that.db.getWalletRecord(req.query.serverKey, function(err, payload) { if(err) { console.log('Wallet Get Error: '+err); return res.send({result: 'error', message: 'Error retreiving wallet'}); } if(!payload || !payload.wallet) return res.send({result: 'error', message: 'Invalid login information'}); if(typeof req.query.authCode == 'undefined' && payload.authKey) return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'}); if(payload.authKey) { var code = speakeasy.time({key: payload.authKey, encoding: 'base32'}); if(req.query.authCode != code) return res.send({result: 'error', message: 'Two factor authentication code was invalid'}); } that.db.generateSessionKey(req.query.serverKey, function(err, key) { if(err) return res.send({result: 'error', message: 'Error generating session key, please try again later'}); res.send({wallet: payload.wallet, sessionKey: key}); }); });
db.getWalletRecord(req.query.serverKey, function(err, payload) { if(err) { console.log('Wallet Get Error: '+err); return res.send({result: 'error', message: 'Error retreiving wallet'}); } if(!payload || !payload.wallet) return res.send({result: 'error', message: 'Wallet not found or invalid password'}); if(!(req.signedCookies.authCode && req.signedCookies.authCode.user == payload.email && req.signedCookies.authCode.time > Date.now())){ if(typeof req.query.authCode == 'undefined' && payload.authKey) return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'}); if(payload.authKey) { var code = speakeasy.time({key: payload.authKey, encoding: 'base32'}); if(req.query.authCode != code) return res.send({result: 'error', message: 'Two factor authentication code was invalid'}); res.cookie('authCode', {user: payload.email, time: Date.now() + 7200000}, {maxAge: 7200000, signed: true}); } } var usingAuthKey = false; if(payload.authKey){ usingAuthKey = true; } return res.send({wallet: payload.wallet, usingAuthKey: usingAuthKey}); });
.then(function (users) { var user = users.length && users[0]; if (!user) { defer.resolve(false); return; } var correct = speakeasy.time({ key: user['otp_key'], encoding: 'base32' }); defer.resolve(correct == otp); })
app.get('redis').set(mac, key.hex, function(err,result){ if(err || result !== 'OK'){ return res.jsonp(500, {code:500, error:{errorcode: 1, desc: "数据库操作失败"}}); } var r = {code:200, time: time, seed: key.base32} if ('development' == app.get('env')) { r['dynamic'] = speakeasy.time({key: key.base32 , encoding: 'base32'}) //speakeasy.totp({key: key.base32 , time: time}) } res.jsonp(r); });
server.post('/wallet/api/setAuthKey', function(req, res) { var code = speakeasy.time({key: req.body.key, encoding: 'base32'}); if(code != req.body.code) return res.send({set: false}); db.setAuthKey(req.body.serverKey, req.body.key, function(err, success) { if(err) return res.send({set: false}); res.send({set: true}); }); });
ntp.getNetworkTime(ewdChild.ntp.host, ewdChild.ntp.port, function(err, date) { if (err) { if (callback) callback({error: err}); } else { var code = se.time({ key: key, time: date.getTime()/1000, encoding: 'base32' }); var match = false; if (code.toString() === enteredCode.toString()) match = true; if (callback) callback({match: match}); } });
exports.consume = function(key, guess) { var answer = speakeasy.time({ key: key, encoding: 'base32' }) assert(answer) if (~usedOtp.indexOf(key + answer)) { return null } usedOtp.push(key + answer) if (usedOtp.length > 10000) { usedOtp.shift() } debug('expected otp %s, received %s', answer, guess) return guess == answer }
db.getWalletRecord(req.body.serverKey, function(err, payload) { if(err) console.log('Wallet Get Error: '+err); if(!payload || !payload.authKey) return res.send({result: 'error', message: 'no auth key found for this wallet'}); var code = speakeasy.time({key: payload.authKey, encoding: 'base32'}); if(code != req.body.authCode) return res.send({result: 'error', message: 'invalid auth code'}); db.disableAuthKey(req.body.serverKey, function(err, result) { if(err) return res.send({result: 'error', message: 'could not update database, please try again later'}); res.send({result: 'success'}); }); });
