BradNut/node-auth
1
0
Fork 0
mirror of https://github.com/BradNut/node-auth synced 2025-09-08 17:40:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setup form to submit 2FA after login and logging them in if correct.

Browse source
This commit is contained in:
Bradley Shellnut 2021-04-27 10:20:42 -07:00
parent b1d53f36f1
commit 58ae32178a
2 changed files with 50 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
api/src/accounts/authorize.js
View file

@ -8,10 +8,22 @@ export async function authorizeUser(email, password) {
const userData = await user.findOne({ const userData = await user.findOne({
'email.address': email, 'email.address': email,
}) })
if (userData) {
// Get user password // Get user password
const savedPassword = userData.password const savedPassword = userData.password
// Compare password with one in database // Compare password with one in database
const isAuthorized = await compare(password, savedPassword) const isAuthorized = await compare(password, savedPassword)
// Return boolean of if password is correct // Return boolean of if password is correct
return { isAuthorized, userId: userData._id } return {
isAuthorized,
userId: userData._id,
authenticatorSecret: userData.authenticator,
}
}
return {
isAuthorized: false,
userId: null,
authenticatorSecret: null,
}
} }

35
api/src/index.js
View file

@ -70,6 +70,29 @@ async function startApp() {
} }
}); });
app.post('/api/verify-2fa', {}, async (request, reply) => {
try {
// Verify user login
const { token, email, password } = request.body
const {
isAuthorized,
userId,
authenticatorSecret
} = await authorizeUser(email, password)
const isValid = authenticator.verify({ token, secret: authenticatorSecret })
if (userId && isValid && isAuthorized) {
await logUserIn(userId, request, reply)
reply.send("success")
}
reply.code(401).send()
} catch (e) {
console.log('e', e)
return reply.code(401).send({})
}
});
app.post('/api/register', {}, async (request, reply) => { app.post('/api/register', {}, async (request, reply) => {
try { try {
const userId = await registerUser( const userId = await registerUser(
@ -208,12 +231,11 @@ async function startApp() {
app.post('/api/authorize', {}, async (request, reply) => { app.post('/api/authorize', {}, async (request, reply) => {
try { try {
console.log(request.body.email, request.body.password) const { isAuthorized, userId, authenticatorSecret } = await authorizeUser(
const { isAuthorized, userId } = await authorizeUser(
request.body.email, request.body.email,
request.body.password request.body.password
) )
if (isAuthorized) { if (isAuthorized && !authenticatorSecret) {
await logUserIn(userId, request, reply) await logUserIn(userId, request, reply)
reply.send({ reply.send({
data: { data: {
@ -221,7 +243,14 @@ async function startApp() {
userId, userId,
}, },
}) })
} else if (isAuthorized && authenticatorSecret) {
reply.send({
data: {
status: "2FA",
},
})
} }
reply.code(401).send()
} catch (e) { } catch (e) {
console.error('e', e); console.error('e', e);
reply.send({ reply.send({