Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Authentication process
- Step 1:
- - Normal login page with username and password field
- - after a user entered his username and password, the request for token activated and will send this data
- the_data = {
- email: info.email,
- password: info.pass,
- browser: this.thebrowser,
- os: this.theos,
- remove: 'true',
- token_expiry: 63113852000 // in milliseconds
- }
- via websocket, this.socket.emit("request_login_token",the_data);
- - then will wait for response and the response will be the token itself
- - store the token, then close the socket
- - server will send otp to user thru email
- Step 2:
- - OTP page (user should enter otp )
- - verify OTP and Token, sending data to server again
- the_data = {
- otp: this.otp,
- token: this.theToken,
- browser: this.theBrowser,
- os: this.theOs,
- remove: 'true'
- }
- via websocket again, this.socket.emit("confirm_token",the_data);
- - then will wait for response
- - if response code === "1104" all is good then save the token to localstorage and redirect the user to pro dashboard
- - if response code === "1101" both token and otp are invalid
- - if response code === "1102" token is invalid
- - if response code === "1103" otp is invalid
- - then close the socket
- Step 3:
- - Assuming the user logged out
- - Login page (if token exist in localstorage the login page will be different)
- - after user enter password, token verification process will activate
- - the data to be send will ne like this
- the_data = {
- otp: '12345678', // fake otp..as we dont need it
- token: this.validToken, // token stored in localstorage
- browser: navigator.userAgent,
- os: navigator.appVersion,
- remove: 'true'
- }
- via websokect, this.socket.emit("confirm_token",the_data);
- - then will wait for response
- - if response code === "1103" all is good redirect to pro dashboard
- - if response code === "1105" token expired and need to re-authenticate
- - if response code === "1101" both token and otp are invalid
- - then close the socket
- TOKEN PAYLOAD example:
- {
- "email": "kellykamay@gmail.com",
- "browser": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
- "os": "5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36",
- "ip": "::ffff:103.91.141.198",
- "nonce": "alQG6O/VbaC+g/GSHnUBztBhH2L5IWCL1UCPDaxFOT8=",
- "iat": 1583250274,
- "exp": 1583336674
- }
- note: the nonce field is an encrypted unique key
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement