Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
otplib - npm Package Compare versions
Comparing version 8.0.1 to 9.0.0-0
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -24,4 +24,9 @@ **/ | ||
| function checkDelta(token, secret, options) { | ||
| return otplibCore.totpCheckWithWindow(token, decodeKey(secret), options); | ||
| } | ||
| function check(token, secret, options) { | ||
| return otplibCore.totpCheckWithWindow(token, decodeKey(secret), options) >= 0; | ||
| const delta = checkDelta(token, secret, options); | ||
| return Number.isInteger(delta); | ||
| } | ||
@@ -53,3 +58,4 @@ | ||
| epoch: null, | ||
| step: 30 | ||
| step: 30, | ||
| window: 0 | ||
| }; | ||
@@ -81,2 +87,6 @@ } | ||
| } | ||
| checkDelta(token$$1, secret) { | ||
| const opt = this.optionsAll; | ||
| return checkDelta(token$$1, secret || opt.secret, opt); | ||
| } | ||
| } | ||
@@ -86,2 +96,3 @@ Authenticator.prototype.Authenticator = Authenticator; | ||
| check, | ||
| checkDelta, | ||
| decodeKey, | ||
@@ -88,0 +99,0 @@ encodeKey, |
37
core.js
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -101,17 +101,29 @@ **/ | ||
| function totpCheckWithWindow(token, secret, options) { | ||
| let opt = _extends({}, options); | ||
| if (typeof opt.window !== 'number') { | ||
| throw new Error('Expecting options.window to be a number'); | ||
| } | ||
| const decrement = opt.step * 1000; | ||
| function createChecker(token, secret, opt) { | ||
| const delta = opt.step * 1000; | ||
| const epoch = opt.epoch; | ||
| for (let i = 0; i <= opt.window; i++) { | ||
| opt.epoch = epoch - i * decrement; | ||
| if (totpCheck(token, secret, opt)) { | ||
| return i; | ||
| return (direction, start, bounds) => { | ||
| for (let i = start; i <= bounds; i++) { | ||
| opt.epoch = epoch + direction * i * delta; | ||
| if (totpCheck(token, secret, opt)) { | ||
| return i === 0 ? 0 : direction * i; | ||
| } | ||
| } | ||
| return null; | ||
| }; | ||
| } | ||
| function getWindowBounds(opt) { | ||
| const bounds = Array.isArray(opt.window) ? opt.window : [parseInt(opt.window, 10), parseInt(opt.window, 10)]; | ||
| if (!Number.isInteger(bounds[0]) || !Number.isInteger(bounds[1])) { | ||
| throw new Error('Expecting options.window to be an integer or an array of integers'); | ||
| } | ||
| return -1; | ||
| return bounds; | ||
| } | ||
| function totpCheckWithWindow(token, secret, options) { | ||
| let opt = _extends({}, options); | ||
| const bounds = getWindowBounds(opt); | ||
| const checker = createChecker(token, secret, opt); | ||
| const backward = checker(-1, 0, bounds[0]); | ||
| return backward !== null ? backward : checker(1, 1, bounds[1]); | ||
| } | ||
@@ -147,3 +159,2 @@ function totpSecret(secret, options) { | ||
| let opt = _extends(hotpOptions(), defaultOptions, options); | ||
| opt.window = Math.floor(opt.window || 0); | ||
| opt.epoch = typeof opt.epoch === 'number' ? opt.epoch * 1000 : Date.now(); | ||
@@ -150,0 +161,0 @@ return opt; |
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -8,0 +8,0 @@ **/ |
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -8,0 +8,0 @@ **/ |
| { | ||
| "name": "otplib", | ||
| "version": "8.0.1", | ||
| "version": "9.0.0-0", | ||
| "description": "HMAC-based (HOTP) and Time-based (TOTP) One-Time Password library", | ||
@@ -5,0 +5,0 @@ "main": "otplib.js", |
@@ -157,2 +157,3 @@ # otplib | ||
| digits: 8, | ||
| window: 1, | ||
| crypto | ||
@@ -243,3 +244,4 @@ }; | ||
| otplib.authenticator.options = { | ||
| step: 30 | ||
| step: 30, | ||
| window: 1 | ||
| }; | ||
@@ -256,13 +258,16 @@ | ||
| | Option | Type | Defaults | Description | | ||
| | ---------------- | -------- | --------------------------------- | --------------------------------------------------------------------------------------------------- | | ||
| | algorithm | string | 'sha1' | Algorithm used for HMAC | | ||
| | createHmacSecret | function | hotpSecret, totpSecret | Transforms the secret and applies any modifications like padding to it. | | ||
| | crypto | object | node crypto | Crypto module to use. | | ||
| | digits | integer | 6 | The length of the token | | ||
| | encoding | string | 'ascii' ('hex' for Authenticator) | The encoding of secret which is given to digest | | ||
| | epoch (totp) | integer | null | starting time since the UNIX epoch (seconds). _Note_ non-javascript epoch. i.e. `Date.now() / 1000` | | ||
| | step (totp) | integer | 30 | Time step (seconds) | | ||
| | window (totp) | integer | 0 | Tokens in the previous x-windows that should be considered valid | | ||
| | Option | Type | Defaults | Description | | ||
| | ---------------- | ---------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | algorithm | string | 'sha1' | Algorithm used for HMAC | | ||
| | createHmacSecret | function | hotpSecret, totpSecret | Transforms the secret and applies any modifications like padding to it. | | ||
| | crypto | object | node crypto | Crypto module to use. | | ||
| | digits | integer | 6 | The length of the token | | ||
| | encoding | string | 'ascii' ('hex' for Authenticator) | The encoding of secret which is given to digest | | ||
| | epoch (totp) | integer | null | starting time since the UNIX epoch (seconds). _Note_ non-javascript epoch. i.e. `Date.now() / 1000` | | ||
| | step (totp) | integer | 30 | Time step (seconds) | | ||
| | window (totp) | integer or array | 0 | Tokens in the previous and future x-windows that should be considered valid. If integer, same value will be used for both. Alternatively, define array: `[previous, future]` | | ||
| _Note 1_: non "totp" label applies to all | ||
| _Note 2_: "totp" applies to authenticator as well | ||
| ### Seed / secret length | ||
@@ -269,0 +274,0 @@ |
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -38,4 +38,8 @@ **/ | ||
| check(token, secret) { | ||
| const delta = this.checkDelta(token, secret); | ||
| return Number.isInteger(delta); | ||
| } | ||
| checkDelta(token, secret) { | ||
| const opt = this.optionsAll; | ||
| return otplibCore.totpCheckWithWindow(token, secret || opt.secret, opt) >= 0; | ||
| return otplibCore.totpCheckWithWindow(token, secret || opt.secret, opt); | ||
| } | ||
@@ -42,0 +46,0 @@ verify(opts) { |
@@ -5,3 +5,3 @@ /** | ||
| * @author Gerald Yeo <contact@fusedthought.com> | ||
| * @version: 8.0.1 | ||
| * @version: 9.0.0-0 | ||
| * @license: MIT | ||
@@ -8,0 +8,0 @@ **/ |
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.89%
134266
- Lines of code
- increased by3.35%
834
- Number of lines in readme file
- increased by1.42%
358
Worsened metrics
- Number of low quality alerts
- increased byInfinity%
1
No dependency changes