Created
September 27, 2016 22:04
Meteor.js Duo Security Methods
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import lo_ from 'lodash'; | |
| import Duo from 'duo_web'; | |
| // using lodash .get https://lodash.com/docs/4.16.2#get to access nested object properties safely | |
| // get settings from Meteor settings.json | |
| const duoSettings = lo_.get(Meteor, 'settings.services.duoSecurity', null); | |
| if (!duoSettings) { | |
| throw new Meteor.Error('err - Duo API settings.json not available'); | |
| } | |
| // get app settings for use with Duo API | |
| const IKEY = duoSettings.iKey, | |
| SKEY = duoSettings.sKey, | |
| HOST = duoSettings.host, | |
| AKEY = duoSettings.aKey; | |
| Meteor.methods({ | |
| duoSignReq: function() { | |
| check(this.userId, String); | |
| const user = Meteor.user(); | |
| //verify user avail | |
| if (!user) { | |
| throw new Meteor.Error('duoSignReq err - invalid user'); | |
| } | |
| //get user email | |
| const userEmail = lo_.get(user, 'emails[0].address', null); | |
| //verify user email is avail | |
| if (!Match.test(userEmail, String)) { | |
| throw new Meteor.Error('duoSignReq err - unable to get email address'); | |
| } | |
| //verify duo method is avail | |
| if (!lo_.isFunction(Duo.sign_request)) { | |
| throw new Meteor.Error('duoSignReq err - duo lib err'); | |
| } | |
| //generate request signature from duo | |
| const request_sig = Duo.sign_request(IKEY, SKEY, AKEY, userEmail); | |
| //verify request_sig avail | |
| if (!Match.test(request_sig, String)) { | |
| throw new Meteor.Error('duoSignReq err - error generating request_sig'); | |
| } | |
| // return the sign request to the client | |
| return request_sig; | |
| }, | |
| processDuoResponse: function(sig_response) { | |
| check(this.userId, String); | |
| check(sig_response, String); | |
| //get user/user email | |
| const user = Meteor.user(); | |
| const userEmail = lo_.get(user, 'emails[0].address', null); | |
| //verify user email is avail | |
| if (!Match.test(userEmail, String)) { | |
| throw new Meteor.Error('processDuoResponse err - unable to get email address'); | |
| } | |
| //verify duo method is avail | |
| if (!lo_.isFunction(Duo.verify_response)) { | |
| throw new Meteor.Error('processDuoResponse err - duo lib err'); | |
| } | |
| // verify signature and response | |
| const verifyResult = Duo.verify_response(IKEY, SKEY, AKEY, sig_response); | |
| // proper verification will return the username (email address) | |
| if (!verifyResult === userEmail) { | |
| throw new Meteor.Error('processDuoResponse err - could not validate request'); | |
| } | |
| // return to client | |
| return verifyResult; | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment