cpaas-sdk 1.1.0 → 1.2.0

data/examples/2fa/.env.example

@@ -1,6 +1,7 @@
-EMAIL=user@test.com
-PASSWORD=123456
-CLIENT_ID=
-CLIENT_SECRET=
-BASE_URL=
-PHONE_NUMBER=
+EMAIL=user@test.com
+PASSWORD=123456
+CLIENT_ID=
+CLIENT_SECRET=
+BASE_URL=
+PHONE_NUMBER=
+DESTINATION_EMAIL=

data/examples/2fa/.gitignore

@@ -1,159 +1,159 @@
-# Ignore the default SQLite database.
-/db/*.sqlite3
-/db/*.sqlite3-journal
-
-# Ignore all logfiles and tempfiles.
-/log/*
-/tmp/*
-!/log/.keep
-!/tmp/.keep
-
-# Ignore uploaded files in development
-/storage/*
-!/storage/.keep
-
-.byebug_history
-
-# Ignore master key for decrypting credentials and more.
-/config/master.key
-
-## App-Specific
-
-# Ignore the generated sample apps folder.
-/public/sample_apps
-
-*.pdf
-
-# Ignore the generated csv folder
-/public/csv
-
-## Capistrano
-
-.env.staging
-.env.production
-.env.china
-.env.developer
-
-## Rails
-
-*.rbc
-*.sassc
-.sass-cache
-capybara-*.html
-.rspec
-/log
-/tmp
-/db/*.sqlite3
-/db/*.sqlite3-journal
-/public/system
-/public/assets
-/public/uploads
-/public/docs
-/coverage/
-/spec/tmp
-rerun.txt
-pickle-email-*.html
-dump.rdb
-
-## Environment normalisation:
-/.bundle
-/vendor/bundle
-
-# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
-.rvmrc
-
-# if using bower-rails ignore default bower_components path bower.json files
-/vendor/assets/bower_components
-*.bowerrc
-bower.json
-
-# Ignore pow environment settings
-.powenv
-
-## Documentation cache and generated files:
-/.yardoc/
-/_yardoc/
-/doc/
-/rdoc/
-
-# Developer-specific files - These have a corresponding *.example file as a template to quickly copy over
-config/database.yml
-.env
-
-## General
-
-# Git
-**.orig
-
-# OS X
-.DS_Store
-.DS_Store?
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-
-# Thumbnails
-._*
-
-# Files that might appear on external disk
-.Spotlight-V100
-.Trashes
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
-
-# Windows image file caches
-Thumbs.db
-ehthumbs.db
-
-# Folder config file
-Desktop.ini
-
-# Recycle Bin used on file shares
-$RECYCLE.BIN/
-
-# Windows Installer files
-*.cab
-*.msi
-*.msm
-*.msp
-
-# Windows shortcuts
-*.lnk
-
-# Compiled source
-*.com
-*.class
-*.dll
-*.exe
-*.o
-*.so
-
-# Packages
-# it's better to unpack these files and commit the raw source
-# git has its own built in compression methods
-*.7z
-*.dmg
-*.gz
-*.iso
-*.jar
-*.rar
-*.tar
-*.zip
-
-# Logs and databases
-*.log
-*.sql
-*.sql-e
-*.sqlite
-
-# Files generated by atom
-*.tags
-*.tags_swap
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep
+
+.byebug_history
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key
+
+## App-Specific
+
+# Ignore the generated sample apps folder.
+/public/sample_apps
+
+*.pdf
+
+# Ignore the generated csv folder
+/public/csv
+
+## Capistrano
+
+.env.staging
+.env.production
+.env.china
+.env.developer
+
+## Rails
+
+*.rbc
+*.sassc
+.sass-cache
+capybara-*.html
+.rspec
+/log
+/tmp
+/db/*.sqlite3
+/db/*.sqlite3-journal
+/public/system
+/public/assets
+/public/uploads
+/public/docs
+/coverage/
+/spec/tmp
+rerun.txt
+pickle-email-*.html
+dump.rdb
+
+## Environment normalisation:
+/.bundle
+/vendor/bundle
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# if using bower-rails ignore default bower_components path bower.json files
+/vendor/assets/bower_components
+*.bowerrc
+bower.json
+
+# Ignore pow environment settings
+.powenv
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+# Developer-specific files - These have a corresponding *.example file as a template to quickly copy over
+config/database.yml
+.env
+
+## General
+
+# Git
+**.orig
+
+# OS X
+.DS_Store
+.DS_Store?
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# Compiled source
+*.com
+*.class
+*.dll
+*.exe
+*.o
+*.so
+
+# Packages
+# it's better to unpack these files and commit the raw source
+# git has its own built in compression methods
+*.7z
+*.dmg
+*.gz
+*.iso
+*.jar
+*.rar
+*.tar
+*.zip
+
+# Logs and databases
+*.log
+*.sql
+*.sql-e
+*.sqlite
+
+# Files generated by atom
+*.tags
+*.tags_swap

