pipobscure / otp Goto Github PK
View Code? Open in Web Editor NEWA simple OneTimePassword library compatible with GoogleAuthenticator
License: MIT License
A simple OneTimePassword library compatible with GoogleAuthenticator
License: MIT License
After my project automatically upgraded from [email protected] to [email protected], my project stopped working.
Apparently, some change on hoow node internal packages are served broke the main function of the codebase: generateKey().
Issue happens on this line: https://github.com/pipobscure/otp/blob/0bc5a3818a5ab80198c7cb5e3933397369967b24/lib/otp.ts#L93C6-L93C6
globalThis.crypto.getRandomValues(bytes);
apparently globalThis.crypto is not defined. checking other changes on the app, I found that we should actually be using:
import { getRandomValues } from 'node:crypto';
For those who want a quick work around, just put the fixed version 1.1.0 in package.json and clear the installation.
I have a PR ready to fix this if the maintainers want the help
When I try to create barcode from totpURL and parse it in Google Authenticator, I get The barcode 'otpauth://totp/...
is not a valid authentication token barcode.
I have to remove trailing =
from a secret and then this is scanned fine. My solution is to create URL manually like this:
const login = process.argv[2];
const name = encodeURIComponent(`Portal (${login})`);
const secret = otp.secret.slice(0, -1); // remove trailing =
const totpURL = `otpauth://totp/${name}?secret=${secret}`;
Is this still maintained?
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
At least make an option. I would drop support for browsers that do not support crypto extension.
Passing buffer in secret
doesn't work
var crypto = require('crypto');
var otp = require('otp')({
secret: crypto.randomBytes(256);
});
console.log(otp.hotp());
throws the following error
/Users/detj/tmp/plivo-try/node_modules/otp/node_modules/thirty-two/lib/thirty-two/thirty-two.js:121
throw new Error('Invalid input - it is not base32 encoded string');
^
Error: Invalid input - it is not base32 encoded string
at Object.exports.decode (plivo-try/node_modules/otp/node_modules/thirty-two/lib/thirty-two/thirty-two.js:121:16)
at OTP.hotp (plivo-try/node_modules/otp/otp.js:65:58)
at Object.<anonymous> (/Users/detj/tmp/plivo-try/otp.js:20:17)
at Module._compile (module.js:460:26)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
at Function.Module.runMain (module.js:501:10)
at startup (node.js:129:16)
at node.js:814:3
Tried with node 0.12.2 and node 0.10.38
Hello,
I noticed that the library prints to standard error, is this necessary? I think a user can easily display Date.now()
or options if there is any need for debugging.
https://github.com/pipobscure/otp/blob/master/lib/otp.ts#L87
Kind regards,
Krzysztof
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey
should be used instead of Math.random()
Currently, this lib use the crypto module
The problem is that causes gigantic bundles when the code is bundled with Webpack (I assume the same for browserify).
Would you be open to a PR that switch to createHmac?
Thanks a lot.
If the secret string has padding characters, it would not be parsed correctly.
Padding characters seems be dropped before decodeChar() function.
Code
const OTP = require('otp');
const samples = [
// "suck" x16 + "s" (length: 65) - okay
"ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23T",
// "suck" x16 (length: 64) - exception
"ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG2Y="
];
samples.forEach((secret) => {
try {
const otp = new OTP({ secret });
console.log(otp.totp());
console.log("{SECRET} parsed!".replace("{SECRET}", secret));
} catch(ex) {
console.log("{SECRET} cannot be parsed!".replace("{SECRET}", secret));
console.log(ex);
}
console.log("");
});
Output
1601972249095 { secret:
'ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23T',
name: 'OTPAuthentication',
keySize: 64,
codeLength: 6,
epoch: 0,
timeSlice: 30 }
277683
ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23T parsed!
1601972249099 { secret:
'ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG2Y=',
name: 'OTPAuthentication',
keySize: 64,
codeLength: 6,
epoch: 0,
timeSlice: 30 }
ON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG23TOVRWW43VMNVXG5LDNNZXKY3LON2WG2Y= cannot be parsed!
Error: invalid character: undefined
at decodeChar (....\node_modules\otp\otp.js:41:15)
at decodeChunk (....\node_modules\otp\otp.js:54:16)
at decode (....\node_modules\otp\otp.js:95:9)
at hotp (....\node_modules\otp\otp.js:441:46)
at totp (....\node_modules\otp\otp.js:449:12)
at samples.forEach (....\app.js:46:29)
at Array.forEach (<anonymous>)
at Server.app.listen (....\app.js:43:13)
at Object.onceWrapper (events.js:286:20)
at Server.emit (events.js:198:13)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.