evilpacket / node-authy Goto Github PK

View Code? Open in Web Editor NEW

96.0 5.0 42.0 50 KB

authy.com api client for node.js

License: Other

JavaScript 100.00%

node-authy's Introduction

Node.js Client for Twilio Authy Two-Factor Authentication (2FA) API

Authy client for Node.js written by Adam Baldwin.

Documentation for this Node.js usage of the Authy API lives in the official Twilio documentation.

The Authy API supports multiple channels of 2FA:

One-time passwords via SMS and voice.
Soft token (TOTP via the Authy App)
Push authentication via the Authy App

If you only need SMS and Voice support for one-time passwords, we recommend using the Twilio Verify API instead.

More on how to choose between Authy and Verify here.

Authy Quickstart

For a full tutorial, check out the Node.js Authy Quickstart in our docs:

Node.js Authy Quickstart

Authy Node.js Installation

Install with npm:

$ npm install authy

Usage

To use the Authy client, require Authy and initialize it with your production API Key found in the Twilio Console:

var authy = require('authy')('APIKEY');

2FA Workflow

Phone Verification

Phone verification now lives in the Twilio API and has Node.js support through the official Twilio helper libraries.

Legacy (V1) documentation here. Verify V1 is not recommended for new development. Please consider using Verify V2.

Contributing

Install dependencies:

npm install

To run tests:

npm test

Contributors

node-authy's People

Contributors

Stargazers

Watchers

node-authy's Issues

cannot run authy in twilio function?

When I try below code in Twilio Functions, I got uuid is not defined error. So authy.send_approval_request was never run? There is no other error messages.

exports.handler = function(context, event, callback) {
var callbacktext = 'Unknown';

var authy = require('authy')('{My APIKEY}')
var payload = {
  "message": "Doorman Request"
}
var authy_id = '{my device id}'

authy.send_approval_request(authy_id, payload, logos=null, function (err, res) {
  console.log(res.approval_request.uuid)
  uuid = res.approval_request.uuid
  console.log(uuid)
});
setTimeout(() => {  
     console.log('timeout')
}, 5000);
authy.check_approval_status(uuid, function (err, res) {
  callbacktext = res.approval_request.status
});
  return callback(null,callbacktext);
};

Should provide a way to check the status of the verification code

See API docs: https://www.twilio.com/docs/verify/api/verification#check-the-status-of-a-verification-code-sent-to-the-user

Mock sms verification for e2e tests

Hello,

is it somehow possible to mock the functionality of the sms verification flow for e2e test?

I don't want to skip the 2FA altogether during the e2e tests because I'd like them to fail if the 2FA is not setup correctly.

Is something like that possible?

Thanks :)

phones.verification_start does not allow all posible parameters

As is referenced on the Authy's Docs (https://www.twilio.com/docs/api/authy/authy-phone-verification-api#response) there are some extra parameters that are not being taken into account in the phones.verification_start function, such as code_length or custom_message

It could be very useful to have access to this parameters when the function it's called

Authy requires version of Request with a vulnerable dependency

NSP is reporting that Authy requires Request version 2.42.0 which includes a vulnerable version of Hawk (1.1.1).

https://nodesecurity.io/advisories/77

$ nsp check
(+) 1 vulnerabilities found
┌───────────────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
│               │ Regular Expression Denial of Service                                                                                                │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Name          │ hawk                                                                                                                                │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Installed     │ 1.1.1                                                                                                                               │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable    │ < 3.1.3  || >= 4.0.0 <4.1.1                                                                                                         │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Patched       │ >=3.1.3 < 4.0.0 || >=4.1.1                                                                                                          │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ Path          │ xxxx > [email protected] > [email protected] > [email protected]                                                                           │
├───────────────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┤
│ More Info     │ https://nodesecurity.io/advisories/77                                                                                               │
└───────────────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Change sender name for verification_start() and verification_check()

How do I change AUTHMSG and Verify to MyAppName?

How send custom_message in phone verification.

authy
.phones()
.verification_start(
phoneNumber,
"1",
{ via: "sms", custom_message: "Your verification code for app name" },
function (err, result) {
if (err) {
response.error(err.message || err.errors.message);
} else {
response.success(result);
}
}
);

Follow params that used in package.

