Refactor new OTPAuth...validate pattern, remove await -- it isn't and shouldn't be async

2 years ago · d9288a137a
parent e5d0f9871f
commit d9288a137a
4 changed files with 20 additions and 30 deletions
--- a/lib/misc/dotwofactor.js
+++ b/lib/misc/dotwofactor.js
@ -0,0 +1,14 @@
 const OTPAuth = require('otpauth');
 module.exports = (totpSecret, userInput) => {
 	const totp = new OTPAuth.TOTP({
 		secret: totpSecret,
 		algorithm: 'SHA256',
 	});
 	const delta = totp.validate({
 		token: userInput,
 		algorithm: 'SHA256',
 		window: 1,
 	});
 	return { totp, delta };
 };
--- a/models/forms/changepassword.js
+++ b/models/forms/changepassword.js
@ -3,7 +3,7 @@
 const bcrypt = require('bcrypt')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, redis = require(__dirname+'/../../lib/redis/redis.js')
-	, OTPAuth = require('otpauth')
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js')
 	, { Accounts } = require(__dirname+'/../../db/');
 module.exports = async (req, res) => {
@ -37,15 +37,7 @@ module.exports = async (req, res) => {
 	}
 	if (account.twofactor) {
-		const totp = new OTPAuth.TOTP({
+		const { delta } = doTwoFactor(account.twofactor, req.body.twofactor);
 			secret: account.twofactor,
 			algorithm: 'SHA256',
 		});
 		const delta = await totp.validate({
 			token: req.body.twofactor,
 			algorithm: 'SHA256',
 			window: 1,
 		});
 		if (delta === null) {
 			return dynamicResponse(req, res, 403, 'message', {
 				'title': 'Forbidden',
--- a/models/forms/login.js
+++ b/models/forms/login.js
@ -3,7 +3,7 @@
 const bcrypt = require('bcrypt')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, { Accounts } = require(__dirname+'/../../db/')
-	, OTPAuth = require('otpauth');
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js');
 module.exports = async (req, res) => {
@ -41,15 +41,7 @@ module.exports = async (req, res) => {
 	}
 	if (account.twofactor) {
-		const totp = new OTPAuth.TOTP({
+		const { delta } = doTwoFactor(account.twofactor, req.body.twofactor);
 			secret: account.twofactor,
 			algorithm: 'SHA256',
 		});
 		const delta = await totp.validate({
 			token: req.body.twofactor,
 			algorithm: 'SHA256',
 			window: 1,
 		});
 		if (delta === null) {
 			return dynamicResponse(req, res, 403, 'message', {
 				'title': 'Forbidden',
--- a/models/forms/twofactor.js
+++ b/models/forms/twofactor.js
@ -3,7 +3,7 @@
 const redis = require(__dirname+'/../../lib/redis/redis.js')
 	, dynamicResponse = require(__dirname+'/../../lib/misc/dynamic.js')
 	, { Accounts } = require(__dirname+'/../../db/')
-	, OTPAuth = require('otpauth');
+	, doTwoFactor = require(__dirname+'/../../lib/misc/dotwofactor.js');
 module.exports = async (req, res) => {
@ -20,15 +20,7 @@ module.exports = async (req, res) => {
 	}
 	// Validate totp
-	const totp = new OTPAuth.TOTP({
+	const { delta } = doTwoFactor(tempSecret, req.body.twofactor);
 		secret: tempSecret,
 		algorithm: 'SHA256',
 	});
 	const delta = await totp.validate({
 		token: req.body.twofactor,
 		algorithm: 'SHA256',
 		window: 1,
 	});
 	// Check if code was valid
 	if (delta === null) {