authsignal-ruby 0.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 98b3ad9c3eff658acd73e84b5fed51ff2391dfa77b21f2d5b5795a939ac1f248
+  data.tar.gz: afe685b894c8dbe660ce2cc1eca91ee4b4b8babaa1caaa56d17e492155726cad
+SHA512:
+  metadata.gz: 31b668b203ff0a0cb1c1f87ca2ed11520a4b873851b6d2e694188450d43ea34a9d3fa9ed6a3167b05cf2b708eafd1b5ddb63736110b223b55cc0b56c8277b461
+  data.tar.gz: 63495260c6ddddfec49e61a214fb53c960d5e4d624b004401ac22ab2c4184c9aaad833971f76b251ce8f80aa9de17090f0919be9e3de5b766b86815b88a7b356

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2022-07-14
+
+- Initial release

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in authsignal-ruby.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,54 @@
+PATH
+  remote: .
+  specs:
+    authsignal-ruby (0.1.2)
+      httparty (~> 0.20.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    crack (0.4.5)
+      rexml
+    diff-lcs (1.5.0)
+    hashdiff (1.0.1)
+    httparty (0.20.0)
+      mime-types (~> 3.0)
+      multi_xml (>= 0.5.2)
+    mime-types (3.4.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2022.0105)
+    multi_xml (0.6.0)
+    public_suffix (4.0.7)
+    rake (13.0.6)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  authsignal-ruby!
+  rake (~> 13.0)
+  rspec (~> 3.2)
+  webmock (~> 3.14.0)
+
+BUNDLED WITH
+   2.2.32

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 justinsoong
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,135 @@
+# Authsignal Server Ruby SDK
+
+[Authsignal](https://www.authsignal.com/?utm_source=github&utm_medium=ruby_sdk) provides passwordless step up authentication (Multi-factor Authentication - MFA) that can be placed anywhere within your application. Authsignal also provides a no-code fraud risk rules engine to manage when step up challenges are triggered.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "authsignal-ruby"
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install authsignal-ruby
+
+## Configuration
+Initialize the Authsignal Ruby SDK, ensuring you do not hard code the Authsignal Secret Key, always keep this safe.
+
+In Ruby on Rails, you would typically place this code block in a file like `config/initializers/authsignal.rb`
+
+```ruby
+Authsignal.setup do |config|
+    config.api_secret_key = ENV["AUTHSIGNAL_SECRET_KEY"]
+end
+```
+
+## Usage
+
+Authsignal's server side signal API has four main calls `track_action`, `get_action`, `get_user`, `identify`
+
+These examples assume that the SDK is being called from a Ruby on Rails app, adapt depending on your server framework.
+
+### Track Action
+The track action call is the main api call to send actions to authsignal, the default decision is to `ALLOW` actions, this allows you to call track action as a means to keep an audit trail of your user activity.
+
+Add to the rules in the admin portal or the change default decision to influence the flows for your end users. If a user is not enrolled with authenticators, the default decision is to `ALLOW`.
+
+```ruby
+# OPTIONAL: The Authsignal cookie available when using the authsignal browser Javascript SDK
+# you could you use own device/session/fingerprinting identifiers.
+authsignal_cookie = request.cookies["__as_aid"]
+
+# OPTIONAL: The idempotencyKey is a unique identifier per track action
+# this could be for a unique object associated to your application
+# like a shopping cart check out id
+# If ommitted, Authsignal will generate the idempotencyKey and return in the response
+idempotency_key = SecureRandom.uuid
+
+# OPTIONAL: If you're using a redirect flow, set the redirect URL, this is the url authsignal will redirect to after a Challenge is completed.
+redirect_url = "https://www.yourapp.com/back_to_your_app"
+
+response = Authsignal.track_action({
+        action_code: "signIn",
+        idempotency_key: idempotency_key,
+        redirect_url: redirect_url,
+        user_id: current_user.id,
+        email: current_user.email,
+        device_id: authsignal_cookie,
+        user_agent: request.user_agent,
+        ip_address: request.ip,
+        custom: {
+            it_could_be_a_bool: true,
+            it_could_be_a_string: "test",
+            it_could_be_a_number: 400.00
+        }
+    }
+)
+```
+*Response*
+```ruby
+response = Authsignal.track_action({..})
+case response[:state]
+when "ALLOW"
+    # Carry on with your operation/business logic
+when "BLOCK"
+    # Stop your operations
+when "CHALLENGE_REQUIRED"
+    # Step up authentication required, redirect or pass the challengeUrl to the front end
+    response[:challenge_url]
+end
+```
+
+### Get Action
+Call get action after a challenge is completed by the user, after a redirect or a succesful browser challenge pop-up flow, and if the state of the action is `CHALLENGE_SUCCEEDED` you can proceed with completing the business logic.
+
+```ruby
+response = Authsignal.get_action(
+    user_id: current_user.id,
+    action_code: "testAction",
+    idempotency_key: "15cac140-f639-48c5-92db-835ec8d3d144")
+
+if(response[:state] === "CHALLENGE_SUCCEEDED")
+    # The user has successfully completed the challenge, and you should proceed with
+    # the business logic
+end
+```
+
+### Get User
+Get user retrieves the current enrolment state of the user, use this call to redirect users to the enrolment or management flows so that the user can do self service management of their authenticator factors. User the `url` in the response to either redirect or initiate the pop up client side flow.
+
+```ruby
+response = Authsignal.get_user(user_id: current_user.id, redirect_url: "http://www.yourapp.com/path-back")
+
+is_enrolled = response[:is_enrolled]
+url = response[:url]
+```
+
+### Identify
+Get identify to link and update additional user indetifiers (like email) to the primary record.
+
+```ruby
+Authsignal.identify(user_id: current_user.id, user: { email: "newemail@email.com" })
+```
+
+### Enrol Authenticator
+If your application already has a valid authenticator like a validated phone number for your customer, you can enrol the authenticator on behalf of the user using this function
+
+```ruby
+Authsignal.enrol_authenticator(user_id: current_user.id, authenticator:{ oob_channel: "SMS", phone_number: "+64270000000" })
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "authsignal"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/authsignal/client.rb

