Added 2FA to example

Author: virtualzone

example/docker-compose.yml

@@ -22,6 +22,8 @@ services:
             BACKEND_CERT_DIR: '/app/certs/'
             BACKEND_CERT_HOSTNAMES: 'proxy'
             SMTP_SERVER: 'smtp:1025'
+            TOTP_ENABLE: '1'
+            TOTP_ENCRYPT_KEY: 'w66iO0l3Kru7Qgpx'
         depends_on:
             - mongo
     mongo:

example/frontend/src/App.css

@@ -1,3 +1,7 @@
 nav {
     margin-bottom: 50px;
+}
+
+.btn-margin-right {
+    margin-right: 5px;
 }

example/frontend/src/App.js

@@ -13,6 +13,7 @@ import LoginForm from './pages/LoginForm'
 import ConfirmPage from './pages/ConfirmPage'
 import DashboardPage from './pages/DashboardPage';
 import Ajax from './Ajax';
+import TotpEnableForm from './pages/TotpEnableForm';
 
 function RouteWithSubRoutes(route) {
   return (
@@ -47,6 +48,7 @@ const NavHeader = props => {
         {window.sessionStorage.getItem("accessToken") == null ? <Nav.Link href="/signup.html">Sign Up</Nav.Link> : null}
         {window.sessionStorage.getItem("accessToken") == null ? <Nav.Link href="/login.html">Log In</Nav.Link> : null}
         {window.sessionStorage.getItem("accessToken") != null ? <Nav.Link href="/dashboard.html">Dashboard</Nav.Link> : null}
+        {window.sessionStorage.getItem("accessToken") != null ? <Nav.Link href="/totp.html">Security</Nav.Link> : null}
         {window.sessionStorage.getItem("accessToken") != null ? <Nav.Link onClick={handleLogout}>Log Out</Nav.Link> : null}
       </Nav>
     </Navbar>
@@ -74,6 +76,10 @@ const routes = [
   {
     path: "/dashboard.html",
     component: DashboardPage
+  },
+  {
+    path: "/totp.html",
+    component: TotpEnableForm
   }
 ];
 

example/frontend/src/pages/HomePage.tsx

@@ -10,8 +10,8 @@ export default class HomePage extends React.Component {
                     <Col>
                         <h1 className="display-4 font-weight-normal">JWT Auth Proxy Example</h1>
                         <p className="lead font-weight-normal">This web application is meant to demonstrate the usage of the JWT Auth Proxy. You can use it as a template to build your own awesome and secure application.</p>
-                        <Button href="https://github.com/virtualzone/jwt-auth-proxy" className="btn btn-primary">GitHub Page</Button>
-                        <Link to="/signup.html" className="btn btn-outline-secondary">Sign up</Link>
+                        <Button href="https://github.com/virtualzone/jwt-auth-proxy" className="btn btn-primary btn-margin-right">GitHub Page</Button>
+                        <Link to="/signup.html" className="btn btn-outline-secondary btn-margin-right">Sign up</Link>
                         <Link to="/login.html" className="btn btn-outline-secondary">Log in</Link>
                     </Col>
                 </Row>

example/frontend/src/pages/LoginForm.tsx

@@ -6,6 +6,8 @@ interface LoginFormState {
     isLoading: boolean
     hasDataError: boolean
     email: string
+    otp: string
+    requireOtp: boolean
     password: string
 }
 
