bellstrand / totp-generator Goto Github PK

View Code? Open in Web Editor NEW

232.0 232.0 39.0 689 KB

Generate TOTP tokens from key

License: MIT License

JavaScript 1.19% Shell 1.09% TypeScript 97.72%

totp-tokens

totp-generator's People

Contributors

Stargazers

Watchers

totp-generator's Issues

Support more than 8-10 digits?

No matter how many digits I set, it never returns beyond 8-10. Is there a way or an algorithm to support more digits?

const Totp = require('totp-generator')

console.log(
  Totp("JBSWY3DPEHPK3PXP", {
    digits: 48,
    period: 1,
  })
)

How to generate authenticator key

Occasionally produces a five digit TOTP

when the otp substring results in a string that has zero as the first digit, parseInt will strip it off resulting in a five digit return value.

https://github.com/bellstrand/totp-generator/blob/master/index.js#L17

Feature Request: Custom times/validation function

Heya,

I'd love some function that takes a secret and code as parameters and returns if the code is valid at the current time. I'd really like if this had a window parameter as well that allowed ±1 intervals, ±2, etc. to be checked to account for the amount of time it takes a user to enter/submit their code.

If this isn't feasible or doesn't fit into your vision for the library, a parameter for an offset (or custom time altogether) would work nicely!

No documentation for named import

Please add something like this in the documentation:

import getToken from "totp-generator";
getToken("secret")

JsSHA is not a constructor

When I try to use totp, I get an error inside the index file of the totp-generator module in the getToken function

the mistake is JsSHA is not a constructor

'use strict';

let JsSHA = require('jssha');

module.exports = function getToken(key, options) {
	options = options || {};	
	let epoch, time, shaObj, hmac, offset, otp;
	options.period = options.period || 30;
	options.algorithm = options.algorithm || 'SHA-1';
	options.digits = options.digits || 6;
	key = base32tohex(key);
	epoch = Math.round(Date.now() / 1000.0);
	time = leftpad(dec2hex(Math.floor(epoch / options.period)), 16, '0');


	shaObj = new JsSHA(options.algorithm, 'HEX');  //          IN THIS LINE


	shaObj.setHMACKey(key, 'HEX');
	shaObj.update(time);
	hmac = shaObj.getHMAC('HEX');
	offset = hex2dec(hmac.substring(hmac.length - 1));
	otp = (hex2dec(hmac.substr(offset * 2, 8)) & hex2dec('7fffffff')) + '';
	otp = otp.substr(otp.length - options.digits, options.digits);
	return otp;
}

I call it this way

const totp = require("totp-generator");

const token = totp("JBSWY3DPEHPK3PXP");

I am using react, this is the package.json


{
  "name": "shop",
  "version": "0.1.0",
  "private": true,
  "dependencies": {
    "@testing-library/jest-dom": "^5.11.4",
    "@testing-library/react": "^11.1.0",
    "@testing-library/user-event": "^12.1.10",
    "bootstrap": "^4.6.0",
    "jssha": "^3.2.0",
    "react": "^17.0.2",
    "react-bootstrap": "^1.6.0",
    "react-dom": "^17.0.2",
    "react-redux": "^7.2.4",
    "react-router-dom": "^5.2.0",
    "react-scripts": "4.0.3",
    "totp-generator": "0.0.9",
    "web-vitals": "^1.0.1"
  },
  "scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
  },
  "eslintConfig": {
    "extends": [
      "react-app",
      "react-app/jest"
    ]
  },
  "browserslist": {
    "production": [
      ">0.2%",
      "not dead",
      "not op_mini all"
    ],
    "development": [
      "last 1 chrome version",
      "last 1 firefox version",
      "last 1 safari version"
    ]
  },
  "devDependencies": {
    "@babel/core": "^7.14.3",
    "@babel/preset-env": "^7.14.2",
    "@babel/preset-react": "^7.13.13"
  }
}

Error: Invalid base32 character in key

Thanks for sharing this library with community!

I am running into an issue though when my key has the equals '=' char. From the docs it says '=' is acceptable:

{ key: 'H73TG4DV24=X=OHQYBWRPTRT5BB4=L7T' }
 ⨯ Error: Invalid base32 character in key
    at TOTP.base32tohex (webpack-internal:///(rsc)/./node_modules/totp-generator/lib/esm/index.js:45:35)
    at TOTP.generate (webpack-internal:///(rsc)/./node_modules/totp-generator/lib/esm/index.js:19:32)
    at GET (webpack-internal:///(rsc)/./src/app/api/otp/route.ts:28:79)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:63815
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\trace\tracer.js:133:36
    at NoopContextManager.with (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:7062)
    at ContextAPI.with (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:518)      
    at NoopTracer.startActiveSpan (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:18093)
    at ProxyTracer.startActiveSpan (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:18854)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\trace\tracer.js:122:103
    at NoopContextManager.with (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:7062)
    at ContextAPI.with (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\@opentelemetry\api\index.js:1:518)      
    at NextTracerImpl.trace (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\trace\tracer.js:122:28)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:56866
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.wrap (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:37102)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:54639
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.wrap (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:36351)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:54601
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at eU.execute (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:53994)
    at eU.handle (C:\stuff\qoutequests.v3\web\node_modules\next\dist\compiled\next-server\app-route.runtime.dev.js:6:65073) 
    at doRender (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:1333:60)
    at cacheEntry.responseCache.get.routeKind (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:1555:34)
    at ResponseCache.get (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\response-cache\index.js:49:26)
    at DevServer.renderToResponseWithComponentsImpl (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:1463:53)
    at C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:992:121
    at NextTracerImpl.trace (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\trace\tracer.js:104:20)
    at DevServer.renderToResponseWithComponents (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:992:41)
    at DevServer.renderPageComponent (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:1856:35)     
    at async DevServer.renderToResponseImpl (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:1894:32)
    at async DevServer.pipeImpl (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:911:25)
    at async NextNodeServer.handleCatchallRenderRequest (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\next-server.js:271:17)
    at async DevServer.handleRequestImpl (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\base-server.js:807:17)  
    at async C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\dev\next-dev-server.js:331:20
    at async Span.traceAsyncFn (C:\stuff\qoutequests.v3\web\node_modules\next\dist\trace\trace.js:151:20)
    at async DevServer.handleRequest (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\dev\next-dev-server.js:328:24)
    at async invokeRender (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\router-server.js:163:21)
    at async handleRequest (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\router-server.js:342:24)
    at async requestHandlerImpl (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\router-server.js:366:13)     
    at async Server.requestListener (C:\stuff\qoutequests.v3\web\node_modules\next\dist\server\lib\start-server.js:140:13)

