fix: use correct totp verifier

restorecommerce · Jan 17, 2025 · 8fa8744 · 8fa8744
1 parent c67d19e
commit 8fa8744
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/src/service.ts b/src/service.ts
@@ -101,7 +101,7 @@ import * as zxcvbnDePackage from '@zxcvbn-ts/language-de';
 import { matcherPwnedFactory } from '@zxcvbn-ts/matcher-pwned';
 import fetch from 'node-fetch';
 
-import { authenticator, totp } from 'otplib';
+import { authenticator } from 'otplib';
 import * as jose from 'jose';
 import crypto from 'node:crypto';
 
@@ -3206,7 +3206,7 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
       return { operation_status: acsResponse.operation_status };
     }
 
-    if (!totp.check(request.code, user.totp_secret_processing)) {
+    if (!authenticator.check(request.code, user.totp_secret_processing)) {
       return returnOperationStatus(400, `Invalid TOTP code`);
     }
 
@@ -3252,7 +3252,7 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
       return returnStatus(400, 'Invalid TOTP session token');
     }
 
-    if (totp.check(request.code, user.totp_secret_processing)) {
+    if (authenticator.check(request.code, user.totp_secret)) {
       return { payload: user, status: { code: 200, message: 'success' } };
     }
 

diff --git a/test/service.spec.ts b/test/service.spec.ts
@@ -27,7 +27,7 @@ import {
   TokenServiceClient,
   TokenServiceDefinition
 } from '@restorecommerce/rc-grpc-clients/dist/generated-server/io/restorecommerce/token.js';
-import { totp } from 'otplib';
+import { authenticator } from 'otplib';
 import {unmarshallProtobufAny} from "../src/utils.js";
 
 /*
@@ -2030,7 +2030,7 @@ describe('testing identity-srv', () => {
         });
 
         it('should confirm totp secret', async () => {
-          const code = totp.generate(totpSecret);
+          const code = authenticator.generate(totpSecret);
 
           const completeResult = await (userService.completeTOTPSetup({
             code,
@@ -2051,7 +2051,7 @@ describe('testing identity-srv', () => {
           should.exist(loginResponse);
           should.exist(loginResponse.totp_session_token);
 
-          const code = totp.generate(totpSecret);
+          const code = authenticator.generate(totpSecret);
           const exchangeResponse = await (userService.exchangeTOTP({
             code,
             totp_session_token: loginResponse.totp_session_token,