Support signing with another device
This commit is contained in:
Kgothatso
@@ -51,6 +51,7 @@ module.exports = function (options) {
|
||||
// TODO: Support multiple login options...
|
||||
const loginMessage = {
|
||||
action: "authenticate",
|
||||
responseEndpoint: `http://${config.get("server.domain")}/xpub-auth/sign`,
|
||||
url: config.get("server.domain"),
|
||||
userIdentifier: user.displayName,
|
||||
}
|
||||
@@ -58,6 +59,17 @@ module.exports = function (options) {
|
||||
user.extendedPublicKeys[0].xpub,
|
||||
JSON.stringify(loginMessage) // TODO: Create a login body...
|
||||
)
|
||||
return db.Challenge.create(challenge);
|
||||
} else {
|
||||
// User doesn't exist register account
|
||||
response.render("login-signup", {
|
||||
user: request.user,
|
||||
displayName: request.body.displayName,
|
||||
pageTitle: "HD Auth - Signup",
|
||||
});
|
||||
}
|
||||
}).then(challenge => {
|
||||
if(challenge) {
|
||||
QRCode.toDataURL(JSON.stringify(challenge), function (err, url) {
|
||||
if(err) {
|
||||
console.error(err);
|
||||
@@ -69,15 +81,7 @@ module.exports = function (options) {
|
||||
user: request.user
|
||||
})
|
||||
})
|
||||
} else {
|
||||
// User doesn't exist register account
|
||||
response.render("login-signup", {
|
||||
user: request.user,
|
||||
displayName: request.body.displayName,
|
||||
pageTitle: "HD Auth - Signup",
|
||||
});
|
||||
}
|
||||
|
||||
}).catch(error => {
|
||||
console.error("Failed to fulfill account/authenticate post", request.body);
|
||||
console.error("Reason: ", error);
|
||||
@@ -89,6 +93,67 @@ module.exports = function (options) {
|
||||
}
|
||||
});
|
||||
|
||||
router.route('/authenticate/signed')
|
||||
.post(function(request, response, next) {
|
||||
if(request.user) {
|
||||
response.redirect('/account');
|
||||
} else {
|
||||
// Verify challenge
|
||||
db.Challenge.findByPk(request.body.id, {
|
||||
where: {
|
||||
response: {
|
||||
[db.Sequelize.Op.ne]: null
|
||||
}
|
||||
}
|
||||
}).then(challenge => {
|
||||
if (challenge) {
|
||||
if(hdAuthUtil.verifyHDAuthChallengeResponse(challenge)) {
|
||||
// user passed challenge...
|
||||
var loginMessage = JSON.parse(challenge.message);
|
||||
db.User.findOne({
|
||||
where: {
|
||||
displayName: loginMessage.userIdentifier,
|
||||
},
|
||||
include: [
|
||||
{
|
||||
association: db.User.ExtendedPublicKeys
|
||||
}
|
||||
]
|
||||
}).then(user => {
|
||||
if(user) {
|
||||
// User created we can authenticate them on the site...
|
||||
request.logIn(user, function(err) {
|
||||
if (err) { return next(err); }
|
||||
challenge.destroy()
|
||||
.then(() => {
|
||||
console.log("Deleted Challege: ", request.body.id);
|
||||
})
|
||||
return response.redirect('/');
|
||||
});
|
||||
|
||||
} else {
|
||||
console.error("Authenticated user doesn't exist: ", loginMessage);
|
||||
}
|
||||
}).catch(error => {
|
||||
console.error("Failed to create authenticated user");
|
||||
console.error("Error: ", error);
|
||||
next(error);
|
||||
})
|
||||
} else {
|
||||
// user failed challenge
|
||||
// TODO: Validate input
|
||||
// TODO: Createa new challenge
|
||||
response.redirect("/register");
|
||||
console.error("User failed to authenticate");
|
||||
// Create new challenge and try again...
|
||||
}
|
||||
} else {
|
||||
console.error("User challenge not signed: ", request.body);
|
||||
}
|
||||
});
|
||||
}
|
||||
})
|
||||
|
||||
router.route('/authenticate/response')
|
||||
.post(function(request, response, next) {
|
||||
if(request.user) {
|
||||
@@ -168,28 +233,17 @@ module.exports = function (options) {
|
||||
// Challenge
|
||||
const registerationMessage = {
|
||||
action: "register",
|
||||
responseEndpoint: `http://${config.get("server.domain")}/xpub-auth/sign`,
|
||||
serviceExtendedPublicKey: config.get("bip32.serviceAuthenticatingExtendedPublicKey"),
|
||||
url: config.get("server.domain"),
|
||||
userIdentifier: xpubUser.displayName, // identifier the user supplies on the login page
|
||||
user: xpubUser,
|
||||
serviceExtendedPublicKey: config.get("bip32.serviceAuthenticatingExtendedPublicKey")
|
||||
user: xpubUser
|
||||
}
|
||||
const challenge = hdAuthUtil.createChallenge(
|
||||
request.body.xpub, // update this to identifier...
