Add pre-release @meteorrn/ndev-mfa companion package

Author: EC2 Default User

.npmignore

@@ -1 +1,3 @@
-example
+examples
+
+companion-packages

companion-packages/meteorrn-ndev-mfa/README.md

@@ -0,0 +1,32 @@
+**This is a pre-release package, it is not yet ready for production**
+
+# ndev:mfa for MeteorRN
+
+Currently supporting U2F only. This package exposes the following client methods for MFA.
+- useU2FAuthorizationCode
+- finishLogin
+- loginWithMFA
+- login
+
+Here's a simple login flow:
+
+````
+import MFA from '@meteorrn/ndev-mfa';
+
+MFA.login(username, password).then(r => {
+    if(r.method === null) {
+        // Login Complete
+    }
+    else {
+        let code = await collectTheCodeSomehow();
+        MFA.finishLogin(r.finishLoginParams, MFA.useU2FAuthorizationCode(code)).then(() => {
+            // Login Complete
+        }).catch(err => {
+            // Error (Invalid Code?)
+        });
+    }
+}).catch(err => {
+    // Error (Incorrect Password? Invalid Account?)
+});
+
+````

companion-packages/meteorrn-ndev-mfa/index.js

@@ -0,0 +1,101 @@
+import Meteor, { Accounts } from '@meteorrn/core';
+
+import {authorizeActionChallengeHandler, authorizeActionCompletionHandler, resetPasswordCheckMFARequired, registrationChallengeHandlerTOTP, registrationCompletionHandlerTOTP, resetPasswordChallengeHandler, registrationChallengeHandlerU2F, registerCompletionHandlerU2F, loginChallengeHandler, loginCompletionHandler } from './method-names';
+
+let useU2FAuthorizationCode = function (code) {
+    if(typeof(code) !== "string" || code.length !== 6) {
+        throw new Error("Invalid Code");
+    }
+    
+    return {U2FAuthorizationCode:code};
+};
+
+let assembleChallengeCompletionArguments = async function (finishLoginParams, code) {
+    let {res} = finishLoginParams;
+    let methodArguments = [];
+    
+    if(res.method === "u2f") {
+        let assertion;
+        if(code && code.U2FAuthorizationCode) {
+            /*
+                We require that the MFA.useU2FAuthorizationCode method is used
+                even though we just pull the code out to make sure the code isn't
+                actually an OTP due to a coding error.
+            */
+            let {challengeId, challengeSecret} = finishLoginParams.res;
+            assertion = {challengeId, challengeSecret, ...code};
+        }
+        else {
+            assertion = await solveU2FChallenge(res);
+        }
+        methodArguments.push(assertion);
+    }
+
+    if(res.method === "otp" || res.method === "totp") {
+        if(!code) {
+            throw new Meteor.Error("otp-required", "An OTP is required");
+        }
+        
+        methodArguments.push({...res, code});
+    }    
+    
+    return methodArguments;
+};
+
+let finishLogin = (finishLoginParams, code) => new Promise(async (resolve, reject) => {
+    let methodName = loginCompletionHandler();
+    let methodArguments = await assembleChallengeCompletionArguments(finishLoginParams, code);
+    
+    Meteor._startLoggingIn();
+    Meteor.call(
+      methodName,
+      methodArguments,
+      (err, result) => {
+        this._endLoggingIn();
+        this._handleLoginCallback(err, result);
+        
+        if(err) {
+            reject(err);
+        }
+        else {
+            resolve();
+        }
+      },
+    );    
+});
+
+let loginWithMFA = (username, password) => new Promise((resolve, reject) => {
+    Meteor.call(loginChallengeHandler(), username, Accounts._hashPassword(password), async (err, res) => {
+        if(err) {
+            return reject(err);
+        }
+        
+        let finishLoginParams = {res, _type:"login"};
+        let doesSupportU2FLogin = false;
+        
+        resolve({supportsU2FLogin:doesSupportU2FLogin, method:res.method, finishLoginParams, finishParams:finishLoginParams});
+    });
+});
+
+let login = (username, password) => new Promise((resolve, reject) => {
+    Meteor.loginWithPassword(username, password, err => {
+        if(err) {
+            if(err.error === "mfa-required") {
+                loginWithMFA(username, password).then(resolve).catch(reject);
+            }
+            else {
+                reject(err);
+            }
+        }
+        else {
+            resolve({method:null});
+        }
+    });
+});
+
+export default {
+    useU2FAuthorizationCode,
+    finishLogin,
+    loginWithMFA,
+    login,
+};

companion-packages/meteorrn-ndev-mfa/method-names.js

@@ -0,0 +1,13 @@
+export let registrationChallengeHandlerU2F = () => "registrationChallengeHandlerU2F";
+export let registerCompletionHandlerU2F = () => "registerCompletionHandlerU2F";
+export let loginChallengeHandler = () => "loginChallengeHandler";
+export let loginCompletionHandlerU2F = () => "loginCompletionHandlerU2F";
+export let loginCompletionHandlerOTP = () => "loginCompletionHandlerOTP";
+export let resetPasswordChallengeHandler = () => "resetPasswordChallengeHandler";
+export let checkResetPasswordHasMFA = () => "checkResetPasswordHasMFA";
+export let registrationChallengeHandlerTOTP = () => "registrationChallengeHandlerTOTP";
+export let registrationCompletionHandlerTOTP = () => "registrationCompletionHandlerTOTP";
+export let loginCompletionHandler = () => "loginCompletionHandler";
+export let resetPasswordCheckMFARequired = () => "resetPasswordCheckMFARequired";
+export let authorizeActionChallengeHandler = () => "authorizeActionChallengeHandler";
+export let authorizeActionCompletionHandler = () => "authorizeActionCompletionHandler";

companion-packages/meteorrn-ndev-mfa/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "@meteorrn/ndev-mfa",
+  "version": "0.0.1",
+  "description": "Official ndev:mfa package for MeteorRN",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "peerDependencies": {
+    "@meteorrn/core":">=2.0.7"
+  }
+}

src/Meteor.js

@@ -306,4 +306,4 @@ module.exports = {
 
     return handle;
   },
-};
+};