db.getWalletRecord(req.query.serverKey, function(err, payload) { if(err) { console.log('Wallet Get Error: '+err); return res.send({result: 'error', message: 'Error retreiving wallet'}); } if(!payload || !payload.wallet) return res.send({result: 'error', message: 'Wallet not found'}); if(typeof req.query.authCode == 'undefined' && payload.authKey) return res.send({result: 'authCodeNeeded', message: 'Two factor authentication code needed'}); if(payload.authKey) { var code = speakeasy.time({key: payload.authKey, encoding: 'base32'}); if(req.query.authCode != code) return res.send({result: 'error', message: 'Two factor authentication code was invalid'}); } return res.send({wallet: payload.wallet}); });
function getToken(secret) { return speakeasy.time({secret: secret, encoding: 'base32'}) }
User.findOne({ 'local.email' : email }, function(err, user) { // if there are any errors, return the error before anything else if (err) return done(err); // if no user is found, return the message if (!user) return done(null, false, req.flash('loginMessage', 'Invalid username or password, please try again.')); // req.flash is the way to set flashdata using connect-flash if(user.local.verifiedEmail == false){ return done(null, false, req.flash('loginMessage', 'Please contact the admin to activate your beta account (josh@cannacoin.cc).')); // req.flash is the way to set flashdata using connect-flash } // if the user is found but the password is wrong if (!user.validPassword(password)) { User.update( { _id: user }, {$inc: {"local.failedAttempts" : 1 }}, function(err, result) {}); return done(null, false, req.flash('loginMessage', 'Invalid username or password, please try again.')); // create the loginMessage and save it to session as flashdata } //If we have 2FA enabled, check that it's legit if(user.apiKeys.google2fa.enabled == true){ var google2faCode = speakeasy.time({key: user.apiKeys.google2fa.base32, encoding: 'base32'}); var google2faForm = req.body.google2faCode if(google2faCode == google2faForm) { // all is well, return successful user return done(null, user); } else { //Invalid 2FA Code return done(null, false, req.flash('loginMessage', 'Invalid 2FA Code, please try again.')); // create the loginMessage and save it to session as flashdata } } if(user.apiKeys.yubiKey.enabled == true){ var uuid; //Hook into request for yubikey code. //HMAC var OTP = req.body.yubiKeyOtp; if(OTP == null || OTP == undefined || OTP == ''){ OTP = 'blank request' } var UUID = user.apiKeys.yubiKey.uuid; var apiKey = process.env.FOBFUSCATE_API_KEY; var apiUrl = process.env.FOBFUSCATE_API_URL; //HMAC Hash output var hash = crypto.createHash('sha256'); hash.update(OTP+UUID+apiKey); MAC = hash.digest('hex'); // Create HTTP Request to send to Bittrex request.post(apiUrl, { form: {OTP: OTP, MAC: MAC} }, function(error, response, body) { console.log(body) body = JSON.parse(body); if(body.IsSuccess){ return done(null, user); } if(!body.IsSuccess) { return done(null, false, req.flash('loginMessage', 'Error: ' + body.LastError)); // create the loginMessage and save it to session as flashdata } }); } else { // all is well, return successful user return done(null, user); } });
.then(function (users) { var user = users.length && users[0]; var correct = speakeasy.time({ key: user['otp_key'], encoding: 'base32' }); req.url = '/secure-proxy/api/otp?action=check&otp=' + correct; api.otp('http', 'sid', req, res); });
exports.code = function(req, res){ var code = req.param('code') || 'MZEHSNLBGUYDKKLLFERUWJDIGAXU4ILOEFDSQ3KVGBWE2JS6OE3A' time = new Date() var k = speakeasy.time({key: code , encoding: 'base32'}) res.jsonp({key : k , time: time, code : code}); }