|
||||
JSON.stringify(registerationMessage)
|
||||
)
|
||||
QRCode.toDataURL(JSON.stringify(challenge), function (err, url) {
|
||||
if(err) {
|
||||
console.error(err);
|
||||
}
|
||||
response.render("xpub-account-registeration-challenge", {
|
||||
xpubUser: xpubUser,
|
||||
// challenge user to sign thier xpub
|
||||
challenge: challenge,
|
||||
qrCode: url,
|
||||
user: request.user
|
||||
})
|
||||
})
|
||||
|
||||
return db.Challenge.create(challenge);
|
||||
} else {
|
||||
console.log("Empty User")
|
||||
|
||||
@@ -197,6 +251,28 @@ module.exports = function (options) {
|
||||
response.render("error", {
|
||||
user: request.user,
|
||||
message: "VOID"
|
||||
});
|
||||
return null;
|
||||
}
|
||||
}).then(challenge => {
|
||||
if(challenge) {
|
||||
// send user a challenge...
|
||||
QRCode.toDataURL(JSON.stringify(challenge), function (err, url) {
|
||||
if(err) {
|
||||
console.error(err);
|
||||
}
|
||||
response.render("xpub-account-registeration-challenge", {
|
||||
// challenge user to sign thier xpub
|
||||
challenge: challenge,
|
||||
qrCode: url,
|
||||
user: request.user
|
||||
})
|
||||
})
|
||||
} else {
|
||||
console.error("Couldn't create new challenge");
|
||||
response.render("error", {
|
||||
user: request.user,
|
||||
message: "Failed to create challenge"
|
||||
})
|
||||
}
|
||||
}).catch(error => {
|
||||
@@ -248,12 +324,74 @@ module.exports = function (options) {
|
||||
// user failed challenge
|
||||
// TODO: Validate input
|
||||
// TODO: Createa new challenge
|
||||
response.redirect("/register");
|
||||
console.error("User failed to authenticate");
|
||||
// Create new challenge and try again...
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
router.route('/register/xpub/signed')
|
||||
.post(function(request, response, next) {
|
||||
if(request.user) {
|
||||
response.redirect('/account');
|
||||
} else {
|
||||
// Verify challenge
|
||||
db.Challenge.findByPk(request.body.id, {
|
||||
where: {
|
||||
response: {
|
||||
[db.Sequelize.Op.ne]: null
|
||||
}
|
||||
}
|
||||
}).then(challenge => {
|
||||
if (challenge) {
|
||||
if(hdAuthUtil.verifyHDAuthChallengeResponse(challenge)) {
|
||||
// user passed challenge...
|
||||
// TODO: Load registration request from challenge.message
|
||||
// TODO: build and validate that user owns xpub...
|
||||
var xpubUser = JSON.parse(challenge.message).user;
|
||||
// Possibility that username is taken...
|
||||
// TODO: Create user without username
|
||||
db.User.create(xpubUser, {
|
||||
include: [
|
||||
{
|
||||
association: db.User.ExtendedPublicKeys
|
||||
}
|
||||
]
|
||||
}).then(user => {
|
||||
if(user) {
|
||||
// User created we can authenticate them on the site...
|
||||
request.logIn(user, function(err) {
|
||||
if (err) { return next(err); }
|
||||
challenge.destroy()
|
||||
.then(() => {
|
||||
console.log("Deleted Challege: ", request.body.id);
|
||||
})
|
||||
return response.redirect('/');
|
||||
});
|
||||
// TODO: delete challenge...
|
||||
}
|
||||
|
||||
}).catch(error => {
|
||||
console.error("Failed to create authenticated user");
|
||||
console.error("Error: ", error);
|
||||
next(error);
|
||||
})
|
||||
} else {
|
||||
// user failed challenge
|
||||
// TODO: Validate input
|
||||
// TODO: Createa new challenge
|
||||
response.redirect("/register");
|
||||
console.error("User failed to authenticate");
|
||||
// Create new challenge and try again...
|
||||
}
|
||||
} else {
|
||||
console.error("User challenge not signed: ", request.body);
|
||||
}
|
||||
});
|
||||
}
|
||||
})
|
||||
|
||||
router.route('/logout')
|
||||
.post(function(request, response, next) {
|
||||
if(request.user) {
|
||||
|
||||
Reference in New Issue
Block a user