Enabled 2FA Authentication by following this link:- twilio/authy-devise#78
Still getting this response:-
{
message: "Phone verification couldn't be created: custom messages are not allowed.",
success: false,
errors: {
message: "Phone verification couldn't be created: custom messages are not allowed."
},
error_code: '60021'
}
need help!

Addition custom actions and locale params for request_sms and request_voice

@josh-authy In addition to the force parameter, it would be useful to include the optional parameters action, action_message and locale to the request_sms and request_voice methods.

Access to fetch at Authy from origin has been blocked

Every time I add a new user I get a cors origin block from your server,

Code

var authy = require('authy')('replace me');
authy.register_user(this.email, this.phoneNumber, function(err,res) {
              console.log(this.authy_user_id)
              this.authy_user_id = res.user.id
            })

Stack trace

Access to fetch at 'https://api.authy.com/protected/json/users/new
send_install_link_via_sms=true&api_key=mqIVFhYIsrE8wiFSEo0RAOxb2IObbEEy' from origin
'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. If an opaque response serves your needs, set the request's mode to
'no-cors' to fetch the resource with CORS disabled.

Can I use Authy API inside a HTTP response?

All I want to do is use Authy's register_user() method inside the callback function of app.post().

Everytime its throwing 500 Internal server error.

But I have checked and rechecked for any misconfig.

I am sharing my code below.

var loopback = require('loopback');
var boot = require('loopback-boot');
var helmet = require('helmet');
var errorHandler = require('strong-error-handler');
var bodyParser = require('body-parser');

var imf = require('bms-mca-oauth-sdk');

// Twilio Authy
var authy = require('authy')['DxJRXLSj6Tl4jD7ytHLx0bhXLEnonbOc'];

var app = module.exports = loopback();
app.use(helmet());
app.use(errorHandler({debug:true, log:true}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

var authyUsrId = "";
app.post('/forTwilio', function(req, res){
    // send the received data to Twilio Authy
    authy.register_user('[email protected]', '7407098203', '91', function(err, res){
        authyUsrId = re.user.id;
    });
    res.send(authyUsrId);
});


// ------------ Protecting backend APIs with Mobile Client Access end -----------------

app.start = function () {
    // start the web server
    return app.listen(function () {
        app.emit('started');
        var baseUrl = app.get('url').replace(/\/$/, '');
        console.log('Web server listening at: %s', baseUrl);
        var componentExplorer = app.get('loopback-component-explorer');
        if (componentExplorer) {
            console.log('Browse your REST API at %s%s', baseUrl, componentExplorer.mountPath);
        }
    });
};

// Bootstrap the application, configure models, datasources and middleware.
// Sub-apps like REST API are mounted via boot scripts.
boot(app, __dirname, function (err) {
    if (err) throw err;
    if (require.main === module)
        app.start();
});

callback checker must also check for 401

On line 138, index,js:

if(res.statusCode === 200) {

It should also check for error code 401 as a valid response since the Authy's API returns it when a token is invalid.

Also, since the API also returns 401 when the API token is invalid, ir is possible it will need some extra code parsing the res.body to see whether or not execute the callback with err = null

Failed requests just die

Should probably provided some type of useful error instead of just a craptastic traceback about res.statusCode being undefined.

Authy register callback problem

I am not sure whether the success callback of Authy's register_user() is firing or not. In my code

var authyUsrId;
//global.authyUsrId;

app.post('/forTwilio', function(req, res){
    // send the received data to Twilio Authy
    authy.register_user('[email protected]', '8753565612', '91', function(err, res){
        //global.authyUsrId = 'world';
                 authyUsrId = 'world';  
    });
    //res.set("Content-Type","application/json");
        res.json({name: 'hello', msg: authyUsrId});
    //res.json({name: 'hello', msg: global.authyUsrId});
});

New user is being added successfully to Authy. And the response status is 200.

I want to set the value of authyUsrId to something in the success callback of register_user() and use it in the JSON response that I am sending to the POST request.

But in the response I am getting only this

{name: 'hello'}

evilpacket / node-authy Goto Github PK

node-authy's Introduction

Node.js Client for Twilio Authy Two-Factor Authentication (2FA) API

Authy Quickstart

Authy Node.js Installation

Usage

2FA Workflow

Phone Verification

Contributing

Contributors

node-authy's People

Contributors

Stargazers

Watchers

Forkers

node-authy's Issues

How do I change AUTHMSG and Verify to MyAppName?

Recommend Projects

Recommend Topics

Recommend Org

Jobs