cpaas-sdk 1.0.0

data/examples/2fa/.env.example

@@ -0,0 +1,6 @@
+EMAIL=user@test.com
+PASSWORD=123456
+CLIENT_ID=
+CLIENT_SECRET=
+BASE_URL=
+PHONE_NUMBER=

data/examples/2fa/.gitignore

@@ -0,0 +1,159 @@
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+
+.byebug_history
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key
+
+## App-Specific
+
+# Ignore the generated sample apps folder.
+/public/sample_apps
+
+*.pdf
+
+# Ignore the generated csv folder
+/public/csv
+
+## Capistrano
+
+.env.staging
+.env.production
+.env.china
+.env.developer
+
+## Rails
+
+*.rbc
+*.sassc
+.sass-cache
+capybara-*.html
+.rspec
+/log
+/tmp
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/public/system
+/public/assets
+/public/uploads
+/public/docs
+/coverage/
+/spec/tmp
+rerun.txt
+pickle-email-*.html
+dump.rdb
+
+## Environment normalisation:
+/.bundle
+/vendor/bundle
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# if using bower-rails ignore default bower_components path bower.json files
+/vendor/assets/bower_components
+*.bowerrc
+bower.json
+
+# Ignore pow environment settings
+.powenv
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+# Developer-specific files - These have a corresponding *.example file as a template to quickly copy over
+config/database.yml
+.env
+
+## General
+
+# Git
+**.orig
+
+# OS X
+.DS_Store
+.DS_Store?
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# Compiled source
+*.com
+*.class
+*.dll
+*.exe
+*.o
+*.so
+
+# Packages
+# it's better to unpack these files and commit the raw source
+# git has its own built in compression methods
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+
+# Logs and databases
+*.log
+*.sql
+*.sql-e
+*.sqlite
+
+# Files generated by atom
+*.tags
+*.tags_swap

data/examples/2fa/.ruby-gemset

@@ -0,0 +1 @@
+kandy-sdk-example-2fa

data/examples/2fa/.ruby-version

@@ -0,0 +1 @@
+ruby-2.5.0

data/examples/2fa/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+gem 'sinatra'
+gem 'httparty'
+gem 'dotenv'
+gem 'rerun'
+gem 'pry'
+gem 'cpaas-sdk', path: './../../'

data/examples/2fa/README.md

@@ -0,0 +1,34 @@
+# Two Factor Authentication Starter App
+
+This is an elementary  login authentication use case of two-factor authentication via SMS. The main focus of this application is to understand and implement the 2FA flow, so least amount of stress is given to the authentication/login mechanism.
+
+## Installation
+1. Copy `.env.example` and rename to `.env` and add the appropriate values. Check `Configuration` section for more details.
+2. To install dependencies, run:
+```bash
+bundle install
+```
+3. To start the server, run:
+```bash
+bundle exec rackup -p 6000
+```
+
+## Configuration
+There are a few environment variables (check `.env` file) to make the application simpler and help us focus on the key aspects a two-factor authentication system via SMS. Some of the variables are pre-filled and some are left blank which are left on the user to place appropriate values. All the variables are mandatory.
+
+ENV KEY       | Description
+------------- | -------------
+CLIENT_ID     | Private project key
+CLIENT_SECRET | Private project secret
+BASE_URL      | URL of the CPaaS server to use
+PHONE_NUMBER  | Phone number that would receive the verification code
+EMAIL         | Email used in the login screen of the application
+PASSWORD      | Password to be entered against the EMAIL provided
+
+## Usage
+The application comprises of three simple pages, login, code verification, dashboard/portal
+> + On opening the application in the browser, the login screen is presented. The user needs to enter the `Email` / `Password` that are specified in the `.env` file and click on the `Login` button.
+> + Once the credentials are verified, a verification code is sent out to the phone number and redirected to the code verification page. This phone number corresponds to the one entered in the `.env` file as `PHONE_NUMBER`.
+> + The user now needs to enter the verification code received in the mentioned phone number and click `Verify` button.
+> + The application verifies the entered code. If the code validates, the user is redirected to the dashboard section; else the user will be promoted with an error alert `Code invalid or expired` and is required to re-enter the verification code.
+> + As the user is authenticated, the dashboard opens up. The user can logout from the dashboard and login screen would be presented.

