Enrollment for TOTP & SMS (#1)

Enrollment for TOTP & SMS

Author: nikolaseu

CHANGELOG.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Auth0, Inc. <support@auth0.com> (http://auth0.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE

@@ -26,6 +26,111 @@ or Gradle:
 compile 'com.auth0:guardian:0.0.1'
 ```
 
+## Usage
+
+Create an instance of `Guardian` using you Guardian URL:
+
+```java
+Guardian guardian = new Guardian("https://<tenant>.guardian.auth0.com");
+```
+
+Obtain an enrollment ticket from API2:
+
+```java
+String enrollmentTicket = "Ag1qX7vZVBvyTKhFwrkzaCH2M8vn5b6c";
+```
+
+### Enrollment
+
+#### TOTP
+
+Use the ticket and `EnrollmentType.TOTP()` to request an TOTP enrollment.
+For TOTP you must ask for the TOTP URI to show to the user in the QR code.
+
+```java
+Transaction enrollmentTransaction;
+try {
+    enrollmentTransaction = guardian
+            .requestEnroll(enrollmentTicket, EnrollmentType.TOTP());
+
+    // Only for TOTP: use the TOTP URI to create a QR and scan with an app
+    String totpURI = enrollmentTransaction.totpURI("Username", "Issuer");
+    System.out.println(totpURI);
+
+} catch (IOException e) {
+    // connection issue, might be internet (or invalid certificates for example)
+} catch (GuardianException e) {
+    if (e.isAlreadyEnrolled()) {
+        // the user was already enrolled
+    } else if (e.isInvalidToken()) {
+        // the ticket is not valid anymore, or was already used
+    } else {
+        // some other guardian error, check the message
+    }
+}
+```
+
+#### SMS
+
+For SMS use `EnrollmentType.SMS()` and the phone number instead:
+
+```java
+Transaction enrollmentTransaction;
+try {
+    enrollmentTransaction = guardian
+            .requestEnroll(enrollmentTicket, EnrollmentType.SMS("+5493424217158"));
+
+} catch (IOException e) {
+    // connection issue, might be internet (or invalid certificates for example)
+} catch (GuardianException e) {
+    if (e.isAlreadyEnrolled()) {
+        // the user was already enrolled
+    } else if (e.isInvalidToken()) {
+        // the ticket is not valid anymore, or was already used
+    } else {
+        // some other guardian error, check the message
+    }
+}
+```
+
+### Transaction storage
+
+`Transaction` implements `java.io.Serializable` interface so you can save and restore it easily.
+
+> The transaction contains sensitive information like the transaction token and the recovery code. Keep in mind this
+> when considering possible storage options.
+
+### Confirm enrollment
+
+Restore the enrollment transaction from wherever you saved it, and use it together with the OTP that the user inputs to
+confirm the enrollment, whether it's TOTP or SMS.
+
+If the OTP was valid, the enrollment is confirmed and you get an object that contains the recovery code.
+
+```java
+// get the OTP from SMS or TOTP app
+String code = "123456";
+
+try {
+    Enrollment enrollment = guardian.confirmEnroll(enrollmentTransaction, code);
+
+    // Get the recovery code and show to the user
+    String recoveryCode = enrollment.getRecoveryCode();
+    System.out.println(recoveryCode);
+
+} catch (IOException e) {
+    // connection issue, might be internet (or invalid certificates for example)
+} catch (GuardianException e) {
+    if (e.isInvalidToken()) {
+        // the transaction is not valid anymore
+    } else if (e.isInvalidOTP()) {
+        // the OTP is not valid
+    } else {
+        // some other guardian error, check the message
+    }
+}
+```
+
 ## Documentation
 
 For more information about [auth0](http://auth0.com) check our [documentation page](http://docs.auth0.com/).

README.md

@@ -0,0 +1,70 @@
+group = 'com.auth0'
+
+apply plugin: 'com.auth0.gradle.oss-library.java'
+apply plugin: 'jacoco'
+
+logger.lifecycle("Using version ${version} for ${name}")
+
+oss {
+    name 'guardian'
+    repository 'guardian-java'
+    organization 'auth0'
+    description 'Java library for Auth0\'s Guardian platform.'
+
+    developers {
+        auth0 {
+            displayName = 'Auth0'
+            email = 'oss@auth0.com'
+        }
+        nikolaseu {
+            displayName = 'Nicolas Ulrich'
+            email = 'nicolas.ulrich@auth0.com'
+        }
+    }
+}
+
+jacocoTestReport {
+    reports {
+        xml.enabled = true
+        html.enabled = true
+    }
+}
+
+compileJava {
+    sourceCompatibility '1.7'
+    targetCompatibility '1.7'
+}
+
+buildscript {
+    repositories {
+        maven {
+            url "https://plugins.gradle.org/m2/"
+        }
+    }
+    dependencies {
+        classpath 'com.jfrog.bintray.gradle:gradle-bintray-plugin:1.7'
+        classpath "gradle.plugin.com.auth0.gradle:oss-library:0.6.0"
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+test {
+    testLogging {
+        events "skipped", "failed"
+        exceptionFormat "short"
+    }
+}
+
+dependencies {
+    compile 'com.squareup.okhttp3:okhttp:3.6.0'
+    compile 'com.squareup.okhttp3:logging-interceptor:3.6.0'
+    compile 'com.fasterxml.jackson.core:jackson-databind:2.8.7'
+
+    testCompile 'org.mockito:mockito-core:2.5.4'
+    testCompile 'com.squareup.okhttp3:mockwebserver:3.6.0'
+    testCompile 'org.hamcrest:java-hamcrest:2.0.0.0'
+    testCompile 'junit:junit:4.11'
+}

build.gradle

@@ -0,0 +1,6 @@
+#Tue Jan 03 13:42:16 ART 2017
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.13-all.zip

gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"