Version 2.0.0

[markbao]

2.0 Checklist

• Merge in @mikepb's passcode fork
• Identify areas of API breakage
• Think about whether we want to make breaking changes, return to original API, or display a deprecation notice for 2.0 and remove later
• Consider adding a deprecation notice
• Write out full README with guide
• Think about how to do a demo (Tonic?)
• Remove console.log debug artifacts
• Write tests for generate_key and generate_key_ascii
• Run JSHint (or consider using Semistandard and use the auto-formatter)
• Edit and move over documentation
• Check tests
• Check issues
• Add .counter and .time back in for API compatibility
• Last check for API breakage
• Update HISTORY.md

API breakage

• Options for hotp and totp: key is now secret
• Options for totp: initial_time is now epoch
• generate_key method missing

Open questions

• Move verify() to verifyDelta() and create a new verify() that returns a boolean for a strict comparison (delta = 0)
• generate_key -> generateSecret() for consistency?
• Do we still want to do windowAhead and windowBehind?

[mikepb]

Pull #50 fixes the TOTP window bug.

[markbao]

@mikepb, do you think we need to be restricting the digits here if it's a generic otpauth:// generator? I haven't been able to find any sort of spec for otpauth:// other than the one in the Google Authenticator wiki.

[mikepb]

No reason other than Google, but we could just make a warning instead of full-blown error.

On Jan 26, 2016, at 8:51 PM, Mark Bao notifications@github.com wrote:

In index.js #44 (comment):

•    throw new Error('Speakeasy - otpauthURL - Invalid algorithm `' + algorithm + '`');
  

• }
• query.algorithm = algorithm.toUpperCase();
• }

• // validate digits
• if (digits != null) {
• switch (parseInt(digits, 10)) {

•  case 6:
  

•  case 8:
  

•    break;
  

•  default:
  

•    throw new Error('Speakeasy - otpauthURL - Invalid digits `' + digits + '`');
  

• }
• query.digits = digits;
• }
  @mikepb https://github.com/mikepb, do you think we need to be restricting the digits here if it's a generic otpauth:// generator? I haven't been able to find any sort of spec for otpauth:// other than the one in the Google Authenticator wiki.

—
Reply to this email directly or view it on GitHub https://github.com/speakeasyjs/speakeasy/pull/44/files#r50941080.

[markbao]

Good call. Should we do the same for algorithm as well?

[mikepb]

Yep.

On Jan 26, 2016, at 9:05 PM, Mark Bao notifications@github.com wrote:

In index.js #44 (comment):

•    throw new Error('Speakeasy - otpauthURL - Invalid algorithm `' + algorithm + '`');
  

• }
• query.algorithm = algorithm.toUpperCase();
• }

• // validate digits
• if (digits != null) {
• switch (parseInt(digits, 10)) {

•  case 6:
  

•  case 8:
  

•    break;
  

•  default:
  

•    throw new Error('Speakeasy - otpauthURL - Invalid digits `' + digits + '`');
  

• }
• query.digits = digits;
• }
  Good call. Should we do the same for algorithm as well?

—
Reply to this email directly or view it on GitHub https://github.com/speakeasyjs/speakeasy/pull/44/files#r50941798.

[markbao]

Alright, here we go!

[markbao]

And we're live! https://www.npmjs.com/speakeasy

Thank you to all of the contributors to version 2.0.0.

Super thanks to @mikepb – I really enjoyed working with you on this, from having Passcode as a solid foundation to build on, to your input into design decisions and making pull requests. Thank you for your invaluable help on this project.

Really proud to have this out!

[mikepb]

👏