Skip to content

Commit

Permalink
Merge pull request #60 from EOSIO/develop
Browse files Browse the repository at this point in the history
Webauthn release
  • Loading branch information
jlamarr22 authored Jan 17, 2020
2 parents 5eb7380 + 2da7cf6 commit 961d4d5
Show file tree
Hide file tree
Showing 67 changed files with 3,299 additions and 1,677 deletions.
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -69,3 +69,8 @@ jspm_packages/

# Misc
.env

# Smart Contract Artifacts
*.wasm
*.abi

6 changes: 3 additions & 3 deletions .gitpod.dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ RUN echo "INSTALLING EOSIO AND CDT" \
&& apt-get install -y wget sudo curl \
&& wget https://github.com/EOSIO/eosio.cdt/releases/download/v1.6.1/eosio.cdt_1.6.1-1_amd64.deb \
&& apt-get update && sudo apt install -y --allow-downgrades ./eosio.cdt_1.6.1-1_amd64.deb \
&& wget https://github.com/EOSIO/eos/releases/download/v1.8.6/eosio_1.8.6-1-ubuntu-18.04_amd64.deb \
&& apt-get update && sudo apt install -y ./eosio_1.8.6-1-ubuntu-18.04_amd64.deb \
&& rm ./eosio_1.8.6-1-ubuntu-18.04_amd64.deb \
&& wget https://github.com/EOSIO/eos/releases/download/v2.0.0/eosio_2.0.0-1-ubuntu-18.04_amd64.deb \
&& apt-get update && sudo apt install -y ./eosio_2.0.0-1-ubuntu-18.04_amd64.deb \
&& rm ./eosio_2.0.0-1-ubuntu-18.04_amd64.deb \
&& rm ./eosio.cdt_1.6.1-1_amd64.deb
2 changes: 1 addition & 1 deletion .gitpod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ ports:
onOpen: ignore
# We open this port because it's the port that nginx is serving and which is federating the other services (web app and chain in this case)
- port: 8000
onOpen: open-preview
onOpen: open-browser
- port: 8900
onOpen: ignore
- port: 8080
Expand Down
27 changes: 27 additions & 0 deletions IMPORTANT.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Important Notice

We (block.one and its affiliates) make available EOSIO and other software, updates, patches and documentation (collectively, Software) on a voluntary basis as a member of the EOSIO community. A condition of you accessing any Software, websites, articles, media, publications, documents or other material (collectively, Material) is your acceptance of the terms of this important notice.

## Software
We are not responsible for ensuring the overall performance of Software or any related applications. Any test results or performance figures are indicative and will not reflect performance under all conditions. Software may contain components that are open sourced and subject to their own licenses; you are responsible for ensuring your compliance with those licenses.

We make no representation, warranty, guarantee or undertaking in respect of Software, whether expressed or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the Software or the use or other dealings in the Software.

Wallets and related components are complex software that require the highest levels of security. If incorrectly built or used, they may compromise users’ private keys and digital assets. Wallet applications and related components should undergo thorough security evaluations before being used. Only experienced developers should work with such Software.

Material is not made available to any person or entity that is the subject of sanctions administered or enforced by any country or government or otherwise designated on any list of prohibited or restricted parties (including but not limited to the lists maintained by the United Nations Security Council, the U.S. Government, the European Union or its Member States, or other applicable government authority) or organized or resident in a country or territory that is the subject of country-wide or territory-wide sanctions. You represent and warrant that neither you nor any party having a direct or indirect beneficial interest in you or on whose behalf you are acting as agent or nominee is such a person or entity and you will comply with all applicable import, re-import, sanctions, anti-boycott, export, and re-export control laws and regulations. If this is not accurate or you do not agree, then you must immediately cease accessing our Material and delete all copies of Software.

Any person using or offering Software in connection with providing software, goods or services to third parties shall advise such third parties of this important notice, including all limitations, restrictions and exclusions of liability.

## Trademarks
Block.one, EOSIO, EOS, the heptahedron and associated logos and related marks are our trademarks. Other trademarks referenced in Material are the property of their respective owners.

## Third parties
Any reference in Material to any third party or third-party product, resource or service is not an endorsement or recommendation by Block.one. We are not responsible for, and disclaim any and all responsibility and liability for, your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so information in Material may be out of date or inaccurate.