data/examples/2fa/.ruby-gemset

@@ -1 +1 @@
-kandy-sdk-example-2fa
+kandy-sdk-example-2fa

data/examples/2fa/.ruby-version

@@ -1 +1 @@
-ruby-2.5.0
+ruby-2.5.0

data/examples/2fa/Gemfile

@@ -1,8 +1,8 @@
-source 'https://rubygems.org'
-
-gem 'sinatra'
-gem 'httparty'
-gem 'dotenv'
-gem 'rerun'
-gem 'pry'
-gem 'cpaas-sdk', '~> 1.0'
+source 'https://rubygems.org'
+
+gem 'sinatra'
+gem 'httparty'
+gem 'dotenv'
+gem 'rerun'
+gem 'pry'
+gem 'cpaas-sdk', '~> 1.1.0'

data/examples/2fa/README.md

@@ -1,34 +1,36 @@
-# Two Factor Authentication Starter App
-
-This is an elementary  login authentication use case of two-factor authentication via SMS. The main focus of this application is to understand and implement the 2FA flow, so least amount of stress is given to the authentication/login mechanism.
-
-## Installation
-1. Copy `.env.example` and rename to `.env` and add the appropriate values. Check `Configuration` section for more details.
-2. To install dependencies, run:
-```bash
-bundle install
-```
-3. To start the server, run:
-```bash
-bundle exec rackup -p 6000
-```
-
-## Configuration
-There are a few environment variables (check `.env` file) to make the application simpler and help us focus on the key aspects a two-factor authentication system via SMS. Some of the variables are pre-filled and some are left blank which are left on the user to place appropriate values. All the variables are mandatory.
-
-ENV KEY       | Description
-------------- | -------------
-CLIENT_ID     | Private project key
-CLIENT_SECRET | Private project secret
-BASE_URL      | URL of the CPaaS server to use
-PHONE_NUMBER  | Phone number that would receive the verification code
-EMAIL         | Email used in the login screen of the application
-PASSWORD      | Password to be entered against the EMAIL provided
-
-## Usage
-The application comprises of three simple pages, login, code verification, dashboard/portal
-> + On opening the application in the browser, the login screen is presented. The user needs to enter the `Email` / `Password` that are specified in the `.env` file and click on the `Login` button.
-> + Once the credentials are verified, a verification code is sent out to the phone number and redirected to the code verification page. This phone number corresponds to the one entered in the `.env` file as `PHONE_NUMBER`.
-> + The user now needs to enter the verification code received in the mentioned phone number and click `Verify` button.
-> + The application verifies the entered code. If the code validates, the user is redirected to the dashboard section; else the user will be promoted with an error alert `Code invalid or expired` and is required to re-enter the verification code.
-> + As the user is authenticated, the dashboard opens up. The user can logout from the dashboard and login screen would be presented.
+# Two Factor Authentication Starter App
+
+This is an elementary  login authentication use case of two-factor authentication via SMS. The main focus of this application is to understand and implement the 2FA flow, so least amount of stress is given to the authentication/login mechanism.
+
+## Installation
+1. Copy `.env.example` and rename to `.env` and add the appropriate values. Check `Configuration` section for more details.
+2. To install dependencies, run:
+```bash
+bundle install
+```
+3. To start the server, run:
+```bash
+bundle exec rackup -p 6000
+```
+
+## Configuration
+There are a few environment variables (check `.env` file) to make the application simpler and help us focus on the key aspects a two-factor authentication system via SMS. Some of the variables are pre-filled and some are left blank which are left on the user to place appropriate values. All the variables are mandatory.
+
+ENV KEY           | Description
+----------------- | -------------
+CLIENT_ID         | Private project key
+CLIENT_SECRET     | Private project secret
+BASE_URL          | URL of the CPaaS server to use
+PHONE_NUMBER      | Phone number that would receive the verification code
+EMAIL             | Email used in the login screen of the application
+PASSWORD          | Password to be entered against the EMAIL provided
+DESTINATION_EMAIL | Email that would receive the verification code
+
+
+## Usage
+The application comprises of three simple pages, login, code verification, dashboard/portal
+> + On opening the application in the browser, the login screen is presented. The user needs to enter the `Email` / `Password` that are specified in the `.env` file and click on the `Login` button.
+> + Once the credentials are verified, the verification page is presented to user. Here the user has 2 options, either receive 2FA via SMS or via EMAIL. This phone number/email corresponds to the one entered in the .env file as PHONE_NUMBER/DESTINATION_EMAIL.
+> + The user now needs to enter the verification code received in the mentioned phone number and click `Verify` button.
+> + The application verifies the entered code. If the code validates, the user is redirected to the dashboard section; else the user will be promoted with an error alert `Code invalid or expired` and is required to re-enter the verification code.
+> + As the user is authenticated, the dashboard opens up. The user can logout from the dashboard and login screen would be presented.

data/examples/2fa/app.rb

@@ -1,134 +1,145 @@
-require 'sinatra'
-require 'json'
-require 'pry'
-require 'cpaas-sdk'
-
-require './helper'
-
-
-class App < Sinatra::Application
-  enable :sessions
-
-  def initialize
-    super
-
-    # Initialize
-    Cpaas.configure do |config|
-      config.client_id = ENV['CLIENT_ID']
-      config.client_secret = ENV['CLIENT_SECRET']
-      config.base_url = ENV['BASE_URL']
-    end
-  end
-
-  get '/' do
-    redirect '/login'
-  end
-
-  get '/login' do
-    # If user is logged in and trying to access login page, redirect to dashboard.
-    return redirect '/dashboard' if is_logged_in? session
-
-    set_default_state(session)
-
-    erb :login, layout: :index
-  end
-
-  post '/login' do
-    if valid_credentials? params
-      # If login credentials are valid, send_code method is used to request 2FA code
-      # to the phone number as destination_address.
-      #
-      # If a valid response is received, the code_id present in the response is set in the session.
-      # This code_id is eventually used when the 2FA code (received in the phone number) needs to be verified.
-      # Once the code_id is set, the user is redirected to the code verification page
-      # where the user is prompted to enter the code received in the phone number.
-      #
-      # If an error is raised by send_code, it is caught in the catch block and the user is
-      # redirected to the login page with the received error message as an alert.
-
-      response = Cpaas::Twofactor.send_code({
-        destination_address: ENV['PHONE_NUMBER'],
-        message: 'Your verification code: {code}'
-        })
-
-      if response[:exception_id]
-        # Here something went wrong either with the server or proper parameters were not passed.
-        # Received error message is echoed back to the UI as error alert.
-        return erb :login, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
-      end
-
-      session[:code_id] = response[:code_id]
-      set_credentials_verified(session)
-
-      redirect '/verify'
-    else
-      # If login credentials do not match with credentials present in .env, login page is re-rendered with error alert
-      erb :login, layout: :index, locals: { alert: { message: 'Invalid username or password', type: 'error' } }
-    end
-  end
-
-  get '/verify' do
-    # If logged in and trying to access login page, redirect to dashboard.
-    return redirect '/dashboard' if is_logged_in? session
-    # If login credentials are not verified but tries to access the code verification page, user is redirected.
-    return redirect '/logout' if !is_credentials_verified? session
-
-    # If the login credentials are verified, user is shown code verification page.
-    erb :verify, layout: :index, locals: { alert: { message: "Verification code has been sent to #{ENV['PHONE_NUMBER']}", type: 'success' } }
-  end
-
-  post '/verify' do
-     # The 2FA code entered in the UI is passed to the verify_code along with codeId,
-     # which was saved from the response of send_code method.
-     #
-     # There are two valid response for verify_code method.
-     #
-     # Type 1 - The 2FA code is successfully verified.
-     # {
-     #  verified: true,
-     #  message: 'Verified'
-     # }
-     #
-     # Type 2 - The 2FA code pass is either incorrect or the code has expired
-     # (The expiry of the code can be changed by passing expiry param in the send_code. Ref - Documentation)
-     # {
-     #  verified: false,
-     #  message: 'Code expired or invalid'
-     # }
-
-    response = Cpaas::Twofactor.verify_code({
-      code_id: session[:code_id],
-      verification_code: params['code']
-    })
-
-    if response[:exception_id]
-      # Here something went wrong either with the server or proper parameters were not passed.
-      # Received error message is echoed back to the UI as error alert.
-      return erb :verify, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
-    end
-
-    if response[:verified]
-      login session
-      # The code is verified and redirected to dashboard/portal/protected area of app.
-      return redirect '/dashboard'
-    else
-      # The code is invalid and error message received from server is shown as error alert.
-      return erb :verify, layout: :index, locals: { alert: { message: response[:message], type: 'error' } }
-    end
-  end
-
-  get '/dashboard' do
-    # If not logged in, redirected to logout.
-    return redirect '/logout' if !is_logged_in? session
-
-    # Login criteria is fulfilled, renders dashboard/portal/protected area of app
-    erb :dashboard, layout: :index
-  end
-
-  get '/logout' do
-    # Logged in session is cleared
-    logout session
-
-    redirect '/login'
-  end
-end
+require 'sinatra'
+require 'json'
+require 'pry'
+require 'cpaas-sdk'
+
+require './helper'
+
+
+class App < Sinatra::Application
+  enable :sessions
+
+  def initialize
+    super
+
