search

epicweb-dev / totp

Support Two Factor Authentication (2FA) in your application with ease.
https://www.epicweb.dev
MIT License
314 stars 17 forks source link

Issues deploying code to AWS Lambda #8

Closed kldeb closed 3 months ago

kldeb commented 3 months ago

For some reason this code will not execute properly using node v20 running on aws lambda deployed using sst.

I was able to fix this issue by replacing this package:

import * as base32 from 'thirty-two'

with 

import base32Encode from 'base32-encode'
import base32Decode from 'base32-decode'

and updating the code to use those 2 functions.

While preparing a PR for this change I broke the tests. I want to make sure that modifying the tests to support this change will not break any existing implementations. Could someone give me a hand with the test cases?

I was able to get all the tests working again except Fail to verify an invalid TOTP. I had to modify options can be customized like so: 

test('options can be customized', () => {
    const options = {
        algorithm: 'SHA256',
        period: 60,
        digits: 8,
        secret: base32Encode(
            new TextEncoder().encode(Math.random().toString(16).slice(2)),
            'RFC4648'
        ).toString(),
        charSet: 'abcdef',
    }
    const { otp, ...config } = generateTOTP(options)
    assert.deepStrictEqual(config, options)
    const result = verifyTOTP({ otp, ...config })
    assert.deepStrictEqual(result, { delta: 0 })
})

Edit: I don't think this change will affect existing implementations but I want to be sure.

kentcdodds commented 3 months ago

Hi @kldeb,

Go ahead and open the PR and I'll give it a look. Thanks!

dev-xo commented 3 months ago

Hi @kentcdodds!

@kldeb was kind enough to notify us about remix-auth-totp, which also relies on @epicweb-dev/totp. In order to allow users to successfully deploy to AWS Lambda using Node 20, it seems like we also need to find an alternative for thirty-two in @epicweb-dev/totp.

Hopefully, @kldeb is able to pass the tests, and we can improve a bit @epicweb-dev/totp and, with that, remix-auth-totp!

github-actions[bot] commented 3 months ago

:tada: This issue has been resolved in version 1.1.3 :tada:

The release is available on:

Your semantic-release bot :package::rocket: