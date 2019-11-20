Passport strategy for Two-factor authenticating with a username, password and TOTP code.

This module lets you authenticate using a username, password and TOTP code in your Node.js applications. By plugging into Passport, 2FA TOTP authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. You can use any TOTP code generators to generate one-time passwords, for example Google Authenticator.

Install

$ npm install passport-2fa-totp

Usage

Configure Strategy

The 2FA TOTP authentication strategy authenticates a user using a username, password and TOTP value generated by a hardware device or software application (known as a token). The strategy requires a callback to verify a username and password and a callback to setup TOTP generator.

var GoogleAuthenticator = require ( 'passport-2fa-totp' ).GoogeAuthenticator; var TwoFAStrategy = require ( 'passport-2fa-totp' ).Strategy; ... passport.use( new TwoFAStrategy( function ( username, password, done ) { User.findOne({ username : username }, function ( err, user ) { if (err) { return done(err); } if (!user) { return done( null , false ); } if (!user.verifyPassword(password)) { return done( null , false ); } return done( null , user); }); }, function ( user, done ) { if (!user.secret) { done( new Error ( "Google Authenticator is not setup yet." )); } else { var secret = GoogleAuthenticator.decodeSecret(user.secret); done( null , secret, 30 ); } }));

GoogleAuthenticator object provides utility methods for Google Authenticator

GoogleAuthenticator.register(username) - Generate a secret key and render a QR code (SVG) to register an account in Google Authenticator.

GoogleAuthenticator.decodeSecret(secret) - Convert BASE 32 encoded string to byte array.

Available Options

This strategy takes an optional options hash before the function, e.g. new TwoFAStartegy({/* options */, verifyUsernameAndPasswordCallback, verifyTotpCodeCallback}) .

The available options are:

usernameField - Optional, defaults to 'username'

- Optional, defaults to 'username' passwordField - Optional, defaults to 'password'

- Optional, defaults to 'password' codeField - Optional, defaults to 'code'

- Optional, defaults to 'code' window - Optional defaults to 6. A window to generate TOTP code.

- Optional defaults to 6. A window to generate TOTP code. skipTotpVerification - Optional defaults to false. TOTP code verification is skipped if it is set to be true.

- Optional defaults to false. TOTP code verification is skipped if it is set to be true. passReqToCallback - Optional defaults to false. Pass request object to the callbacks if it is set to be true.

Authenticate Requests

Use passport.authenticate() , specifying the '2fa-totp' strategy, to authenticate requests.

router.post( '/' , passport.authenticate( '2fa-totp' , { successRedirect : '/' , failureRedirect : '/login' }));

Examples

Developers using the popular Express web framework can refer to an node-2fa as a starting point for their own web applications.

Tests