@@ -16,6 +18,8 @@ export default class LoginForm extends React.Component<{}, LoginFormState> {
             isLoading: false,
             hasDataError: false,
             email: '',
+            otp: '',
+            requireOtp: false,
             password: ''
         };
         this.handleChange = this.handleChange.bind(this);
@@ -36,13 +40,21 @@ export default class LoginForm extends React.Component<{}, LoginFormState> {
         });
         let data = {
             email: this.state.email,
-            password: this.state.password
+            password: this.state.password,
+            otp: this.state.otp
         };
         Ajax.postData("/auth/login", data).then(res => {
             if (res.status === 200) {
-                window.sessionStorage.setItem("accessToken", res.json.accessToken);
-                window.sessionStorage.setItem("refreshToken", res.json.refreshToken);
-                window.location.href = "/dashboard.html";
+                if (res.json.otpRequired) {
+                    this.setState({
+                        requireOtp: true,
+                        isLoading: false
+                    });
+                } else {
+                    window.sessionStorage.setItem("accessToken", res.json.accessToken);
+                    window.sessionStorage.setItem("refreshToken", res.json.refreshToken);
+                    window.location.href = "/dashboard.html";
+                }
                 return;
             }
             this.setState({
@@ -65,13 +77,17 @@ export default class LoginForm extends React.Component<{}, LoginFormState> {
                         <h1 className="display-4 font-weight-normal">Log In</h1>
                         <Alert variant="danger" show={this.state.hasDataError}>Please verify the data you have entered.</Alert>
                         <Form onSubmit={this.handleSubmit}>
-                            <Form.Group controlId="email">
+                            <Form.Group controlId="email" hidden={this.state.requireOtp}>
                                 <Form.Label>Email address</Form.Label>
-                                <Form.Control type="email" name="email" placeholder="[email protected]" value={this.state.email} onChange={this.handleChange} autoFocus={true} />
+                                <Form.Control type="email" name="email" placeholder="[email protected]" value={this.state.email} onChange={this.handleChange} autoFocus={true} required={true} />
                             </Form.Group>
-                            <Form.Group controlId="password">
+                            <Form.Group controlId="password" hidden={this.state.requireOtp}>
                                 <Form.Label>Password</Form.Label>
-                                <Form.Control type="password" name="password" placeholder="Choose a password" value={this.state.password} onChange={this.handleChange} minLength={8} maxLength={32} />
+                                <Form.Control type="password" name="password" placeholder="Enter your password" value={this.state.password} onChange={this.handleChange} minLength={8} maxLength={32} required={true} />
+                            </Form.Group>
+                            <Form.Group controlId="otp" hidden={!this.state.requireOtp}>
+                                <Form.Label>Six-Digit Code</Form.Label>
+                                <Form.Control type="text" pattern="\d*" name="otp" placeholder="Time-based One-time Password (TOTP)" value={this.state.otp} onChange={this.handleChange} minLength={6} maxLength={6} required={this.state.requireOtp} />
                             </Form.Group>
                             <Button variant="primary" type="submit" disabled={this.state.isLoading}>{this.state.isLoading ? 'Loading...' : 'Submit'}</Button>
                         </Form>

