Skip to content

Commit

Permalink
More Efficient and Secure Methods in Downloading Backup Codes
Browse files Browse the repository at this point in the history
  • Loading branch information
@stanleyowen
stanleyowen committed May 9, 2021
1 parent d3e2d4a commit bb644d1
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 33 deletions.
16 changes: 5 additions & 11 deletions client/src/components/account.component.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,13 +129,13 @@ const Account = ({ userData }) => {

const backupCode = () => {
const codes = [...valid, ...invalid]
return ` SAVE YOUR BACKUP CODES\n\nKeep these backup codes somewhere safe but accessible.\nEach backup code can only be used once.\n
return `SAVE YOUR BACKUP CODES\n\nKeep these backup codes somewhere safe but accessible.\nEach backup code can only be used once.\n
1. ${codes[0]} 6. ${codes[5]}
2. ${codes[1]} 7. ${codes[6]}
3. ${codes[2]} 8. ${codes[7]}
4. ${codes[3]} 9. ${codes[8]}
5. ${codes[4]} 10. ${codes[9]}\n
(stanleyowen06@gmail.com)`
(stanleyowen06@gmail.com)`
}

const CopyCode = (e) => {
Expand Down Expand Up @@ -258,15 +258,9 @@ const Account = ({ userData }) => {
const DownloadOTP = (e) => {
e.preventDefault();
const btn = document.getElementById('download-otp');
async function generateToken(){
btn.innerHTML = "Downloading..."; btn.setAttribute("disabled", "true"); btn.classList.add("disabled"); handleChange('disabled', true);
await axios.get(`${SERVER_URL}/account/backup-code`, { responseType: 'blob', withCredentials: true })
.then(res => download(res.data, 'Backup Codes.txt'))
.catch(err => setNotification(NOTIFICATION_TYPES.DANGER, err.response.data.message))
btn.innerHTML = "Download"; btn.removeAttribute("disabled"); btn.classList.remove("disabled"); handleChange('disabled', false);
}
if(!security['2FA']) setNotification(NOTIFICATION_TYPES.WARNING, 'Backup Codes are only eligle in Multi Factor Authentication (MFA) Users')
else generateToken();
btn.innerHTML = "Downloading..."; btn.setAttribute("disabled", "true"); btn.classList.add("disabled"); handleChange('disabled', true);
download(backupCode(), 'Backup Codes.txt')
btn.innerHTML = "Download"; btn.removeAttribute("disabled"); btn.classList.remove("disabled"); handleChange('disabled', false);
}

return (
Expand Down
22 changes: 0 additions & 22 deletions server/routes/users.route.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
const fs = require('fs');
const jwt = require('jsonwebtoken');
const passport = require('passport');
const router = require('express').Router();
Expand Down Expand Up @@ -310,27 +309,6 @@ router.put('/otp', async (req, res, next) => {
})(req, res, next)
})

router.get('/backup-code', async (req, res, next) => {
passport.authenticate('jwt', { session: false }, (err, user, info) => {
if(err) return res.status(500).send(JSON.stringify({status: 500, message: MSG_DESC[0]}, null, 2))
else if(info && (info.status ? info.status >= 300 ? true : false : true)) return res.status(info.status ? info.status : info.status = 400).send(JSON.stringify(info, null, 2))
else if(user) {
const rawToken = user.security['backup-codes']
const encryptedToken = [...rawToken.valid, ...rawToken.invalid]
const token = encryptedToken.map(a => { return decrypt(a, 4) })
fs.writeFileSync(`${__dirname}/Backup Codes.txt`, `
SAVE YOUR BACKUP CODES\n\nKeep these backup codes somewhere safe but accessible.\nEach backup code can only be used once.\n
1. ${token[0]} 6. ${token[5]}
2. ${token[1]} 7. ${token[6]}
3. ${token[2]} 8. ${token[7]}
4. ${token[3]} 9. ${token[8]}
5. ${token[4]} 10. ${token[9]}\n
(stanleyowen06@gmail.com)`)
return res.download(`${__dirname}/Backup Codes.txt`, () => fs.unlinkSync(`${__dirname}/Backup Codes.txt`))
}else return res.status(504).send(JSON.stringify({status: 504, message: MSG_DESC[34]}, null, 2))
})(req, res, next)
})

router.post('/backup-code', new rateLimit({
windowMs: 3600000, // 1 hour
max: 1,
Expand Down

0 comments on commit bb644d1

Please sign in to comment.