Merge 4cef296 into d27a8a2

.gitignore

@@ -1 +1,6 @@
-node_modules/*
+# npm
+node_modules
+npm-debug.log
+
+# Mac OS X
+.DS_Store

.npmignore

@@ -0,0 +1 @@
+test

.travis.yml

@@ -1,5 +1,8 @@
 language: node_js
 node_js:
-  - "0.10"
+  - "5.3"
+  - "5.0"
+  - "4.1"
+  - "4.0"
   - "0.12"
-  - "iojs"
+after_script: 'istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage'

History.md

@@ -1,30 +1,16 @@
-Speakeasy
+1.0.2 / 2015-07-13
+==================
 
-Version History
+  * [Fixed] Don't repeat the secret key generating the digest.
 
-1.0.3
-=====
 
-Convenience release. Sabaidee from Luang Prabang, Laos.
+1.0.1 / 2015-07-13
+==================
 
-- Add vows to devDependencies and support `npm test` in package.json. Thanks, freewill!
+  * [Fixed] Ignore case on algorithm option.
 
-1.0.2
-=====
 
-Bugfix release.
+1.0.0 / 2015-07-12
+==================
 
-- Remove global leaks. Thanks for the fix, mashihua.
-
-1.0.1
-=====
-
-Bugfix release. Ciao from Florence, Italy.
-
-- Fixes issue where Google Chart API was being called at a deprecated URL. Thanks for the fix, sakkaku.
-- Fixes issue where `generate_key`'s `symbols` option was not working, and was also causing pollution with global var. Thanks for reporting the bug, ARAtlas.
-
-1.0.0
-=====
-
-Initial release.
+  * Initial release based on speakeasy and notp.

LICENSE

@@ -1,6 +1,8 @@
 The MIT License (MIT)
 
-Copyright (c) 2012-2013 Mark Bao
+Copyright (c) 2012-2016 Mark Bao <mark@markbao.com>
+Copyright (c) 2015 Michael Phan-Ba <michael@mikepb.com>
+Copyright (c) 2011 Guy Halford-Thompson <guy@cach.me>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,53 +1,133 @@
-# speakeasy
+<img src="http://i.imgur.com/qRyNMx4.png" width="550">
 
-## Easy two-factor authentication for node.js. Calculate time-based or counter-based one-time passwords. Supports the Google Authenticator mobile app.
+[![Build Status](https://travis-ci.org/speakeasyjs/speakeasy.svg?branch=v2)](https://travis-ci.org/speakeasyjs/speakeasy)
+[![NPM downloads](https://img.shields.io/npm/dt/speakeasy.svg)](https://www.npmjs.com/package/speakeasy)
+[![Coverage Status](https://coveralls.io/repos/github/speakeasyjs/speakeasy/badge.svg?branch=v2)](https://coveralls.io/github/speakeasyjs/speakeasy?branch=v2)
+[![NPM version](https://img.shields.io/npm/v/speakeasy.svg)](https://www.npmjs.com/package/speakeasy)
 
-Uses the HMAC One-Time Password algorithms, supporting counter-based and time-based moving factors (HOTP and TOTP).
+---
 
-## An Introduction
+**Jump to** — [Install](#install) · [Demo](#demo) · [Usage](#usage) · [Documentation](#documentation) · [Quick Reference](#quick-reference) · [License](#license)
 
-speakeasy makes it easy to implement HMAC one-time passwords (for example, for use in two-factor authentication), supporting both counter-based (HOTP) and time-based moving factors (TOTP). It's useful for implementing two-factor authentication. Google and Amazon use TOTP to generate codes for use with multi-factor authentication.
+---
 
-It supports the counter-based and time-based algorithms, as well as keys encoded in ASCII, hexadecimal, and base32. It also has a random key generator which can also generate QR code links.
+Speakeasy is a one-time passcode generator, suitable for use in two-factor
+authentication, that supports Google Authenticator and other two-factor apps.
 
-This module was written to follow the RFC memos on HOTP and TOTP:
+It includes robust support for custom token lengths, authentication windows,
+and other features, and includes helpers like a secret key generator.
 
-* HOTP (HMAC-Based One-Time Password Algorithm): [RFC 4226](http:tools.ietf.org/html/rfc4226)
-* TOTP (Time-Based One-Time Password Algorithm): [RFC 6238](http:tools.ietf.org/html/rfc6238)
+Speakeasy implements one-time passcode generators as standardized by the
+[Initiative for Open Authentication (OATH)][oath]. The HMAC-Based One-Time
+Password (HOTP) algorithm defined by [RFC 4226][rfc4226] and the Time-Based
+One-time Password (TOTP) algorithm defined in [RFC 6238][rfc6238] are
+supported.
 
-speakeasy's key generator allows you to generate keys, and get them back in their ASCII, hexadecimal, and base32 representations. In addition, it also can automatically generate QR codes for you.
+<a name="install"></a>
+## Install
 
-A useful integration is that it fully supports the popular Google Authenticator app, the virtual multi-factor authentication app available for iPhone and iOS, Android, and BlackBerry. This module's key generator can also generate a link to the specialized QR code you can use to scan in the Google Authenticator mobile app.
+```sh
+npm install --save speakeasy
+```
 
-An overarching goal of this module, other than to make it very easy to implement the HOTP and TOTP algorithms, is to be extensively documented. Indeed, it is well-documented, with clear functions and parameter explanations.
+<a name="demo"></a>
+## Demo
 
-## Install
+This demo uses the `generate_key` method of Speakeasy to generate a secret key,
+displays a Google Authenticator–compatible QR code which you can scan into your
+phone's two-factor app, and shows the token, which you can verify with your
+phone. Includes sample code. https://sedemo-mktb.rhcloud.com/
 
+<a href="https://sedemo-mktb.rhcloud.com/"><img src="http://i.imgur.com/gPwPP4u.png" height="43"></a>
+
+<a name="usage"></a>
+## Usage
+
+```js
+var speakeasy = require("speakeasy");
 ```
-npm install speakeasy
+
+#### Generating a key
+
+```js
+// Generate a secret key.
+var secret = speakeasy.generate_key({length: 20});
+// Access using secret.ascii, secret.hex, or secret.base32.
 ```
 
-## Example (with Google Authenticator)
+#### Getting a time-based token for the current time
 
-```javascript
-// generate a key and get a QR code you can scan with the Google Authenticator app
-speakeasy.generate_key({length: 20, google_auth_qr: true});
-// => { ascii: 'V?9f6.Cq1&<H?<nxe.XJ',
-//      base32: 'KY7TSZRWFZBXCMJGHRED6PDOPBSS4WCK', ... (truncated) 
-//      google_auth_qr: 'https://www.google.com/chart?chs=166x166&chld=L|0&cht=qr&chl=otpauth://totp/SecretKey%3Fsecret=KY7TSZRWFZBXCMJGHRED6PDOPBSS4WCK' }
+```js
+// Generate a time-based token based on the base-32 key.
+// HOTP (counter-based tokens) can also be used if `totp` is replaced by
+// `hotp` (i.e. speakeasy.hotp()) and a `counter` is given in the options.
+var token = speakeasy.totp({
+  secret: base32secret
+});
+
+// Returns token for the secret at the current time
+// Compare this to user input
 ```
 
-You'll get this QR code. If you don't already have it, get [Google Authenticator](http://www.google.com/support/accounts/bin/answer.py?answer=1066447).
+#### Verifying a token
 
-![](http://i.imgur.com/INZnk.png)
+```js
+// Verify a given token
+var tokenValidates = speakeasy.totp.verify({
+  secret: base32secret,
+  token: '123456',
+  window: 6
+});
+// Returns true if the token matches
+```
 
+#### Verifying a token and calculating a delta
+
+A TOTP is incremented every `step` time-step seconds. By default, the time-step
+is 30 seconds. You may change the time-step using the `step` option, with units
+in seconds.
+
+```js
+// Verify a given token is within 3 time-steps (+/- 2 minutes) from the server
+// time-step.
+var tokenDelta = speakeasy.totp.verifyDelta({
+  secret: base32secret,
+  token: '123456',
+  window: 2,
+  step: 60
+});
+// Returns {delta: 0} where the delta is the time step difference
+// between the given token and the current time
 ```
-// specify a length and encoding (ascii, hex, or base32).
-speakeasy.time({key: 'KY7TSZRWFZBXCMJGHRED6PDOPBSS4WCK', encoding: 'base32'}); // see the base32 result above
-// => try this in your REPL and it should match the number on your phone
+
+#### Calculating a counter-based token
+
+```js
+var token = speakeasy.hotp({
+  secret: base32secret,
+  counter: 123
+});
+
+var tokenValidates = speakeasy.hotp.verify({
+  secret: secret.base32,
+  token: token,
+  counter: 123
+});
 ```
 
-## Manual
+<a name="documentation"></a>
+## Documentation
+
+A quick reference can be found below. Full API documentation (in JSDoc format)
+is available at http://speakeasyjs.github.io/speakeasy/
+
+<a href="http://speakeasyjs.github.io/speakeasy/"><img src="http://i.imgur.com/hD9w41T.png" height="43"></a>
+
+
+<a name="quick-reference"></a>
+## Quick Reference
+
+TODO: Update
 
 ### speakeasy.hotp(options) | speakeasy.counter(options)
 
@@ -57,8 +137,8 @@ Written to follow [RFC 4226](http://tools.ietf.org/html/rfc4226). Calculated wit
 
 #### Options
 
-* `key`: the secret key in ASCII, hexadecimal, or base32 format. `K` in the algorithm.
-* `counter`: the counter position (moving factor). `C` in the algorithm.
+* `secret`: the secret key in ASCII, hexadecimal, or base32 format.
+* `counter`: the counter position (moving factor).
 * `length` (default `6`): the length of the resulting one-time password.
 * `encoding` (default `ascii`): the encoding of the `key`. Can be `'ascii'`, `'hex'`, or `'base32'`. The key will automatically be converted to ASCII.
 
@@ -86,10 +166,10 @@ Written to follow [RFC 6238](http://tools.ietf.org/html/rfc6238). Calculated wit
 
 #### Options
 
-* `key`: the secret key in ASCII, hexadecimal, or base32 format. `K` in the algorithm.
-* `step` (default `30`): the time step, in seconds, between new passwords (moving factor). `X` in the algorithm.
-* `time` (default current time): the time to calculate the TOTP from, by default the current time. If you're doing something clever with TOTP, you may override this (see *Techniques* below). `T` in the algorithm.
-* `initial_time` (default `0`): the starting time where we calculate the TOTP from. Usually, this is set to the UNIX epoch at 0. `T0` in the algorithm.
+* `secret`: the secret key in ASCII, hexadecimal, or base32 format.
+* `step` (default `30`): the time step, in seconds, between new passwords (moving factor).
+* `time` (default current time): the time to calculate the TOTP from, by default the current time. If you're doing something clever with TOTP, you may override this (see *Techniques* below).
+* `initial_time` (default `0`): the starting time where we calculate the TOTP from. Usually, this is set to the UNIX epoch at 0.
 * `length` (default `6`): the length of the resulting one-time password.
 * `encoding` (default `ascii`): the encoding of the `key`. Can be `'ascii'`, `'hex'`, or `'base32'`. The key will automatically be converted to ASCII.
 
@@ -147,14 +227,17 @@ speakeasy.generate_key({length: 20, google_auth_qr: true});
 //      google_auth_qr: 'https://www.google.com/chart?chs=166x166&chld=L|0&cht=qr&chl=otpauth://totp/SecretKey%3Fsecret=KY7TSZRWFZBXCMJGHRED6PDOPBSS4WCK' }
 ```
 
-## Running the tests
-
-You'll need to have `vows` installed. If you don't have vows, `npm install -g vows`
-
-To run the tests, run this in the module root directory: `vows --spec test/*`
+## License
 
-## Issues and patches
+This project incorporates code from [passcode][], which was originally a
+fork of speakeasy, and [notp][], both of which are licensed under MIT.
+Please see the [LICENSE](LICENSE) file for the full combined license.
 
-If you're having an issue, I'm quite sorry that you came across it. Please submit issues to the [GitHub Issues page](https://github.com/markbao/speakeasy/issues).
+Icons created by Gregor Črešnar, iconoci, and Danny Sturgess from the Noun
+Project.
 
-To submit a patch, please first make sure the tests pass, and then make a pull request detailing your changes. Thank you!
+[passcode]: http://github.com/mikepb/passcode
+[notp]: https://github.com/guyht/notp
+[oath]: http://www.openauthentication.org/
+[rfc4226]: https://tools.ietf.org/html/rfc4226
+[rfc6238]: https://tools.ietf.org/html/rfc6238