example/frontend/src/pages/TotpEnableForm.tsx

@@ -0,0 +1,130 @@
+import React from 'react';
+import { Container, Row, Col, Form, Button, Alert } from "react-bootstrap";
+import Ajax from '../Ajax';
+
+interface TotpEnableFormState {
+    isLoading: boolean
+    hasDataError: boolean
+    stateInit: boolean
+    stateConfirm: boolean
+    stateFinish: boolean
+    secret: string
+    qrCode: string
+    otp: string
+}
+
+export default class TotpEnableForm extends React.Component<{}, TotpEnableFormState> {
+    constructor(props: any) {
+        super(props);
+        this.state = {
+            isLoading: false,
+            hasDataError: false,
+            stateInit: true,
+            stateConfirm: false,
+            stateFinish: false,
+            secret: "",
+            qrCode: "",
+            otp: ""
+        };
+        this.handleChange = this.handleChange.bind(this);
+        this.handleSubmitInit = this.handleSubmitInit.bind(this);
+        this.handleSubmitConfirm = this.handleSubmitConfirm.bind(this);
+    }
+
+    handleChange(event: React.FormEvent) {
+        let target = event.target as HTMLInputElement;
+        this.setState({[target.name]: target.value} as React.ComponentState );
+        event.preventDefault();
+    }
+
+    handleSubmitInit(event: React.FormEvent) {
+        event.preventDefault();
+        this.setState({
+            isLoading: true,
+            hasDataError: false
+        });
+        Ajax.postData("/auth/otp/init").then(res => {
+            if (res.status === 200) {
+                this.setState({
+                    isLoading: false,
+                    hasDataError: false,
+                    stateInit: false,
+                    stateConfirm: true,
+                    secret: res.json.secret,
+                    qrCode: "data:image/png;base64," + res.json.image
+                });
+                return;
+            }
+            this.setState({
+                hasDataError: true,
+                isLoading: false
+            });
+        }).catch(() => {
+            this.setState({
+                hasDataError: true,
+                isLoading: false
+            });
+        });
+    }
+
+    handleSubmitConfirm(event: React.FormEvent) {
+        event.preventDefault();
+        this.setState({
+            isLoading: true,
+            hasDataError: false
+        });
+        let payload = {
+            passcode: this.state.otp
+        };
+        Ajax.postData("/auth/otp/confirm", payload).then(res => {
+            if (res.status === 204) {
+                this.setState({
+                    isLoading: false,
+                    hasDataError: false,
+                    stateConfirm: false,
+                    stateFinish: true
+                });
+                return;
+            }
+            this.setState({
+                hasDataError: true,
+                isLoading: false
+            });
+        }).catch(() => {
+            this.setState({
+                hasDataError: true,
+                isLoading: false
+            });
+        });
+    }
+
+    render() {
+        return (
+            <Container>
+                <Row className="justify-content-md-center">
+                    <Col lg="5">
+                        <h1 className="display-4 font-weight-normal">Security</h1>
+                        <Alert variant="danger" show={this.state.hasDataError}>Please verify the data you have entered.</Alert>
+                        <Form onSubmit={this.handleSubmitInit} hidden={!this.state.stateInit}>
+                            <p>Two-Factor Authentication is not enabled yet. Enable it to add an additional layer of security to your account.</p>
+                            <Button variant="primary" type="submit" disabled={this.state.isLoading}>{this.state.isLoading ? 'Loading...' : 'Enable 2FA'}</Button>
+                        </Form>
+                        <Form onSubmit={this.handleSubmitConfirm} hidden={!this.state.stateConfirm}>
+                            <p>Scan the barcode below with your authenticator app, orenter the code below if you can't use the barcode.</p>
+                            <p><img src={this.state.qrCode} alt="" /></p>
+                            <p>{this.state.secret}</p>
+                            <Form.Group controlId="otp">
+                                <Form.Label>Six-Digit Code from authenticator app</Form.Label>
+                                <Form.Control type="text" pattern="\d*" name="otp" placeholder="Time-based One-time Password (TOTP)" value={this.state.otp} onChange={this.handleChange} minLength={6} maxLength={6} required={true} />
+                            </Form.Group>
+                            <Button variant="primary" type="submit" disabled={this.state.isLoading}>{this.state.isLoading ? 'Loading...' : 'Finish 2FA Setup'}</Button>
+                        </Form>
+                        <div hidden={!this.state.stateFinish}>
+                            <p>2FA is now enabled for your account.</p>
+                        </div>
+                    </Col>
+                </Row>
+            </Container>
+        );
+    }
+}

run.sh

@@ -9,5 +9,7 @@ TEMPLATE_NEW_PASSWORD=../res/newpassword.tpl \
 PROXY_TARGET=http://localhost:8090 \
 CORS_ENABLE=1 \
 BACKEND_GENERATE_CERT=1 \
+TOTP_ENABLE=1 \
+TOTP_ENCRYPT_KEY=w66iO0l3Kru7Qgpx \
 PROXY_WHITELIST=/foo/bar \
 go run `ls *.go | grep -v _test.go`