Comparing version 0.10.4 to 0.10.5
var crypto = require('crypto'); | ||
var request = require('request'); | ||
var modhex = require('./modhex.js'); | ||
@@ -69,3 +70,3 @@ // stored client credentials | ||
// verify that the supplie one-time-password is valid or not | ||
// verify that the supplied one-time-password is valid or not | ||
// calls back with (err,data). If err is not null, then you have | ||
@@ -115,5 +116,9 @@ // an object in data to work with | ||
// calculate the key's identity | ||
body.identity = null; | ||
body.serial = null; | ||
if (typeof body.status != "undefined" && body.status === "OK") { | ||
body.identity = calculateIdentity(otp); | ||
body.serial = modhex.decode(body.identity); | ||
} | ||
callback(null, body); | ||
@@ -125,5 +130,28 @@ | ||
// if we have no network connectivity, we still may wish to extract the | ||
// identity from the OTP, but handy for offline applications | ||
var verifyOffline = function (otp, callback) { | ||
var identity = calculateIdentity(otp); | ||
var body = { | ||
t: null, | ||
otp: otp, | ||
nonce: null, | ||
sl: '0', | ||
status: null, | ||
signatureVerified: false, | ||
nonceVerified: false, | ||
identity: identity, | ||
serial: modhex.decode(identity) | ||
}; | ||
callback(null, body); | ||
}; | ||
module.exports = { | ||
init: init, | ||
verify: verify | ||
verify: verify, | ||
verifyOffline: verifyOffline | ||
}; |
{ | ||
"name": "yub", | ||
"version": "0.10.4", | ||
"version": "0.10.5", | ||
"description": "Yubico Yubikey API Client", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -78,3 +78,4 @@ # YUB | ||
nonceVerified: true, | ||
identity: 'cccaccbtbvkw' | ||
identity: 'cccaccbtbvkw', | ||
serial: 123456 | ||
} | ||
@@ -95,3 +96,11 @@ ``` | ||
* identity - the unique identifier of the Yubikey that generated the password. If you want to write software the detects the presence of a specific Yubikey (not just any Yubikey), then data.identity is your friend. | ||
* serial - the serial number of the Yubikey. This is derived by decoding the identity's modhex encoding. | ||
## Offline verification | ||
You can also call "yub.verifyOffline", which returns the same object in the same format but | ||
without contacting the Yubico servers i.e. it simply extracts the identity of the Yubikey | ||
from the OTP without any network access. This is, of course, far less secure, but is useful | ||
for offline applications. | ||
## Further examples | ||
@@ -98,0 +107,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
51974
9
197
133