Remove qrcode dependency as an npm package and replace it with a client side cross-browser library that generates qrcodes

2017-05-14 13:37:05 +02:00 · 2017-05-14 13:37:05 +02:00 · 32ff6cb387
parent 88815ec90a
commit 32ff6cb387
8 changed files with 17 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,5 @@ config.yml
 npm-debug.log
 notifications/
 .vscode/
--- a/package.json
+++ b/package.json
@ -36,7 +36,6 @@
    "nedb": "^1.8.0",
    "nodemailer": "^2.7.0",
    "object-path": "^0.11.3",
    "qrcode": "^0.5.0",
    "randomstring": "^1.1.5",
    "speakeasy": "^2.0.0",
    "winston": "^2.3.1",
--- a/src/lib/routes/totp_register.js
+++ b/src/lib/routes/totp_register.js
@ -1,6 +1,5 @@
 var objectPath = require('object-path');
 var Promise = require('bluebird');
 var QRCode = require('qrcode');
 var CHALLENGE = 'totp-register';
@ -16,7 +15,6 @@ module.exports = {
  post: post,
 }
 function pre_check(req) {
  var first_factor_passed = objectPath.get(req, 'session.auth_session.first_factor');
  if(!first_factor_passed) {
@ -36,19 +34,6 @@ function pre_check(req) {
  return Promise.resolve(identity);
 }
 function secretToDataURLAsync(secret) {
  return new Promise(function(resolve, reject) {
    QRCode.toDataURL(secret.otpauth_url, function(err, url_data) {
      if(err) {
        reject(err);
        return;
      }
      resolve(url_data);
    });
  });
 }
 // Generate a secret and send it to the user
 function post(req, res) {
  var logger = req.app.get('logger');
@ -64,17 +49,12 @@ function post(req, res) {
  var user_data_store = req.app.get('user data store');
  var totp = req.app.get('totp engine');
  var secret = totp.generateSecret();
  var qrcode_data;
-  secretToDataURLAsync(secret)
+  logger.debug('POST new-totp-secret: save the TOTP secret in DB');
-  .then(function(data) {
+  user_data_store.set_totp_secret(userid, secret)
    qrcode_data = data;
    logger.debug('POST new-totp-secret: save the TOTP secret in DB');
    return user_data_store.set_totp_secret(userid, secret);
  })
  .then(function() {
    var doc = {};
-    doc.qrcode = qrcode_data;
+    doc.otpauth_url = secret.otpauth_url;
    doc.base32 = secret.base32;
    doc.ascii = secret.ascii;
--- a/src/public_html/css/login.css
+++ b/src/public_html/css/login.css
@ -57,7 +57,12 @@ p { color: #fff; text-shadow: 0 0 10px rgba(0,0,0,0.3); letter-spacing:1px; text
 a { color: #fff;  text-align: center; }
-#qrcode { text-align: center; }
+#qrcode img { 
  margin: auto;
  text-align: center; 
  padding: 10px;
  background: white;
 }
 #secret { font-size: 0.7em; }
--- a/src/public_html/js/qrcode.min.js
+++ b/src/public_html/js/qrcode.min.js
--- a/src/public_html/js/totp-register.js
+++ b/src/public_html/js/totp-register.js
@ -19,9 +19,9 @@ function generateSecret(fn) {
 }
 function onSecretGenerated(err, secret) {
-  // console.log('secret generated successfully', secret);
+  console.log('secret generated successfully', secret);
-  var img = $('<img src="' + secret.qrcode + '" alt="secret-qrcode"/>');
+  console.log('OTP Auth URL=', secret.otpauth_url);
-  $('#qrcode').append(img);
+  new QRCode(document.getElementById("qrcode"), secret.otpauth_url);
  $("#secret").text(secret.base32);
 }
--- a/src/views/totp-register.ejs
+++ b/src/views/totp-register.ejs
@ -14,5 +14,6 @@
  </body>
  <% include scripts %>
  <script src="js/qrcode.min.js"></script>
  <script src="js/totp-register.js"></script>
 </html>
--- a/test/unitary/routes/test_totp_register.js
+++ b/test/unitary/routes/test_totp_register.js
@ -118,7 +118,7 @@ describe('test totp register', function() {
      req.session.auth_session.identity_check = {};
      req.session.auth_session.identity_check.userid = 'user';
      req.session.auth_session.identity_check.challenge = 'totp-register';
-      user_data_store.set_totp_secret.throws('internal error');
+      user_data_store.set_totp_secret.returns(new Promise.reject('internal error'));
      res.send = sinon.spy(function() {
        assert.equal(res.status.getCall(0).args[0], 500);