data/examples/2fa/app.rb

@@ -0,0 +1,134 @@
+require 'sinatra'
+require 'json'
+require 'pry'
+require 'cpaas-sdk'
+
+require './helper'
+
+
+class App < Sinatra::Application
+  enable :sessions
+
+  def initialize
+    super
+
+    # Initialize
+    Cpaas.configure do |config|
+      config.client_id = ENV['CLIENT_ID']
+      config.client_secret = ENV['CLIENT_SECRET']
+      config.base_url = ENV['BASE_URL']
+    end
+  end
+
+  get '/' do
+    redirect '/login'
+  end
+
+  get '/login' do
+    # If user is logged in and trying to access login page, redirect to dashboard.
+    return redirect '/dashboard' if is_logged_in? session
+
+    set_default_state(session)
+
+    erb :login, layout: :index
+  end
+
+  post '/login' do
+    if valid_credentials? params
+      # If login credentials are valid, send_code method is used to request 2FA code
+      # to the phone number as destination_address.
+      #
+      # If a valid response is received, the code_id present in the response is set in the session.
+      # This code_id is eventually used when the 2FA code (received in the phone number) needs to be verified.
+      # Once the code_id is set, the user is redirected to the code verification page
+      # where the user is prompted to enter the code received in the phone number.
+      #
+      # If an error is raised by send_code, it is caught in the catch block and the user is
+      # redirected to the login page with the received error message as an alert.
+
+      response = Cpaas::Twofactor.send_code({
+        destination_address: ENV['PHONE_NUMBER'],
+        message: 'Your verification code: {code}'
+        })
+
+      if response[:exception_id]
+        # Here something went wrong either with the server or proper parameters were not passed.
+        # Received error message is echoed back to the UI as error alert.
+        return erb :login, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
+      end
+
+      session[:code_id] = response[:code_id]
+      set_credentials_verified(session)
+
+      redirect '/verify'
+    else
+      # If login credentials do not match with credentials present in .env, login page is re-rendered with error alert
+      erb :login, layout: :index, locals: { alert: { message: 'Invalid username or password', type: 'error' } }
+    end
+  end
+
+  get '/verify' do
+    # If logged in and trying to access login page, redirect to dashboard.
+    return redirect '/dashboard' if is_logged_in? session
+    # If login credentials are not verified but tries to access the code verification page, user is redirected.
+    return redirect '/logout' if !is_credentials_verified? session
+
+    # If the login credentials are verified, user is shown code verification page.
+    erb :verify, layout: :index, locals: { alert: { message: "Verification code has been sent to #{ENV['PHONE_NUMBER']}", type: 'success' } }
+  end
+
+  post '/verify' do
+     # The 2FA code entered in the UI is passed to the verify_code along with codeId,
+     # which was saved from the response of send_code method.
+     #
+     # There are two valid response for verify_code method.
+     #
+     # Type 1 - The 2FA code is successfully verified.
+     # {
+     #  verified: true,
+     #  message: 'Verified'
+     # }
+     #
+     # Type 2 - The 2FA code pass is either incorrect or the code has expired
+     # (The expiry of the code can be changed by passing expiry param in the send_code. Ref - Documentation)
+     # {
+     #  verified: false,
+     #  message: 'Code expired or invalid'
+     # }
+
+    response = Cpaas::Twofactor.verify_code({
+      code_id: session[:code_id],
+      verification_code: params['code']
+    })
+
+    if response[:exception_id]
+      # Here something went wrong either with the server or proper parameters were not passed.
+      # Received error message is echoed back to the UI as error alert.
+      return erb :verify, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
+    end
+
+    if response[:verified]
+      login session
+      # The code is verified and redirected to dashboard/portal/protected area of app.
+      return redirect '/dashboard'
+    else
+      # The code is invalid and error message received from server is shown as error alert.
+      return erb :verify, layout: :index, locals: { alert: { message: response[:message], type: 'error' } }
+    end
+  end
+
+  get '/dashboard' do
+    # If not logged in, redirected to logout.
+    return redirect '/logout' if !is_logged_in? session
+
+    # Login criteria is fulfilled, renders dashboard/portal/protected area of app
+    erb :dashboard, layout: :index
+  end
+
+  get '/logout' do
+    # Logged in session is cleared
+    logout session
+
+    redirect '/login'
+  end
+end

