fix handling for 2FA device approval via Duo Push (#42)

tylerccarson · web-flow · commit 6a7c94393f34 · 2024-02-07T10:04:49.000-08:00
diff --git a/keeperapi/package-lock.json b/keeperapi/package-lock.json
diff --git a/keeperapi/package.json b/keeperapi/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@keeper-security/keeperapi",
   "description": "Keeper API Javascript SDK",
-  "version": "16.0.52",
+  "version": "16.0.53",
   "browser": "dist/index.es.js",
   "main": "dist/index.cjs.js",
   "types": "dist/node/index.d.ts",
diff --git a/keeperapi/src/auth.ts b/keeperapi/src/auth.ts
@@ -684,14 +684,19 @@ export class Auth {
 
             const processPushNotification = (wssRs: Record<string, any>) => {
                 if (wssRs.event === 'received_totp') {
-                    const token = wssRs.encryptedLoginToken ? normal64Bytes(wssRs.encryptedLoginToken) : loginToken
-                    if (wssRs.passcode) {
+                    // Duo
+                    if (wssRs.encryptedLoginToken) {
+                        const token = normal64Bytes(wssRs.encryptedLoginToken)
+                        resumeWithToken(token)
+                    }
+                    // DNA
+                    else if (wssRs.passcode) {
                         const tfaChannel = channels.find(x => x.channel === DeviceVerificationMethods.TFA)
                         if (tfaChannel && tfaChannel.validateCode) {
                             tfaChannel.validateCode(wssRs.passcode)
                         }
                     } else {
-                        resumeWithToken(token)
+                        // do nothing, we don't leak rejection during device approvals
                     }
                 } else if (wssRs.message === 'device_approved') {
                     if (wssRs.approved) {
@@ -871,10 +876,13 @@ export class Auth {
 
             const processPushNotification = (wssRs: Record<string, any>) => {
                 if (wssRs.event === 'received_totp') {
+                    // Duo
                     if (wssRs.encryptedLoginToken) {
                         const token = normal64Bytes(wssRs.encryptedLoginToken)
                         resumeWithToken(token)
-                    } else if (wssRs.passcode) {
+                    }
+                    // DNA
+                    else if (wssRs.passcode) {
                         (async () => {
                             await submitCode(lastPushChannel, wssRs.passcode)
                         })()

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@keeper-security/keeperapi",`
`3`	`3`	`"description": "Keeper API Javascript SDK",`
`4`		`- "version": "16.0.52",`
	`4`	`+ "version": "16.0.53",`
`5`	`5`	`"browser": "dist/index.es.js",`
`6`	`6`	`"main": "dist/index.cjs.js",`
`7`	`7`	`"types": "dist/node/index.d.ts",`