @@ var mpinjs = (function () {
_tp2Url = self.generateUrl('permit2', {userId: userId});
_tp2Url += "&signature=" + _signature;
- //check cache if exist
+ //check cache if exist
if (Users[userId].timePermitCache && Users[userId].timePermitCache.date === data.date) {
var _timePermit2 = Users[userId].timePermitCache.timePermit;
var timePermitHex = MPINAuth.addShares(_timePermit1, _timePermit2);
@@ -263,7 +270,7 @@ var mpinjs = (function () {
Mpin.prototype.finishAuthentication = function (userId, aPin, cb) {
- var self = this, _reqData = {}, _userStatus;
+ var _userStatus;
//registered
_userStatus = this.getUser(userId, "status");
@@ -273,6 +280,44 @@ var mpinjs = (function () {
return cb({code: Errors.wrongFlow.code, type: Errors.wrongFlow.type, message: "Need to call startAuthentication method before this."}, null);
}
+ this._passRequests({userId: userId, aPin: aPin}, cb);
+ };
+
+ Mpin.prototype.finishAuthenticationOtp = function (userId, aPin, cb) {
+ var _userStatus;
+
+ //registered
+ _userStatus = this.getUser(userId, "status");
+ if (_userStatus !== Status.register) {
+ return cb(Errors.wrongFlow, null);
+ } else if (!Users[userId].timePermitHex) {
+ return cb({code: Errors.wrongFlow.code, type: Errors.wrongFlow.type, message: "Need to call startAuthentication method before this."}, null);
+ }
+
+ this._passRequests({userId: userId, aPin: aPin, otp: true}, function (err, data) {
+ if (err) {
+ return cb(err, null);
+ }
+
+ if (!data.expireTime || !data.ttlSeconds || !data.nowTime) {
+ return cb(null, null);
+ }
+
+ data.expireTime = data.expireTime / 1000;
+ data.nowTime = data.nowTime / 1000;
+
+ cb(null, data);
+ });
+
+ };
+
+ Mpin.prototype._passRequests = function (opts, cb) {
+ var userId, aPin, otp, self = this, _reqData = {};
+ userId = opts.userId;
+ aPin = opts.aPin;
+
+ otp = opts.otp || false;
+
_reqData.url = this.generateUrl("pass1");
_reqData.type = "POST";
_reqData.data = this.getAuthData(userId, aPin);
@@ -283,42 +328,57 @@ var mpinjs = (function () {
_req2Data.url = self.generateUrl("pass2");
_req2Data.type = "POST";
- _req2Data.data = MPINAuth.pass2Request(pass1Data.y, false, "0");
+ _req2Data.data = MPINAuth.pass2Request(pass1Data.y, otp, "0");
+
_req2Data.data.mpin_id = Users[userId].mpinId;
// pass 2
self.request(_req2Data, function (pass2Err, pass2Data) {
- var _req3Data = {};
+ var otpCode;
if (pass2Err) {
return cb(pass2Err, null);
}
+ otpCode = pass2Data["OTP"] || false;
+
if (pass2Data && pass2Data["OTP"]) {
delete pass2Data["OTP"];
}
- _req3Data.url = self.generateUrl("auth");
- _req3Data.type = "POST";
- _req3Data.data = {mpinResponse: pass2Data};
-
- self.request(_req3Data, function (authErr, authData) {
- if (authErr) {
- if (authErr.status === 401) {
- return cb(Errors.wrongPin, null);
- } else if (authErr.status === 410) {
- self.addToUser(userId, {status: Status.block});
- return cb(Errors.wrongPin, null);
- } else {
- return cb(Errors.wrongPin, null);
- }
- }
-
- cb && cb(null, authData || {});
- });
+ self._authenticate({userId: userId, mpinResponse: pass2Data, otpCode: otpCode}, cb);
});
});
+
+ };
+
+ Mpin.prototype._authenticate = function (opts, cb) {
+ var _authData = {}, self = this;
+
+ _authData.url = this.generateUrl("auth");
+ _authData.type = "POST";
+ _authData.data = {mpinResponse: opts.mpinResponse};
+
+ this.request(_authData, function (authErr, authData) {
+ if (authErr) {
+ if (authErr.status === 401) {
+ return cb(Errors.wrongPin, null);
+ } else if (authErr.status === 410) {
+ opts.userId && self.addToUser(opts.userId, {status: Status.block});
+ return cb(Errors.wrongPin, null);
+ } else {
+ return cb(Errors.wrongPin, null);
+ }
+ }
+
+ if (opts.otpCode && authData) {
+ authData.otp = opts.otpCode;
+ }
+
+ cb && cb(null, authData || null);
+ });
};
+
Mpin.prototype.getAuthData = function (userId, aPin) {
var _auth = {};
@@ -396,7 +456,7 @@ var mpinjs = (function () {
}
}
- cb && cb(null, true);
+ self._authenticate({mpinResponse: data}, cb);
});
};
@@ -513,12 +573,6 @@ var mpinjs = (function () {
//store
delete mpinData.accounts[delMpinId];
- //change default Identity
- for (var mpinId in mpinData.accounts) {
- mpinData.defaultIdentity = mpinId;
- break;
- }
-
this.storeData(mpinData);
};
@@ -552,7 +606,6 @@ var mpinjs = (function () {
if (!mpinData) {
mpinData = {
- defaultIdentity: "",
version: "0.3",
accounts: {}
};
@@ -560,7 +613,6 @@ var mpinjs = (function () {
//update Default Identity
if (upData.mpinId) {
- mpinData.defaultIdentity = upData.mpinId;
mpinData.accounts[upData.mpinId] = {};
}
@@ -633,7 +685,7 @@ var mpinjs = (function () {
_url = options.url || "";
_type = options.type || "GET";
- _parseJson = jsonResponse || true;
+ _parseJson = (typeof jsonResponse !== "undefined") ? jsonResponse : true;
_request.onreadystatechange = function () {
if (_request.readyState === 4 && _request.status === 200) {
@@ -665,4 +717,4 @@ var mpinjs = (function () {
if (typeof module !== 'undefined' && typeof module.exports !== 'undefined')
module.exports = mpinjs;
else
- window.mpinjs = mpinjs;
\ No newline at end of file
+ window.mpinjs = mpinjs;