Added 2FA functionality

Service-Soft · Jun 27, 2023 · f1d841e · f1d841e
1 parent 01bf070
commit f1d841e
Show file tree

Hide file tree

Showing 23 changed files with 1,284 additions and 300 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -2,25 +2,6 @@
     "root": true,
     "extends": "eslint-config-service-soft",
     "overrides": [
-        {
-            "files": [
-                "*.ts"
-            ],
-            "parserOptions": {
-                "project": [
-                    "tsconfig.json"
-                ],
-                "createDefaultProgram": true
-            },
-            "rules": {
-                "@cspell/spellchecker": [
-                    "warn",
-                    {
-                        "customWordListFile": "./cspell.words.txt"
-                    }
-                ]
-            }
-        },
         {
             "files": [
                 "*.repository.ts"

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,32 @@
+name: Deploy
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - release
+
+jobs:
+  build:
+    if: github.event.pull_request.merged
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          # The branch, tag or SHA to checkout. When checking out the repository that
+          # triggered a workflow, this defaults to the reference or SHA for that event.
+          # Otherwise, defaults to `master`.
+          ref: "dev"
+      - name: npm install
+        run: |
+          cd $GITHUB_WORKSPACE
+          npm i
+      - name: build package
+        run: |
+          cd $GITHUB_WORKSPACE
+          npm run build
+      - name: publish to npm
+        uses: JS-DevTools/npm-publish@v1
+        with:
+          token: ${{ secrets.NPM_TOKEN }}
+          package: ./package.json
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,26 @@
+name: CI/CD
+# Controls when the action will run.
+on: push
+# workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  test:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+      # runs npm i inside the root directory
+      - name: npm i root
+        run: |
+          cd $GITHUB_WORKSPACE
+          npm i
+      # builds the library
+      - name: build package
+        run: |
+          cd $GITHUB_WORKSPACE
+          npm run build
+      # runs tests and linting
+      - name: Test
+        run: |
+          cd $GITHUB_WORKSPACE
+          npm run test
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "yaml.schemas": {
+        "https://json.schemastore.org/github-workflow.json": "file:///home/timf/Documents/Programmierung/Open-Source/lbx-jwt/.github/workflows/deploy.yml"
+    }
+}
diff --git a/README.md b/README.md
@@ -5,12 +5,14 @@ It's inspired by [@loopback/authentication-jwt](https://loopback.io/doc/en/lb4/J
 but adds a lot more functionality, including:
 - Saving roles inside jwts
 - Handling refresh tokens and [automatic reuse detection](https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/#Refresh-Token-Automatic-Reuse-Detection)
+- Add the possibility to use two factor authentication for specific requests (The jwt strategy reads out a specific header for this to work)
 - Providing an out of the box controller for:
   - login
   - logout
   - refreshing the token
   - requesting the reset of a password (Including an html email sent to the user or saved locally, depending on the environment)
   - confirming and actually resetting the password
+  - Activating and Deactivating two factor authentication
 - Providing a simple role authorizer to use with the @authorize decorator
 
 # Usage
@@ -79,7 +81,24 @@ getAdminExclusiveData(): string {
 }
 // ...
 ```
+## Two Factor Authentication
 
+To use two factor authentication, you first need to call `/2fa/turn-on` and display a qrCode with the returned otp link.
+
+Then you need to call `/2fa/confirm-turn-on` with a 6 digit code generated by eg. Google Authenticator. This code needs to be passed as a custom http header. The header name can be overriden (`LbxJwtBindings,TWO_FACTOR_HEADER`) by default it is "X-Authorization-2FA".
+
+Now that two factor authentication is setup the user gets prompted to enter his two factor code when he tries to login.
+
+If you want to enable the feature for other endpoints aswell, you can configure the `@authenticator` decorator accordingly:
+
+```typescript
+// ...
+@authenticate({ strategy: 'jwt', options: { require2fa: true } })
+doSomethingThatRequiresATwoFactorCode(): string {
+    // ...
+}
+// ...
+```
 # Customization
 The library is highly customizable through the usage of Bindings.
 

diff --git a/cspell.words.txt b/cspell.words.txt
@@ -2,4 +2,5 @@ uuidv4
 datasource
 datasources
 whitesmoke
-Booter
+Booter
+totp