README.md

@@ -1,51 +1,29 @@
 Node.js Authenticator
 =====================
 
-| Sponsored by [ppl](https://ppl.family)
-
 Two- and Multi- Factor Authenication (2FA / MFA) for node.js
 
-![](https://blog.authy.com/assets/posts/authenticator.png)
-
 There are a number of apps that various websites use to give you 6-digit codes to increase security when you log in:
 
-* Authy (shown above) [iPhone](https://itunes.apple.com/us/app/authy/id494168017?mt=8) | [Android](https://play.google.com/store/apps/details?id=com.authy.authy&hl=en) | [Chrome](https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en) | [Linux](https://www.authy.com/personal/) | [OS X](https://www.authy.com/personal/) | [BlackBerry](https://appworld.blackberry.com/webstore/content/38831914/?countrycode=US&lang=en)
-* Google Authenticator [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8) | [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en)
-* Microsoft Authenticator [Windows Phone](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj) | [Android](https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator)
+* Authy [iPhone](https://itunes.apple.com/us/app/authy/id494168017?mt=8) [Android](https://play.google.com/store/apps/details?id=com.authy.authy&hl=en) [Chrome](https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en) [Linux](https://www.authy.com/personal/) [OS X](https://www.authy.com/personal/) [BlackBerry](https://appworld.blackberry.com/webstore/content/38831914/?countrycode=US&lang=en)
+* Google Authenticator [iPhone](https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8) [Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en)
+* Microsoft Authenticator [Windows Phone](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj) [Android](https://play.google.com/store/apps/details?id=com.microsoft.msa.authenticator) [iPhone]()
 * GAuth [FxOS](https://marketplace.firefox.com/app/gauth/)
 
 There are many [Services that Support MFA](http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now),
-including Google, Microsoft, Facebook, and Digital Ocean for starters.
+including Google, Microsoft, Facebook, Digital Ocean, for starters.
 
 This module uses [`notp`](https://github.com/guyht/notp) which implements `TOTP` [(RFC 6238)](https://www.ietf.org/rfc/rfc6238.txt)
 (the *Authenticator* standard), which is based on `HOTP` [(RFC 4226)](https://www.ietf.org/rfc/rfc4226.txt)
 to provide codes that are exactly compatible with all other *Authenticator* apps and services that use them.
 
-Browser & Commandline Authenticator
----------------------
-
-You may also be interested in
-
-* [Browser Authenticator](https://git.coolaj86.com/coolaj86/browser-authenticator) over at <https://git.coolaj86.com/coolaj86/browser-authenticator>
-* [Commandline Authenticator](https://git.coolaj86.com/coolaj86/authenticator-cli) over at <https://git.coolaj86.com/coolaj86/authenticator-cli>
-
-Install
+Usage
 =====
 
-**node.js api**
 ```bash
 npm install authenticator --save
 ```
 
-**command line**
-```bash
-npm install authenticator-cli --global
-```
-
-Usage
-=====
-
-**node.js api**
 ```javascript
 'use strict';
 
@@ -62,52 +40,12 @@ authenticator.verifyToken(formattedKey, formattedToken);
 
 authenticator.verifyToken(formattedKey, '000 000');
 // null
-
-authenticator.generateTotpUri(formattedKey, "john.doe@email.com", "ACME Co", 'SHA1', 6, 30);
-//
-// otpauth://totp/ACME%20Co:john.doe@email.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
 ```
 
