PatrickKalkman

validateToken({ commit }, credentials) {
  return apiClient
    .post('/user/validatetoken', credentials)
    .then(({ data }) => {
      commit('SET_TWOFACTOR_LOGIN', data.validated);
    });
},

PatrickKalkman

validateToken() {
  this.$store
    .dispatch('validateToken', {
      token: this.token,
    })
    .then(() => {
      if (this.$store.state.twofactorvalidated) {
        this.$router.push({ name: 'dashboard' });
      } else {
        this.error = 'The provided token was not valid, please try again';

PatrickKalkman

<template>
  <div>
    <h3>{{ title }}</h3>
    <form v-if="!showTwoFactorPanel" @submit.prevent="login">
      <label for="email"> Email: </label>
      <input v-model="email" type="email" name="email" value />
      <label for="password"> Password: </label>
      <input v-model="password" type="password" name="password" value />
      <button type="submit" name="button">Login</button>
      <p>{{ error }}</p>

PatrickKalkman

userController.validateToken = function (req, reply) {
  tokenVerification.extractAndVerifyJwtToken(req, (err, isValidJwtToken, email) => {
    if (!err && isValidJwtToken) {
      const user = db.getUser(email);
      if (typeof user !== 'undefined') {
        const validated = speakeasy.totp.verify({
          secret: user.secret,
          encoding: 'base32',
          token: req.body.token,
        });

PatrickKalkman

<template>
  <div>
    <h1>Dashboard</h1>
    <template v-if="!isLoading">
      <CustomerCard
        v-for="customer in customers"
        :key="customer.id"
        :customer="customer"
      />
    </template>

PatrickKalkman

userController.enableTwoFactorAuthStep2 = function (req, reply) {
  tokenVerification.extractAndVerifyToken(req, (err, isValidJwtToken, email) => {
    if (!err && isValidJwtToken) {
      const user = db.getUser(email);
      if (typeof user !== 'undefined') {
        log.info(req.body);
        const base32secret = req.body.base32;
        const userToken = req.body.token;
        const verified = speakeasy.totp.verify({ secret: base32secret, encoding: 'base32', token: userToken });
        if (verified) {

PatrickKalkman

{
	"qr": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAALQAAAC0CAYAAAA9zQYyAAAAAklEQVR4Aew==",
	"secret": {
		"ascii": "WMi%T54iXy@cx203AoOzBf0xD]$/mb@D",
		"hex": "574d6925543534695879406378323033416f4f7a42663078445d242f6d624044",
		"base32": "K5GWSJKUGU2GSWDZIBRXQMRQGNAW6T32IJTDA6CELUSC63LCIBCA",
		"otpauth_url": "otpauth://totp/SecretKey?secret=K5GWSJKUGU2GSWDZIBRXQMRQGNAW6T32IJTDA6CELUSC63LCIBCA"
	}
}

PatrickKalkman

userController.enableTwoFactorAuthStep1 = function (req, reply) {
  tokenVerification.extractAndVerifyToken(req, (err, isValidToken, email) => {
    if (!err && isValidToken) {
      const secret = speakeasy.generateSecret();
      qrcode.toDataURL(secret.otpauth_url, function (err, qrImage) {
        if (!err) {
          reply.code(200).send({ qr: qrImage, secret: secret });
        } else {
          reply.internalServerError(err);
        }

PatrickKalkman

userController.login = function (req, reply) {
  if (isValidUserRequest(req)) {
    let user = db.getCleanedUser(req.body.email);
    if (typeof user !== 'undefined') {
      if (bcrypt.compareSync(req.body.password, user.password)) {
        delete user.password;
        const token = jwt.sign(user, config.jwt.secret);
        const newUser = { ...user, token };
        reply.code(200).send(newUser);
      }

PatrickKalkman

const { Map } = require('immutable');
const map1 = Map({ a: 1, b: 2, c: 3 });
const map2 = map1.set('b', 50);