passport-keyverify

0.0.3 • Public • Published

passport-keyverify

Passport strategy for authenticating using a public/private key pair to sign a nonce challenge.

This module allows you to verify a request or session using public and private key pairs. Connect-style middleware, including Express.

Install

$ npm install passport-keyverify

Usage

Configure Strategy

passport.use(new KeyVerifyStrategy( this.verify ));

Authenticate Requests

  this.verify = function(username, nonce, signature, callback) {
    console.log("[server.passport.keyVerify] nonce: " + nonce + " signature: " + signature);
    User.findByUsername(username, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }

      var sigBuffer = new Buffer(signature, 'base64');
      var sigString = sigBuffer.toString();

      console.log("[server.passport.keyVerify] sigString: " + sigString);

      var publicKey = user.publicKey;
      EncryptionManager.verifyMessageSignature(sigString, publicKey, nonce, function(err, signatureFingerprint) {
        if (err) { return callback("[AuthenticationManager.verifySignature] ERROR: " + err, false); };
        var sessionUser = user.id;

        if (signatureFingerprint) {
          logger.debug("[authentication.verify] User '" + user.username + "' verification SUCCESS with signature fingerprint '" + signatureFingerprint + "'");
          return callback(null, true);
          logger.debug("[authentication.verify] User '" + user.username + "' verification FAILED!");
        } else {
          return callback(null, false);
        }
      });
    });
  };

Examples

For examples of workign code please see the following examples included.

Tests

$ npm install
$ npm test

Dependents (0)

Package Sidebar

Install

npm i passport-keyverify

Weekly Downloads

0

Version

0.0.3

License

none

Last publish

Collaborators

  • phutchins