-**command line**
-```
-# see help
-authenticator --help
+QRCode
+------
 
-# generate a key and display qr code
-authenticator --qr
-```
-
-API
----
-
-```javascript
-generateKey()                               // generates a 32-character (160-bit) base32 key
-
-generateToken(formattedKey)                 // generates a 6-digit (20-bit) decimal time-based token
-
-verifyToken(formattedKey, formattedToken)   // validates a time-based token within a +/- 30 second (90 seconds) window
-                                            // returns `null` on failure or an object such as `{ delta: 0 }` on success
-
-                                            // generates an `OTPAUTH://` scheme URI for QR Code generation.
-generateTotpUri(formattedKey, accountName, issuer, algorithm, digits, period)
-```
-
-**OTPAuth Scheme**
-
-* <https://github.com/google/google-authenticator/wiki/Key-Uri-Format>
-* `otpauth://totp/<<ISSUER>>:<<ACCOUNT_NAME>>?secret=<<BASE32_KEY>>&issuer=<<ISSUER>>`
-* `otpauth://totp/<<ISSUER>>:<<ACCOUNT_NAME>>?secret=<<BASE32_KEY>>&issuer=<<ISSUER>>&algorithm=<<ALGO>>&digits=<<INT>>&period=<<SECONDS>>`
-
-Note that `ISSUER` is specified twice for backwards / forwards compatibility.
-
-QR Code
--------
-
-See <https://davidshimjs.github.io/qrcodejs/> and <https://github.com/soldair/node-qrcode>.
-
-![](http://cdn9.howtogeek.com/wp-content/uploads/2014/10/sshot-7-22.png)
-
-Example use with `qrcode.js` in the browser:
+See <https://davidshimjs.github.io/qrcodejs/>
 
 ```javascript
 'use strict';
@@ -152,4 +90,13 @@ and humans who are handicapped or otherwise struggle with quick fine motor skill
 Why not SpeakEasy?
 ------------------
 
-It doesn't use native node crypto and there are open security issues which have been left unaddressed.
+I took a look at the code and I didn't feel comfortable using it.
+
+For any module related to security I want to see that the code is clean,
+well-maintained, and that any security-related bugs are addressed.
+
+The author was obviously not well-versed in JavaScript at the time
+that he wrote it and it hasn't been cleaned up since.
+Also, the author hasn't been responsive to issues and pull requests.
+
+The notp author has been responsive, but notp doesn't do everything I would like.

authenticator.js

@@ -57,15 +57,3 @@ function verifyGoogleAuthToken(key, token) {
 module.exports.generateKey = generateGoogleAuthKey;
 module.exports.generateToken = generateGoogleAuthToken;
 module.exports.verifyToken = verifyGoogleAuthToken;
-module.exports.generateTotpUri = function (secret, accountName, issuer, algo, digits, period) {
-  // Full OTPAUTH URI spec as explained at
-  // https://github.com/google/google-authenticator/wiki/Key-Uri-Format
-  return 'otpauth://totp/'
-    + encodeURI(issuer || '') + ':' + encodeURI(accountName || '')
-    + '?secret=' + secret.replace(/[\s\.\_\-]+/g, '').toUpperCase()
-    + '&issuer=' + encodeURIComponent(issuer || '')
-    + '&algorithm=' + (algo || 'SHA1')
-    + '&digits=' + (digits || 6)
-    + '&period=' + (period || 30)
-    ;  
-};

bin/authenticator.js

@@ -1,4 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-module.exports = require('authenticator-cli/bin/authenticator');

package.json

@@ -1,17 +1,14 @@
 {
   "name": "authenticator",
-  "version": "1.1.5",
+  "version": "1.0.0",
   "description": "Two- / Multi- Factor Authenication (2FA / MFA) for node.js",
   "main": "authenticator.js",
   "scripts": {
     "test": "node example.js"
   },
-  "bin": {
-    "authenticator": "bin/authenticator.js"
-  },
   "repository": {
     "type": "git",
-    "url": "git+https://git.coolaj86.com/coolaj86/node-authenticator.js.git"
+    "url": "git+https://github.com/Daplie/node-authenticator.git"
   },
   "keywords": [
     "authenticator",
@@ -22,20 +19,17 @@
     "base32",
     "code",
     "generator",
-    "one-time",
-    "time-based",
     "authy",
     "google",
     "microsoft"
   ],
-  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
-  "license": "(MIT or Apache-2.0)",
+  "author": "AJ ONeal <coolaj86@gmail.com> (http://coolaj86.com/)",
+  "license": "Apache-2.0",
   "bugs": {
-    "url": "https://git.coolaj86.com/coolaj86/node-authenticator.js/issues"
+    "url": "https://github.com/Daplie/node-authenticator/issues"
   },
-  "homepage": "https://git.coolaj86.com/coolaj86/node-authenticator.js#readme",
+  "homepage": "https://github.com/Daplie/node-authenticator#readme",
   "dependencies": {
-    "authenticator-cli": "^1.0.5",
     "notp": "^2.0.3",
     "thirty-two": "0.0.2"
   }