@@ -0,0 +1,70 @@
+module Authsignal
+    class Client
+        USER_AGENT = "Authsignal Ruby v#{Authsignal::VERSION}"
+        NO_API_KEY_MESSAGE  = "No Authsignal API Secret Key Set"
+        include HTTParty
+
+        def initialize
+            self.class.base_uri Authsignal.configuration.base_uri
+            @api_key = require_api_key
+
+            @headers = {
+                        "User-Agent" => USER_AGENT,
+                        'Content-Type' => 'application/json' 
+                        }
+        end
+
+        def require_api_key
+            Authsignal.configuration.api_secret_key || print_api_key_warning
+        end
+
+        def track(action, options = {})
+            actionCode = action[:actionCode]
+            idempotencyKey = ERB::Util.url_encode(action[:idempotencyKey])
+            userId = ERB::Util.url_encode(action[:userId])
+            body = action.except(:userId, :actionCode)
+            path = "/users/#{userId}/actions/#{actionCode}"
+
+            post(path, query: options, body: JSON.generate(body))
+        end
+
+        def get_user(user_id:, redirect_url: nil)
+            if(redirect_url)
+                path = "/users/#{ERB::Util.url_encode(user_id)}?redirectUrl=#{redirect_url}"
+            else
+                path = "/users/#{ERB::Util.url_encode(user_id)}"
+            end
+            get(path)
+        end
+
+        def get_action(user_id, action_code, idempotency_key)
+            get("/users/#{ERB::Util.url_encode(user_id)}/actions/#{action_code}/#{ERB::Util.url_encode(idempotency_key)}")
+        end
+
+        def identify(user_id, user_payload)
+            post("/users/#{ERB::Util.url_encode(user_id)}", body: JSON.generate(user_payload))
+        end
+
+        def enrol_authenticator(user_id, authenticator)
+            post("/users/#{ERB::Util.url_encode(user_id)}/authenticators", body: JSON.generate(authenticator))
+        end
+
+        def get(path, query: {})
+            self.class.get(path, headers: @headers, basic_auth: {username: @api_key})
+        end
+
+        def post(path, query: {}, body: {})
+            self.class.post(path, headers: @headers, body: body, basic_auth: {username: @api_key})
+        end
+
+        private
+
+        def version
+            Authsignal.configuration.version
+        end
+
+        def print_api_key_warning
+            $stderr.puts(NO_API_KEY_MESSAGE)
+        end
+    end
+end

