Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async

2 years ago · d9288a137a
parent e5d0f9871f
commit d9288a137a
4 changed files with 20 additions and 30 deletions
--- a/lib/misc/dotwofactor.js
+++ b/lib/misc/dotwofactor.js
@ -0,0 +1,14 @@
+const OTPAuth = require('otpauth');
+
+module.exports = (totpSecret, userInput) => {
+	const totp = new OTPAuth.TOTP({
+		secret: totpSecret,
+		algorithm: 'SHA256',
+	});
+	const delta = totp.validate({
+		token: userInput,
+		algorithm: 'SHA256',
+		window: 1,
+	});
+	return { totp, delta };
+};
--- a/models/forms/changepassword.js
+++ b/models/forms/changepassword.js
@ -3,7 +3,7 @@
 const bcrypt = require('bcrypt')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, redis = require(__dirname+'/../../lib/redis/redis.js')
-	, OTPAuth = require('otpauth')
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js')
 	, { Accounts } = require(__dirname+'/../../db/');

 module.exports = async (req, res) => {
@ -37,15 +37,7 @@ module.exports = async (req, res) => {
 	}

 	if (account.twofactor) {
-		const totp = new OTPAuth.TOTP({
-			secret: account.twofactor,
-			algorithm: 'SHA256',
-		});
-		const delta = await totp.validate({
-			token: req.body.twofactor,
-			algorithm: 'SHA256',
-			window: 1,
-		});
+		const { delta } = doTwoFactor(account.twofactor, req.body.twofactor);
 		if (delta === null) {
 			return dynamicResponse(req, res, 403, 'message', {
 				'title': 'Forbidden',
--- a/models/forms/login.js
+++ b/models/forms/login.js
@ -3,7 +3,7 @@
 const bcrypt = require('bcrypt')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, { Accounts } = require(__dirname+'/../../db/')
-	, OTPAuth = require('otpauth');
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js');

 module.exports = async (req, res) => {

@ -41,15 +41,7 @@ module.exports = async (req, res) => {
 	}

 	if (account.twofactor) {
-		const totp = new OTPAuth.TOTP({
-			secret: account.twofactor,
-			algorithm: 'SHA256',
-		});
-		const delta = await totp.validate({
-			token: req.body.twofactor,
-			algorithm: 'SHA256',
-			window: 1,
-		});
+		const { delta } = doTwoFactor(account.twofactor, req.body.twofactor);
 		if (delta === null) {
 			return dynamicResponse(req, res, 403, 'message', {
 				'title': 'Forbidden',
--- a/models/forms/twofactor.js
+++ b/models/forms/twofactor.js
@ -3,7 +3,7 @@
 const redis = require(__dirname+'/../../lib/redis/redis.js')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, { Accounts } = require(__dirname+'/../../db/')
-	, OTPAuth = require('otpauth');
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js');

 module.exports = async (req, res) => {

@ -20,15 +20,7 @@ module.exports = async (req, res) => {
 	}

 	// Validate totp
-	const totp = new OTPAuth.TOTP({
-		secret: tempSecret,
-		algorithm: 'SHA256',
-	});
-	const delta = await totp.validate({
-		token: req.body.twofactor,
-		algorithm: 'SHA256',
-		window: 1,
-	});
+	const { delta } = doTwoFactor(tempSecret, req.body.twofactor);

 	// Check if code was valid
 	if (delta === null) {