## Forward-looking statements
Please note that in making statements expressing Block.one’s vision, we do not guarantee anything, and all aspects of our vision are subject to change at any time and in all respects at Block.one’s sole discretion, with or without notice. We call these “forward-looking statements”, which includes statements on our website and in other Material, other than statements of historical facts, such as statements regarding EOSIO’s development, expected performance, and future features, or our business strategy, plans, prospects, developments and objectives. These statements are only predictions and reflect Block.one’s current beliefs and expectations with respect to future events; they are based on assumptions and are subject to risk, uncertainties and change at any time.

We operate in a rapidly changing environment and new risks emerge from time to time. Given these risks and uncertainties, you are cautioned not to rely on these forward-looking statements. Actual results, performance or events may differ materially from what is predicted in the forward-looking statements. Some of the factors that could cause actual results, performance or events to differ materially from the forward-looking statements include, without limitation: technical feasibility and barriers; market trends and volatility; continued availability of capital, financing and personnel; product acceptance; the commercial success of any new products or technologies; competition; government regulation and laws; and general economic, market or business conditions.

All statements are valid only as of the date of first posting and Block.one is under no obligation to, and expressly disclaims any obligation to, update or alter any statements, whether as a result of new information, subsequent events or otherwise. Nothing in any Material constitutes technological, financial, investment, legal or other advice, either in general or with regard to any particular situation or implementation. Please consult with experts in appropriate areas before implementing or utilizing anything contained in Material.
54 changes: 43 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# 🌴 Tropical Example <!-- omit in toc -->
Tropical Example is a mock application for renting properties. It will be referenced throughout this guide as an example for application developers to start building secure applications with a good user experience on the EOSIO blockchain.
Tropical Example is a mock application for renting properties. It will be referenced throughout this guide as an example for application developers to start building secure applications with a good user experience on the EOSIO blockchain.

![EOSIO Labs](https://img.shields.io/badge/EOSIO-Labs-5cb3ff.svg)

Expand All @@ -12,7 +12,7 @@ EOSIO Labs repositories are experimental. Developers in the community are encour
### Try it out in Gitpod ###

Gitpod [launches the app](https://gitpod.io/#https://github.com/EOSIO/tropical-example-web-app) for you. It starts the required blockchain in the background, launches the web server, and opens a preview window.
NOTES:
NOTES:
1) There are several times during startup it might look like startup hangs, namely... near the end of the docker build, once the IDE comes up, and then once the preview shows.
2) Sometimes when Gitpod launches the webapp preview, it does so prematurely. Just click the small refresh circular arrow icon in the top left of the preview window.
3) Gitpod generates a dynamic URL for the browser to access the app from. This URL is needed in numerous parts of the app, so note that there is code in this repo specifically meant for Gitpod compatibility. A comment has been added in those locations to point it out.
Expand All @@ -33,7 +33,7 @@ The following open source repositories are utilized in Tropical Example:
* Using the [Universal Authenticator Library (UAL)](https://github.com/EOSIO/universal-authenticator-library/) for quick and easy integration with multiple authentication providers (wallets).
* Increasing the security and transparency of your application by following the [Manifest Specification](https://github.com/EOSIO/manifest-spec).
* Displaying human readable Ricardian Contracts of your proposed EOSIO actions by following the [Ricardian Specification](https://github.com/EOSIO/ricardian-spec).

## Table of Contents <!-- omit in toc -->
- [Universal Authenticator Library (UAL)](#universal-authenticator-library-ual)
- [Installation](#installation)
Expand All @@ -49,6 +49,7 @@ The following open source repositories are utilized in Tropical Example:
- [Transactions Errors](#transactions-errors)
- [Manifest Specification](#manifest-specification)
- [Ricardian Specification](#ricardian-specification)
- [WebAuthn](#webauthn)
- [Running Tropical Example](#running-tropical-example)
- [Required Tools](#required-tools)
- [Setup](#setup-1)
Expand All @@ -57,6 +58,8 @@ The following open source repositories are utilized in Tropical Example:
- [Running Nodeos](#running-nodeos)
- [Running Frontend](#running-frontend)
- [Login](#login-1)
- [Using WebAuthn](#using-webauthn)
- [Other Available Actions](#other-available-actions)
- [Docker Compose Command Reference](#docker-compose-command-reference)
- [Links](#links)
- [Contributing](#contributing)
Expand Down Expand Up @@ -107,7 +110,7 @@ import { Scatter } from 'ual-scatter'
import { Lynx } from 'ual-lynx'
import { TokenPocket } from 'ual-token-pocket'
...
const appName = 'Tropical Example'
const appName = 'Tropical-Example'

