Remove qrcode dependency as an npm package and replace it with a client side cross-browser library that generates qrcodes

This commit is contained in:
Clement Michaud 2017-05-14 13:37:05 +02:00
parent 88815ec90a
commit 32ff6cb387
8 changed files with 17 additions and 29 deletions

2
.gitignore vendored
View File

@ -12,3 +12,5 @@ config.yml
npm-debug.log npm-debug.log
notifications/ notifications/
.vscode/

View File

@ -36,7 +36,6 @@
"nedb": "^1.8.0", "nedb": "^1.8.0",
"nodemailer": "^2.7.0", "nodemailer": "^2.7.0",
"object-path": "^0.11.3", "object-path": "^0.11.3",
"qrcode": "^0.5.0",
"randomstring": "^1.1.5", "randomstring": "^1.1.5",
"speakeasy": "^2.0.0", "speakeasy": "^2.0.0",
"winston": "^2.3.1", "winston": "^2.3.1",

View File

@ -1,6 +1,5 @@
var objectPath = require('object-path'); var objectPath = require('object-path');
var Promise = require('bluebird'); var Promise = require('bluebird');
var QRCode = require('qrcode');
var CHALLENGE = 'totp-register'; var CHALLENGE = 'totp-register';
@ -16,7 +15,6 @@ module.exports = {
post: post, post: post,
} }
function pre_check(req) { function pre_check(req) {
var first_factor_passed = objectPath.get(req, 'session.auth_session.first_factor'); var first_factor_passed = objectPath.get(req, 'session.auth_session.first_factor');
if(!first_factor_passed) { if(!first_factor_passed) {
@ -36,19 +34,6 @@ function pre_check(req) {
return Promise.resolve(identity); return Promise.resolve(identity);
} }
function secretToDataURLAsync(secret) {
return new Promise(function(resolve, reject) {
QRCode.toDataURL(secret.otpauth_url, function(err, url_data) {
if(err) {
reject(err);
return;
}
resolve(url_data);
});
});
}
// Generate a secret and send it to the user // Generate a secret and send it to the user
function post(req, res) { function post(req, res) {
var logger = req.app.get('logger'); var logger = req.app.get('logger');
@ -64,17 +49,12 @@ function post(req, res) {
var user_data_store = req.app.get('user data store'); var user_data_store = req.app.get('user data store');
var totp = req.app.get('totp engine'); var totp = req.app.get('totp engine');
var secret = totp.generateSecret(); var secret = totp.generateSecret();
var qrcode_data;
secretToDataURLAsync(secret) logger.debug('POST new-totp-secret: save the TOTP secret in DB');
.then(function(data) { user_data_store.set_totp_secret(userid, secret)
qrcode_data = data;
logger.debug('POST new-totp-secret: save the TOTP secret in DB');
return user_data_store.set_totp_secret(userid, secret);
})
.then(function() { .then(function() {
var doc = {}; var doc = {};
doc.qrcode = qrcode_data; doc.otpauth_url = secret.otpauth_url;
doc.base32 = secret.base32; doc.base32 = secret.base32;
doc.ascii = secret.ascii; doc.ascii = secret.ascii;

View File

@ -57,7 +57,12 @@ p { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text
a { color: #fff; text-align: center; } a { color: #fff; text-align: center; }
#qrcode { text-align: center; } #qrcode img {
margin: auto;
text-align: center;
padding: 10px;
background: white;
}
#secret { font-size: 0.7em; } #secret { font-size: 0.7em; }

1
src/public_html/js/qrcode.min.js vendored Normal file

File diff suppressed because one or more lines are too long

View File

@ -19,9 +19,9 @@ function generateSecret(fn) {
} }
function onSecretGenerated(err, secret) { function onSecretGenerated(err, secret) {
// console.log('secret generated successfully', secret); console.log('secret generated successfully', secret);
var img = $('<img src="' + secret.qrcode + '" alt="secret-qrcode"/>'); console.log('OTP Auth URL=', secret.otpauth_url);
$('#qrcode').append(img); new QRCode(document.getElementById("qrcode"), secret.otpauth_url);
$("#secret").text(secret.base32); $("#secret").text(secret.base32);
} }

View File

@ -14,5 +14,6 @@
</body> </body>
<% include scripts %> <% include scripts %>
<script src="js/qrcode.min.js"></script>
<script src="js/totp-register.js"></script> <script src="js/totp-register.js"></script>
</html> </html>

View File

@ -118,7 +118,7 @@ describe('test totp register', function() {
req.session.auth_session.identity_check = {}; req.session.auth_session.identity_check = {};
req.session.auth_session.identity_check.userid = 'user'; req.session.auth_session.identity_check.userid = 'user';
req.session.auth_session.identity_check.challenge = 'totp-register'; req.session.auth_session.identity_check.challenge = 'totp-register';
user_data_store.set_totp_secret.throws('internal error'); user_data_store.set_totp_secret.returns(new Promise.reject('internal error'));
res.send = sinon.spy(function() { res.send = sinon.spy(function() {
assert.equal(res.status.getCall(0).args[0], 500); assert.equal(res.status.getCall(0).args[0], 500);