data/lib/authsignal/configuration.rb

@@ -0,0 +1,49 @@
+require "ostruct"
+
+module Authsignal
+  class Configuration
+        def self.config_option(name)
+            define_method(name) do
+                read_value(name)
+            end
+
+            define_method("#{name}=") do |value|
+                set_value(name, value)
+            end
+        end
+  
+        config_option :api_secret_key
+
+        config_option :base_uri
+
+        def initialize
+            @config_values = {}
+      
+            # set default attribute values
+            @defaults = OpenStruct.new({
+                base_uri: 'https://signal.authsignal.com/v1/'
+            })
+        end
+
+        def [](key)
+            read_value(key)
+        end
+    
+        def []=(key, value)
+            set_value(key, value)
+        end
+
+        private
+        def read_value(name)
+            if @config_values.has_key?(name)
+                @config_values[name]
+            else
+                @defaults.send(name)
+            end
+        end
+
+        def set_value(name, value)
+            @config_values[name] = value
+        end
+  end    
+end

data/lib/authsignal/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Authsignal
+  VERSION = "0.1.2"
+end

data/lib/authsignal.rb

@@ -0,0 +1,86 @@
+require "httparty"
+
+require "authsignal/client"
+require "authsignal/configuration"
+
+module Authsignal
+    class << self
+        attr_writer :configuration
+
+        def setup
+            yield(configuration)
+        end
+
+        def configuration
+            @configuration ||= Authsignal::Configuration.new
+        end
+
+
+        def default_configuration
+            configuration.defaults
+        end
+
+        def get_user(user_id:, redirect_url: nil)
+            response = Client.new.get_user(user_id: user_id, redirect_url: redirect_url)
+            response.transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+        end
+
+        def get_action(user_id:, action_code:, idempotency_key:)
+            response = Client.new.get_action(user_id, action_code, idempotency_key)
+            response.transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+        end
+
+        def identify(user_id:, user:)
+            response = Client.new.identify(user_id, user)
+            response.transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+        end
+
+        def enrol_authenticator(user_id:, authenticator:)
+            authenticator = authenticator.transform_keys { |key| camelize(key) }
+            response = Client.new.enrol_authenticator(user_id, authenticator)
+            
+            if response["authenticator"]
+                response["authenticator"] = response["authenticator"].transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+            end
+
+            response = response.transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+
+            response
+        end
+
+        def track_action(event, options={})
+            raise ArgumentError, "Action Code is required" unless event[:action_code].to_s.length > 0
+            raise ArgumentError, "User ID value" unless event[:user_id].to_s.length > 0
+
+            event = event.transform_keys { |key| camelize(key) }
+
+            response = Client.new.track(event, options)
+            success = response && response.success?
+            if success
+                puts("Tracked event! #{response.response.inspect}")
+            else
+                puts("Track failure! #{response.response.inspect} #{response.body}")
+            end
+
+            response.transform_keys { |key| underscore(key) }.transform_keys(&:to_sym)
+        rescue => e
+            RuntimeError.new("Failed to track action")
+            false
+        end
+
+        private
+        def underscore(string)
+            string.gsub(/::/, '/').
+            gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
+            gsub(/([a-z\d])([A-Z])/,'\1_\2').
+            tr("-", "_").
+            downcase
+        end
+
+        def camelize(symbol)
+            string = symbol.to_s
+            string = string.sub(/^(?:(?=\b|[A-Z_])|\w)/) { |match| match.downcase }
+            string.gsub(/(?:_|(\/))([a-z\d]*)/) { "#{$1}#{$2.capitalize}" }.gsub("/", "::").to_sym
+        end
+    end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: authsignal-ruby
+version: !ruby/object:Gem::Version
+  version: 0.1.2
+platform: ruby
+authors:
+- justinsoong
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2022-07-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.20.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.14.0
+description: Authsignal is a passwordless authentication/multifactor authentication
+  step up service with a FraudOps rules engine
+email:
+- justin@authsignal.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/authsignal.rb
+- lib/authsignal/client.rb
+- lib/authsignal/configuration.rb
+- lib/authsignal/version.rb
+homepage: https://github.com/authsignal/authsignal-ruby
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://www.authsignal.com
+  source_code_uri: https://github.com/authsignal/authsignal-ruby
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.32
+signing_key:
+specification_version: 4
+summary: The Authsignal ruby server side signal API.
+test_files: []