+    # Initialize
+    Cpaas.configure do |config|
+      config.client_id = ENV['CLIENT_ID']
+      config.client_secret = ENV['CLIENT_SECRET']
+      config.base_url = ENV['BASE_URL']
+    end
+  end
+
+  get '/' do
+    redirect '/login'
+  end
+
+  get '/login' do
+    # If user is logged in and trying to access login page, redirect to dashboard.
+    return redirect '/dashboard' if is_logged_in? session
+
+    set_default_state(session)
+
+    erb :login, layout: :index
+  end
+
+  post '/login' do
+    if valid_credentials? params
+      # If login credentials are valid, send_code method is used to request 2FA code
+      # to the phone number as destination_address.
+      #
+      # If a valid response is received, the code_id present in the response is set in the session.
+      # This code_id is eventually used when the 2FA code (received in the phone number) needs to be verified.
+      # Once the code_id is set, the user is redirected to the code verification page
+      # where the user is prompted to enter the code received in the phone number.
+      #
+      # If an error is raised by send_code, it is caught in the catch block and the user is
+      # redirected to the login page with the received error message as an alert.
+      set_credentials_verified(session)
+      redirect '/verify'
+    else
+      # If login credentials do not match with credentials present in .env, login page is re-rendered with error alert
+      erb :login, layout: :index, locals: { alert: { message: 'Invalid username or password', type: 'error' } }
+    end
+  end
+
+  post '/sendtwofactor' do
+    method = params['otp']
+    if method == 'sms'
+      response = Cpaas::Twofactor.send_code({
+        destination_address: ENV['PHONE_NUMBER'],
+        message: 'Your verification code: {code}',
+        method: 'sms'
+      })
+    elsif method == 'email'
+      response = Cpaas::Twofactor.send_code({
+        destination_address: ENV['DESTINATION_EMAIL'],
+        message: 'Your verification code: {code}',
+        method: 'email',
+        subject: 'Twofactor verification'
+      })
+    end
+    if response[:exception_id]
+      # Here something went wrong either with the server or proper parameters were not passed.
+      # Received error message is echoed back to the UI as error alert.
+      return erb :verify, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
+    end
+    session[:code_id] = response[:code_id]
+    erb :verify, layout: :index, locals: { alert: { message: 'Twofactor verification code sent successfully', type: 'success' } }
+  end
+
+  get '/verify' do
+    # If logged in and trying to access login page, redirect to dashboard.
+    return redirect '/dashboard' if is_logged_in? session
+    # If login credentials are not verified but tries to access the code verification page, user is redirected.
+    return redirect '/logout' if !is_credentials_verified? session
+
+    # If the login credentials are verified, user is shown code verification page.
+    erb :verify, layout: :index
+  end
+
+  post '/verify' do
+     # The 2FA code entered in the UI is passed to the verify_code along with codeId,
+     # which was saved from the response of send_code method.
+     #
+     # There are two valid response for verify_code method.
+     #
+     # Type 1 - The 2FA code is successfully verified.
+     # {
+     #  verified: true,
+     #  message: 'Verified'
+     # }
+     #
+     # Type 2 - The 2FA code pass is either incorrect or the code has expired
+     # (The expiry of the code can be changed by passing expiry param in the send_code. Ref - Documentation)
+     # {
+     #  verified: false,
+     #  message: 'Code expired or invalid'
+     # }
+
+    response = Cpaas::Twofactor.verify_code({
+      code_id: session[:code_id],
+      verification_code: params['code']
+    })
+
+    if response[:exception_id]
+      # Here something went wrong either with the server or proper parameters were not passed.
+      # Received error message is echoed back to the UI as error alert.
+      return erb :verify, layout: :index, locals: { alert: { message: error_message(response), type: 'error' } }
+    end
+
+    if response[:verified]
+      login session
+      # The code is verified and redirected to dashboard/portal/protected area of app.
+      return redirect '/dashboard'
+    else
+      # The code is invalid and error message received from server is shown as error alert.
+      return erb :verify, layout: :index, locals: { alert: { message: response[:message], type: 'error' } }
+    end
+  end
+
+  get '/dashboard' do
+    # If not logged in, redirected to logout.
+    return redirect '/logout' if !is_logged_in? session
+
+    # Login criteria is fulfilled, renders dashboard/portal/protected area of app
+    erb :dashboard, layout: :index
+  end
+
+  get '/logout' do
+    # Logged in session is cleared
+    logout session
+
+    redirect '/login'
+  end
+end