It doesn't matter the count of the '=', this key also results in the same error: QHQGOSBVK2J=OJYC7LB4UJLG6HF72IEV

TypeError: base32.replace is not a function

After installing this library, i got this error

I tried removing node_modules and installing the project again, resetting the docker container but none of that helped, so i don't think its a problem on my end.

/opt/code/node_modules/totp-generator/index.js:42
        base32 = base32.replace(/=+$/, "")
                        ^
TypeError: base32.replace is not a function
    at base32tohex (/opt/code/node_modules/totp-generator/index.js:42:18)
    at getToken (/opt/code/node_modules/totp-generator/index.js:16:8)
    at User.getTotpCodes (/opt/code/models/user.js:16:33)
    at User.checkTotp (/opt/code/models/user.js:31:34)
    at User.authenticate (/opt/code/models/user.js:54:24)
    at async apiLogin (/opt/code/routes/admin.js:12:19)

My code:

const totp = require('totp-generator');

...

let codes = /* recovery codes */;
const period = (30 * 1000);

codes.push(parseInt(totp(totp, { timestamp: Date.now() - period}))); << exception
codes.push(parseInt(totp(totp)));
codes.push(parseInt(totp(totp, { timestamp: Date.now() + period})));

Customizable options

Add object with default properties and merge with input object:

Epoch (default: Unix epoch)
Interval (default: 30sec)
Token Length (default: 6)
Hash (default: SHA-1), which more are commonly used?, optional dependency?

Amazon TOTP

Hello,

Im a Junior Developer and I ran into an issue where Amazon's token for TOTP will not work with this generator.

It took me some time however i've developed a working solution.

Would you be interested in said solution, explanation and code?

As this is my first contribution i'd like to get added to the list.

Thanks

Add function to retrieve the remaining time in the current epoch interval

I'd love to be able to generate a TOTP token with a key, but also know how much time is remaining in the current epoch interval (before that key will no longer be valid)

rounding epoch off can lead to totp for next cycle

totp-generator/index.js

Line 17 in eafbb67

epoch = Math.round(options.timestamp / 1000.0)

Here in the last 500 ms of current 30 second cycle (or any other period) the totp will be calculated for the next cycle due to rounded off epoch, Shouldn't it be Math.floor?

Expose algorithm values as a type

Would you mind exposing the valid algorithm values as a type rather than an anonymous list of strings. This will make it easier to write code that takes the algorithm type as input. Currently to make our code typesafe we have to copy the valid values from the Options type into the code we are writing.

If the definition of Options was changed to the example below it would be much nicer to work with and would not require any changes if you add/remove algorithms in the future.

type AlgorithmOptions = "SHA-1" | "SHA-224" | "SHA-256" | "SHA-384" | "SHA-512" | "SHA3-224" | "SHA3-256" | "SHA3-384" | "SHA3-512";

type Options = {
	digits?: number
	algorithm?:  AlgorithmOptions
	period?: number
	timestamp?: number
}

Thanks for this library btw :)

Key encoding as parameter

Please, provide setter for change key encoding as generate method options parameter. Now you use HEX, but most popular libraries use ASCII by default.

Web Crypto API

Maybe you could replace jssha package with the Web Crypto API which is pretty much supported everywhere, and would be way faster since it's natively implemented by the runtimes.

Throws "Invalid base32 character in key" for all input keys I tried

Tried using this package, but unfortunately I would get the error "Invalid base32 character in key" no matter what input key I used. I tried all numbers. I tried all letters. I tried an empty string. Always the same error.

[Feature request] - Expiry

Let me start by saying perhaps I just don't know enough about TOTP!

But it would be really neat to know when the current code expires, perhaps just a callback method that triggers when the key expires, that way I could make a responsive UI that doesn't need to recalculate the value every second just to verify if it's changed.

Input 9 digits to get the return value 0.

When I input 9 digits and the specified timestamp, I get a return value of 0.

const Totp = require('totp-generator')

console.log(
  Totp("3IS523AYRNFUE===", {
    digits: 9,
    timestamp: 1634193300000
  })
)

One time use custom setting

How to avoid the totp can be reused many times within the period?

Can we have a custom setting for the totp use one time only?

thanks

bellstrand / totp-generator Goto Github PK

totp-generator's People

Contributors

Stargazers

Watchers

Forkers

totp-generator's Issues

Recommend Projects

Recommend Topics

Recommend Org