It has been created to demonstrate an API that secured with Two Factor Authentication.
- NodeJS
Install the application dependencies including dev dependencies.
$ npm install
In order to start the application run the following command
$ npm start
Please check swagger.yaml
file.
$ npm run test
- Register - authentication with username and password - happy flow
- Create a new user by using the register endpoint (POST /v1/security/register)
- Authenticate the user and keep the access token from the authentication response (POST /v1/security/authenticate)
- Try to access the secured dummy endpoint with authorization header (POST /v1/admin/dashboard)
- Authenticate - enable 2FA - happy flow
- Authenticate the user and keep the access token from the authentication response (POST /v1/security/authenticate)
- Enable 2FA and keep the user secret from the api response (POST /v1/security/enable-tfa)
- Store the user secret in an authenticator application (Example: Google Authenticator)
- Authenticate - Verify 2FA code - happy flow
- Authenticate the user and keep the short life access token from the authentication response (POST /v1/security/authenticate)
- Check the authenticator application in your phone and keep the verification code
- Verify the code and keep the long life access token from the api response (POST /v1/security/verify-tfa-code)
Incoming requrest validationRegistrationAuthenticationCreate a dummy endpoint to be secured by access controlToken based authenticationSecure the dummy endpoint and allow access to authentication/register endpointsStore the user password with encryptionOpen API documentCreate integration tests regarding the current authentication/register flows- README file (In progress)
Enable a user's two factor authentication (Return the the key for the first phase)Verify an authentication code provided by an authentication application such as Google AuthenticatorCreate new test cases regarding enabling 2FA and code verification (Find a way to simulate authenticator app)- Generate QR code to be used by the authenticator applications
- Update the 2FA enabler endpoint as it's gonna return the qr code image url instead of key
- Update the integration tests
Integrate code analysis tool (jslint...)Create CI pipeline