// Chains
const chain = {
Expand Down Expand Up @@ -230,7 +233,7 @@ It is **highly recommended** in the transaction configuration to provide a `expi

```javascript
import { UALContext } from 'ual-reactjs-renderer'
import { generateTransaction } from 'utils/transaction'
import { generateLikeTransaction } from 'utils/transaction'
...
class Property extends React.Component {
static contextType = UALContext
Expand All @@ -242,7 +245,7 @@ class Property extends React.Component {
if (activeUser) {
try {
const accountName = await activeUser.getAccountName()
const transaction = generateTransaction(accountName)
const transaction = generateLikeTransaction(accountName)
// The activeUser.signTransaction will propose the passed in transaction to the logged in Authenticator
await activeUser.signTransaction(transaction, { broadcast: true, expireSeconds: 300 })
this.setState({ liked: true })
Expand Down Expand Up @@ -337,6 +340,16 @@ Tropical Example follows the Ricardian Specification by providing the following:

_If you need information not covered in this guide, you can reference the Ricardian Specification [here](https://github.com/EOSIO/ricardian-spec)._

## WebAuthn

Tropical Example implements WebAuthn as a 2nd factor.

After logging in, under the user menu, you'll find an option to "enroll" a 2FA device. Use this option in conjunction with your device's build-in biometric scanner, secure element, or external hardware key to enroll a key with the Tropical Example.

Then, on the Properties Search Results page, you'll see a 'Rent' button. Where liking something is a relatively low-risk activity, the Rent button represents a real-world use case for commiting yourself to rent that property. In this case where money is on the line, the app will request you sign for the Rent action with the enrolled key.

Read more about this example and technology [here -- REQUIRE LINK to blog or Release Notes of some kind](https://www.google.com)

## Running Tropical Example

### Required Tools
Expand Down Expand Up @@ -391,10 +404,10 @@ You can view the contract in the [eosio/contracts directory](https://github.com/
### Running Frontend

```bash
yarn start
yarn startSecure
```
This command runs the app in the development mode.
Open [http://localhost:3000](http://localhost:3000) to view it in the browser.
This command runs the app in development mode over SSL. You can also run `yarn start` to run the app without SSL. You will need to install a self-signed SSL certificate or enable [allow-insecure-localhost](chrome://flags/#allow-insecure-localhost) if running over SSL in chrome.
Open [https://localhost:3000](https://localhost:3000) to view it in the browser.

The page will reload if you make edits.

Expand All @@ -410,6 +423,25 @@ EOS6TWM95TUqpgcjYnvXSK5kBsi6LryWRxmcBaULVTvf5zxkaMYWf
5KkXYBUb7oXrq9cvEYT3HXsoHvaC2957VKVftVRuCy7Z7LyUcQB
```

### Using WebAuthn

After setting up the application and logging in, you can enable WebAuthn if you want to be able to `rent` a property.
![Enabling WebAuthn](docs/images/enable-webauthn.png)

Once you enable WebAuthn with your choice of hardware, you can browse to the list of properties and select `rent`. Scatter will prompt you to allow this action by authenticating with your hardware.
![Renting A Property](docs/images/scatter-rent-property.png)

After confirming the transaction, you should now see an indicator that your property has been rented successfully.
![Rented Property](docs/images/rented-property.png)

#### Other Available Actions

You can like a property (WebAuthn not required). After browsing to the list of properties and selecting `like`, scatter will prompty you to allow this action.
![Liking A Property](docs/images/scatter-like-property.png)

After confirming the transaction, you should now see an indicator that your property has been liked successfully.
![Liked Property](docs/images/liked-property.png)

