时间戳

首页 > 解决方案 > 护照-totp 认证的认证问题

node.js - 护照-totp 认证的认证问题

问题描述

我正在尝试使用护照策略 TOTP,但我遇到了始终被拒绝的身份验证部分的问题。我可以使用用户名和密码登录,通过Google Authenticator应用程序生成用于生成令牌的二维码,但是当通知代码令牌时,身份验证被拒绝。密钥存储在 Redis 上。这是我的代码:

base32 = require('thirty-two')
const passport = require('passport')
const TotpStrategy = require('passport-totp').Strategy

passport.use(new TotpStrategy(
  async function (user, done) {
    const email = user.emails[0].value
    try {
      const key = await client.get(email)
      console.log('estratégia', key)
      if (!key) {
        return done(new Error(('Sem Chave')))
      } else {
        return done(null, key, 30)
        // return done(null, key, 30)
      }
    } catch (err) {
      console.log(err)
    }
  }
))

const randomKey = function (len) {
  const buf = []
  const chars = 'abcdefghijklmnopqrstuvwxyz0123456789'
  const charlen = chars.length
  for (let i = 0; i < len; ++i) {
    buf.push(chars[getRandomInt(0, charlen - 1)])
  }

  return buf.join('')
}

function getRandomInt (min, max) {
  return Math.floor(Math.random() * (max - min + 1)) + min
}

  exports.getToken = async (req, res) => {
    console.log('Tela de Token ')
    const email = req.user.emails[0].value
    const chave = await client.get(email)
    console.log('Controller', chave)

    if (chave) {
      const encodedKey = base32.encode(chave)
    console.log(encodedKey)

    let url = null
    const qrData = ('otpauth://totp/' + req.user.emails[0].value + '?secret=' + encodedKey)
    url = 'https://chart.googleapis.com/chart?chs=166x166&chld=L|0&cht=qr&chl=' + qrData

    res.render('token', {
      // In case of loss of key, change the value from "QR" to "url". 
      qr: null,
      user: req.user,
      key: encodedKey,
      pageTitle: 'Token',
      path: '/token'
    })
  } else {
    const secret = randomKey(10)
    const encodedKey = base32.encode(secret)

    try {
      await client.set(email, secret)
      console.log(chave)
      let url = null
      const qrData = ('otpauth://totp/' + req.user.emails[0].value + '?secret=' + encodedKey)
      url = 'https://chart.googleapis.com/chart?chs=166x166&chld=L|0&cht=qr&chl=' + qrData

      res.render('token', {
        qr: url,
        user: req.user,
        key: encodedKey,
        pageTitle: 'Token',
        path: '/token'
      })
    } catch (err) {
      console.log(err)
    }
  }
}

router.post('/token',
passport.authenticate('totp', { failureRedirect: '/token' }),
function (req, res) {
  req.session.secondFactor = 'totp'
  res.redirect('/')
}

)

正如我所说,我在使用 passport.authenticate 函数时遇到问题,该函数总是拒绝在 Google Authenticator 中输入的代码。(完整的代码没有被告知,只有那些提到 TOTP 的,但如果你需要帮助,尽管问我)。感激的。

标签: node.jsauthenticationpassport.js

解决方案

推荐阅读