Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // /imports/startup/server/twoFactorAuthServer.js
- import { Meteor } from 'meteor/meteor';
- import { Accounts } from 'meteor/accounts-base';
- import SimpleSchema from 'simpl-schema';
- import { authenticator } from 'otplib';
- import { TwoFactorToken } from '/imports/api/methods/twoFactorAuth';
- // Disable default login handler
- Accounts._loginHandlers = Accounts._loginHandlers.filter(h => h.name !== 'password');
- const handleError = () => {
- throw new Meteor.Error(403, 'Something went wrong. Please check your credentials.');
- };
- Accounts.registerLoginHandler('two-factor', (options) => {
- if (!options.password) { return undefined; }
- new SimpleSchema({
- user: new SimpleSchema({
- email: SimpleSchema.RegEx.EmailWithTLD,
- }),
- password: new SimpleSchema({
- digest: /[A-Fa-f0-9]{64}/,
- algorithm: { type: String, allowedValues: ['sha-256'] },
- }),
- token: TwoFactorToken,
- }).validate(options);
- const user = Accounts.findUserByEmail(options.user.email);
- if (!user) handleError();
- if (!user.services || !user.services.password || !user.services.password.bcrypt) {
- return handleError();
- }
- if (Accounts._checkPassword(user, options.password).error) {
- return handleError();
- }
- if (user.twoFactorEnabled) {
- if (typeof options.token !== 'number') {
- throw new Meteor.Error('two-factor-required');
- }
- if (!authenticator.check(options.token, user.services.twoFactorSecret)) {
- return handleError();
- }
- }
- return { userId: user._id };
- });
Add Comment
Please, Sign In to add comment
