yub - npm Package Compare versions
Comparing version 0.10.4 to 0.10.5
| var crypto = require('crypto'); | ||
| var request = require('request'); | ||
| var modhex = require('./modhex.js'); | ||
@@ -69,3 +70,3 @@ // stored client credentials | ||
| // verify that the supplie one-time-password is valid or not | ||
| // verify that the supplied one-time-password is valid or not | ||
| // calls back with (err,data). If err is not null, then you have | ||
@@ -115,5 +116,9 @@ // an object in data to work with | ||
| // calculate the key's identity | ||
| body.identity = null; | ||
| body.serial = null; | ||
| if (typeof body.status != "undefined" && body.status === "OK") { | ||
| body.identity = calculateIdentity(otp); | ||
| body.serial = modhex.decode(body.identity); | ||
| } | ||
| callback(null, body); | ||
@@ -125,5 +130,28 @@ | ||
| // if we have no network connectivity, we still may wish to extract the | ||
| // identity from the OTP, but handy for offline applications | ||
| var verifyOffline = function (otp, callback) { | ||
| var identity = calculateIdentity(otp); | ||
| var body = { | ||
| t: null, | ||
| otp: otp, | ||
| nonce: null, | ||
| sl: '0', | ||
| status: null, | ||
| signatureVerified: false, | ||
| nonceVerified: false, | ||
| identity: identity, | ||
| serial: modhex.decode(identity) | ||
| }; | ||
| callback(null, body); | ||
| }; | ||
| module.exports = { | ||
| init: init, | ||
| verify: verify | ||
| verify: verify, | ||
| verifyOffline: verifyOffline | ||
| }; |
| { | ||
| "name": "yub", | ||
| "version": "0.10.4", | ||
| "version": "0.10.5", | ||
| "description": "Yubico Yubikey API Client", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -78,3 +78,4 @@ # YUB | ||
| nonceVerified: true, | ||
| identity: 'cccaccbtbvkw' | ||
| identity: 'cccaccbtbvkw', | ||
| serial: 123456 | ||
| } | ||
@@ -95,3 +96,11 @@ ``` | ||
| * identity - the unique identifier of the Yubikey that generated the password. If you want to write software the detects the presence of a specific Yubikey (not just any Yubikey), then data.identity is your friend. | ||
| * serial - the serial number of the Yubikey. This is derived by decoding the identity's modhex encoding. | ||
| ## Offline verification | ||
| You can also call "yub.verifyOffline", which returns the same object in the same format but | ||
| without contacting the Yubico servers i.e. it simply extracts the identity of the Yubikey | ||
| from the OTP without any network access. This is, of course, far less secure, but is useful | ||
| for offline applications. | ||
| ## Further examples | ||
@@ -98,0 +107,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.95%
51974
- Number of package files
- increased by28.57%
9
- Lines of code
- increased by60.16%
197
- Number of lines in readme file
- increased by7.26%
133
No dependency changes