Added Two Factor Authentication (2FA)

src/services/auth/auth.js

@@ -68,4 +68,73 @@ module.exports = class Auth {
         throw err;
       });
   }
+
+  async verify2FaAuto(token) {
+    if (!token) {
+      return {
+        code: 400,
+        message: "Auth:verify2FaAuto() called without `token` argument",
+        verified: false,
+      };
+    }
+    return fetch(`${this.authURL}/verify-2fa`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    })
+      .then((res) => {
+        return res.json().then((data) => {
+          return {
+            ...data,
+            verified: data.code === 200 ? true : false,
+          };
+        });
+      })
+      .catch((err) => {
+        console.log("verify2FaAuto: catch: ", err);
+        throw err;
+      });
+  }
+
+  async verify2Fa(token, mfatoken) {
+    if (!token) {
+      return {
+        code: 400,
+        message: "Auth:verify2Fa() called without `token` argument",
+        verified: false,
+      };
+    }
+
+    if (!mfatoken) {
+      return {
+        code: 400,
+        message: "Auth:verify2Fa() called without `mfatoken` argument",
+        verified: false,
+      };
+    }
+
+    const form = new FormData();
+    form.append("token", mfatoken);
+
+    return fetch(`${this.authURL}/verify-2fa`, {
+      method: "POST",
+      body: form,
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    })
+      .then((res) => {
+        return res.json().then((data) => {
+          return {
+            ...data,
+            verified: data.code === 200 ? true : false,
+          };
+        });
+      })
+      .catch((err) => {
+        console.log("verify2Fa: catch: ", err);
+        throw err;
+      });
+  }
 };

src/services/auth/auth.test.js

@@ -5,17 +5,17 @@ require("dotenv").config();
 const test = require("ava");
 const Auth = require("./auth");
 const auth = new Auth({
-  authURL: process.env.ZESTY_AUTH_API
+  authURL: process.env.ZESTY_AUTH_API,
 });
 const badAuth = new Auth({
-  authURL: "http://localhost:9999"
+  authURL: "http://localhost:9999",
 });
 
 // NOTE: We explicitly do not catch promise rejections,
 // instead we let them throw failing the test. Ava will
 // print the uncaught error to the console
 
-test("login:200", async t => {
+test("login:200", async (t) => {
   const res = await auth.login(
     process.env.ZESTY_USER_EMAIL,
     process.env.ZESTY_USER_PASSWORD
@@ -25,7 +25,7 @@ test("login:200", async t => {
   t.not("", res.token);
 });
 
-test("verifyToken:200", async t => {
+test("verifyToken:200", async (t) => {
   const session = await auth.login(
     process.env.ZESTY_USER_EMAIL,
     process.env.ZESTY_USER_PASSWORD
@@ -36,11 +36,62 @@ test("verifyToken:200", async t => {
   t.is(res.verified, true);
 });
 
+test.skip("verify2FaAuto:200", async (t) => {
+  const session = await auth.login(
+    process.env.ZESTY_USER_EMAIL,
+    process.env.ZESTY_USER_PASSWORD
+  );
+
+  var done = false;
+  console.log("Confirm Authy within 10 secs.");
+  do {
+    const res = await auth.verify2FaAuto(session.token);
+    if (res.status === "OK") {
+      t.is(res.code, 200);
+      t.is(res.verified, true);
+      done = true;
+    }
+  } while (!done);
+});
+
+test("verify2Fa:200", async (t) => {
+  const session = await auth.login(
+    process.env.ZESTY_USER_EMAIL,
+    process.env.ZESTY_USER_PASSWORD
+  );
+
+  //add your otp token
+  var mfatoken = "1699168";
+  const res = await auth.verify2Fa(session.token, mfatoken);
+  t.is(res.code, 200);
+  t.is(res.verified, true);
+});
+
 /**
  * Causes account lock breaking tests
  */
 
-test.skip("login:400", async t => {
+test("verify2Fa:400", async (t) => {
+  const missingToken = await auth.verify2Fa(null, null);
+  t.is(missingToken.code, 400);
+  t.is(
+    missingToken.message,
+    "Auth:verify2Fa() called without `token` argument"
+  );
+
+  const session = await auth.login(
+    process.env.ZESTY_USER_EMAIL,
+    process.env.ZESTY_USER_PASSWORD
+  );
+  const missingMfaToken = await auth.verify2Fa(session.token, null);
+  t.is(missingMfaToken.code, 400);
+  t.is(
+    missingMfaToken.message,
+    "Auth:verify2Fa() called without `mfatoken` argument"
+  );
+});
+
+test.skip("login:400", async (t) => {
   const missingEmail = await auth.login(null, null);
   t.is(missingEmail.statusCode, 400);
   t.is(missingEmail.message, "Auth:login() missing required argument `email`");
@@ -53,7 +104,7 @@ test.skip("login:400", async t => {
   );
 });
 
-test.skip("login:401||403", async t => {
+test.skip("login:401||403", async (t) => {
   const res = await auth.login("BAD@USERNAME", "BAD PASSWORD");
 
   // After 5 failed login attempts the auth service locks the account and returns
@@ -62,7 +113,7 @@ test.skip("login:401||403", async t => {
   t.truthy(res.statusCode == 401 || res.statusCode == 403);
 });
 
-test.skip("login:error", async t => {
+test.skip("login:error", async (t) => {
   try {
     const res = await badAuth.login(
       process.env.ZESTY_USER_EMAIL,
@@ -74,19 +125,19 @@ test.skip("login:error", async t => {
   }
 });
 
-test.skip("verifyToken:401", async t => {
+test.skip("verifyToken:401", async (t) => {
   const res = await auth.verifyToken("BADTOKEN");
 
   t.is(res.statusCode, 401);
   t.is(res.verified, false);
 });
 
-test.skip("verifyToken:missing token", async t => {
+test.skip("verifyToken:missing token", async (t) => {
   const res = await auth.verifyToken();
   t.is(res.verified, false);
 });
 
-test.skip("verifyToken:error", async t => {
+test.skip("verifyToken:error", async (t) => {
   try {
     const res = await badAuth.verifyToken("BADTOKEN");
     t.fail();