abhiaiyer91/gist:434a98d314ac175c0d2a

## gistfile1.js
// Two Factor
TwoFactor = new Meteor.Collection('twoFactor');

//generate login token
var generateLoginToken = function () {
    var stampedToken = Accounts._generateStampedLoginToken();
    return [
        stampedToken,
        Accounts._hashStampedToken(stampedToken)
    ];
};

var saveLoginToken = function (userId) {
    return Meteor.wrapAsync(function (userId, tokens, callback) {
        // In tokens array first is stamped, second is hashed
        // Save hashed to Mongo
        Meteor.users.update(userId, {
            $push: {
                'service.resume.loginTokens': tokens[1]
            }
        }, function (error) {
            if (error) {
                callback(new Meteor.Error(500, 'Couldnt save login token into user profile'));
            } else {
                // Return stamped to user
                callback && callback(null, [200, tokens[0].token]);
            }
        });
    })(userId, generateLoginToken());
};

Meteor.methods({
    loginProcedure: function (username, pwDigest, code, hash) {
        //does this user exist?
        var user = Meteor.users.findOne({
            '$or': [
                {
                    'username': username,
                },
                {
                    'emails.address': username
                }
            ]
        });

        if (!user) {
            throw new Meteor.Error(404, 'You are not the user we were looking for.');
        }

        var password = {digest: pwDigest, algorithm: 'sha-256'};
        var pwCheck = Accounts._checkPassword(user, password);

        if (pwCheck.error) {
            throw new Meteor.Error(403, 'PW Fail');
        }

        if (!user.meta.twoFactor) {
            return saveLoginToken(user._id);
        } else {
            if (code && hash) {
                var session = TwoFactor.findOne({
                    hash: hash,
                    username: username
                });

                if (session) {
                    //TODO: VALIDATE SOMETHING

                    TwoFactor.update({
                        hash: hash
                    }, {
                        $set: {
                            submitted: new Date()
                        }
                    });

                    return saveLoginToken(user._id);
                } else {
                    throw new Meteor.Error(404, 'Invalid Hash');
                }
            } else if (hash) {
                var session = TwoFactor.findOne({
                    hash: hash,
                    username: username
                });

                if (session) {
                    //TODO: write validation
                    return [401, hash];
                } else {
                    throw new Meteor.Error(404, 'No Session');
                }
            } else {
                //TODO: write some method of generating a code or some pass into the system
                generatedCodeToPass;

                var now = new Date();
                //TODO: CRYPTO HASH
                var hash = +now;

                //Lets put this in our collection

                TwoFactor.insert({
                    hash: hash,
                    code: generatedCodeToPass,
                    username: username,
                    sent: now
                });

                //TODO: Send user a message to complete this
            }
        }
    }
})
	// Two Factor
	TwoFactor = new Meteor.Collection('twoFactor');

	//generate login token
	var generateLoginToken = function () {
	var stampedToken = Accounts._generateStampedLoginToken();
	return [
	stampedToken,
	Accounts._hashStampedToken(stampedToken)
	];
	};

	var saveLoginToken = function (userId) {
	return Meteor.wrapAsync(function (userId, tokens, callback) {
	// In tokens array first is stamped, second is hashed
	// Save hashed to Mongo
	Meteor.users.update(userId, {
	$push: {
	'service.resume.loginTokens': tokens[1]
	}
	}, function (error) {
	if (error) {
	callback(new Meteor.Error(500, 'Couldnt save login token into user profile'));
	} else {
	// Return stamped to user
	callback && callback(null, [200, tokens[0].token]);
	}
	});
	})(userId, generateLoginToken());
	};

	Meteor.methods({
	loginProcedure: function (username, pwDigest, code, hash) {
	//does this user exist?
	var user = Meteor.users.findOne({
	'$or': [
	{
	'username': username,
	},
	{
	'emails.address': username
	}
	]
	});

	if (!user) {
	throw new Meteor.Error(404, 'You are not the user we were looking for.');
	}

	var password = {digest: pwDigest, algorithm: 'sha-256'};
	var pwCheck = Accounts._checkPassword(user, password);

	if (pwCheck.error) {
	throw new Meteor.Error(403, 'PW Fail');
	}

	if (!user.meta.twoFactor) {
	return saveLoginToken(user._id);
	} else {
	if (code && hash) {
	var session = TwoFactor.findOne({
	hash: hash,
	username: username
	});

	if (session) {
	//TODO: VALIDATE SOMETHING

	TwoFactor.update({
	hash: hash
	}, {
	$set: {
	submitted: new Date()
	}
	});

	return saveLoginToken(user._id);
	} else {
	throw new Meteor.Error(404, 'Invalid Hash');
	}
	} else if (hash) {
	var session = TwoFactor.findOne({
	hash: hash,
	username: username
	});

	if (session) {
	//TODO: write validation
	return [401, hash];
	} else {
	throw new Meteor.Error(404, 'No Session');
	}
	} else {
	//TODO: write some method of generating a code or some pass into the system
	generatedCodeToPass;

	var now = new Date();
	//TODO: CRYPTO HASH
	var hash = +now;

	//Lets put this in our collection

	TwoFactor.insert({
	hash: hash,
	code: generatedCodeToPass,
	username: username,
	sent: now
	});

	//TODO: Send user a message to complete this
	}
	}
	}
	})