data/examples/2fa/config.ru

@@ -0,0 +1,10 @@
+require 'dotenv'
+require 'rubygems'
+require 'bundler'
+
+require './app'
+
+Bundler.require
+Dotenv.load
+
+run App

data/examples/2fa/helper.rb

@@ -0,0 +1,37 @@
+def valid_credentials?(params)
+  ENV['EMAIL'] == params['email'] && ENV['PASSWORD'] == params['password']
+end
+
+def error_message(error)
+  "#{error[:name]}: #{error[:message]} (#{error[:exception_id]})"
+end
+
+def set_credentials_verified(session)
+  session[:credentials_verified] = true
+  session[:code_verified] = false
+end
+
+def is_credentials_verified?(session)
+  session[:credentials_verified] && !session[:code_verified]
+end
+
+def is_logged_in?(session)
+  session[:credentials_verified] && session[:code_verified]
+end
+
+def logout(session)
+  session[:credentials_verified] = true
+  session[:code_verified] = false
+  session[:code_id] = nil
+end
+
+def set_default_state(session)
+  session[:credentials_verified] = false
+  session[:code_verified] = false
+end
+
+
+def login(session)
+  session[:credentials_verified] = true
+  session[:code_verified] = true
+end

data/examples/2fa/public/stylesheets/forms.css

@@ -0,0 +1,28 @@
+.input-group {
+  display: flex;
+  flex-direction: column;
+}
+
+input[type=text],
+input[type=password] {
+  border-radius: 4px;
+  border: 1px solid #ccc;
+  box-sizing: border-box;
+  display: inline-block;
+  font-size: 14px;
+  margin: 8px 0;
+  padding: 12px 20px;
+  width: 100%;
+}
+
+button {
+  background-color: #4CAF50;
+  border-radius: 5px;
+  border: none;
+  color: white;
+  cursor: pointer;
+  font-size: 14px;
+  margin: 8px 0;
+  padding: 14px 20px;
+  width: 100%;
+}

data/examples/2fa/public/stylesheets/global.css

@@ -0,0 +1,7 @@
+body {
+  font-family: Arial, Helvetica, sans-serif;
+  height: 100%;
+  margin: 0;
+  padding: 0;
+  width: 100%;
+}

data/examples/2fa/public/stylesheets/layout.css

@@ -0,0 +1,45 @@
+.box {
+  background-color: #f2f2f2;
+  border-radius: 5px;
+  border: 1px black solid;
+  height: 400px;
+  padding: 20px;
+  width: 300px;
+  display: flex;
+  flex-direction: column;
+  justify-content: center;
+}
+
+.centered-box {
+  margin: calc((50vh - 200px) / 2) auto;
+}
+
+.text-center {
+  text-align: center;
+}
+
+.alert {
+  align-items: center;
+  border-radius: 5px;
+  border: 1px solid transparent;
+  display: flex;
+  height: 30px;
+  justify-content: center;
+  left: 10%;
+  padding: 10px 20px;
+  position: absolute;
+  top: 10px;
+  width: 80%;
+}
+
+.alert-error {
+  color: #721c24;
+  background-color: #f8d7da;
+  border-color: #f5c6cb;
+}
+
+.alert-success {
+  color: #155724;
+  background-color: #d4edda;
+  border-color: #c3e6cb;
+}