### Docker Compose Command Reference

```bash
Expand All @@ -435,6 +467,6 @@ Check out the [Contributing](./CONTRIBUTING.md) guide and please adhere to the [

## Important

See LICENSE for copyright and license terms. Block.one makes its contribution on a voluntary basis as a member of the EOSIO community and is not responsible for ensuring the overall performance of the software or any related applications. We make no representation, warranty, guarantee or undertaking in respect of the software or any related documentation, whether expressed or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or documentation or the use or other dealings in the software or documentation. Any test results or performance figures are indicative and will not reflect performance under all conditions. Any reference to any third party or third-party product, service or other resource is not an endorsement or recommendation by Block.one. We are not responsible, and disclaim any and all responsibility and liability, for your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so the information here may be out of date or inaccurate. Any person using or offering this software in connection with providing software, goods or services to third parties shall advise such third parties of these license terms, disclaimers and exclusions of liability. Block.one, EOSIO, EOSIO Labs, EOS, the heptahedron and associated logos are trademarks of Block.one.
See [LICENSE](./LICENSE) for copyright and license terms.

Wallets and related components are complex software that require the highest levels of security. If incorrectly built or used, they may compromise users’ private keys and digital assets. Wallet applications and related components should undergo thorough security evaluations before being used. Only experienced developers should work with this software.
All repositories and other materials are provided subject to the terms of this [IMPORTANT](./IMPORTANT.md) notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources, and forward-looking statements. By accessing any of our repositories and other materials, you accept and agree to the terms of the notice.
1 change: 1 addition & 0 deletions cypress.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{}
30 changes: 30 additions & 0 deletions cypress/integration/App.spec.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@

describe('Tropical Stay', () => {

it('Rent Action', () => {
cy.visit('https://localhost:3000')
cy.contains('Login').click()
cy.wait(1000)
cy.get('[aria-label="Scatter"]').click()
cy.wait(2000)
cy.get('.user-info-container').should('have.text', ' Signed in as example')

cy.get('div[role=button].user-info-dropdown-btn').click()
cy.get('[aria-label="Enable WebAuthn 2FA"]').click()
cy.get('[aria-label="Enable WebAuthn 2FA"]').click()
cy.wait(2500)
cy.get('div[role=button].user-info-dropdown-btn').click()
cy.get('.user-dropdown-item.menu-item-with-icon').first().should('have.text', 'WebAuthn 2FA Enabled!')

cy.get('[aria-label="Search a Property Submit"]').click()
cy.get('[aria-label="Rent Property Button"]').first().click()
cy.wait(2000)
cy.get('[aria-label="Rent Property Button"]').first().should('have.text', 'Renting')

cy.get('[aria-label="Like Property Button"]').first().click()
cy.wait(2000)
cy.get('[aria-label="Like Property Button"]').first().should('have.text', 'Liked')
})
})


3 changes: 3 additions & 0 deletions default.env
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ REACT_APP_CHAIN_ID=cf057bbfb72640471fd910bcb67639c22df9f92470936cddc1ade0e2f2e7d
REACT_APP_RPC_PROTOCOL=http
REACT_APP_RPC_HOST=localhost
REACT_APP_RPC_PORT=8888

# Server
API_SERVER_PRIVATE_KEY=5Jh6jf9g1UzcWrMMsgqd5GrTCgzeKkh5yT7EUZbiU7wB7k4Ayx1
2 changes: 1 addition & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ services:
labels:
- "cleanup"
image: tropical-example/eosio
command: ["nodeos", "--data-dir", "/root/.local/share", "-e", "-p", "eosio", "--hard-replay", "--plugin", "eosio::producer_plugin", "--plugin", "eosio::chain_api_plugin", "--plugin", "eosio::http_plugin", "--http-server-address=0.0.0.0:8888", "--access-control-allow-origin=*", "--contracts-console", "--http-validate-host=false", "--verbose-http-errors"]
command: ["nodeos", "--data-dir", "/root/.local/share", "-e", "-p", "eosio", "--hard-replay", "--plugin", "eosio::producer_plugin", "--plugin", "eosio::chain_api_plugin", "--plugin", "eosio::http_plugin", "--http-server-address=0.0.0.0:8888", "--access-control-allow-origin=*", "--contracts-console", "--http-validate-host=false", "--verbose-http-errors", "--max-transaction-time=100"]
labels:
- "cleanup"
ports:
Expand Down
Loading

0 comments on commit 961d4d5

Please sign in to comment.