feat(templates): add Verify TOTP (#283)

* Add Verify TOTP template

* Add verify-totp .env file explicitly

* Add verify-totp to templates.json

* Use CDN for qrcode

* Remove additional dependency explanation

* Update factor verification handling

* Update factor verification handling
https://www.twilio.com/docs/verify/quickstarts/verify-totp-change-in-api-response-when-authpayload-is-incorrect

* remove duplicate files

Co-authored-by: Kelley Robinson <[email protected]>

Author: robinske

templates.json

@@ -210,6 +210,11 @@
       "name": "Verify Testing Dashboard",
       "description": "Helpful dashboard for testing and debugging during your development with Twilio Verify."
     },
+    {
+      "id": "verify-totp",
+      "name": "Authenticator app (TOTP) authentication",
+      "description": "Use authenticator apps like Authy or Google Authenticator that support Time-based One-Time Passwords (TOTP) with the Verify API."
+    },
     {
       "id": "verify-retry",
       "name": "Verification with Retry Logic",

verify-totp/.env

@@ -0,0 +1,5 @@
+# description: SID of your Twilio Verify Service
+# format: sid
+# link: https://www.twilio.com/console/verify/services
+# required: true
+VERIFY_SERVICE_SID=

verify-totp/README.md

@@ -0,0 +1,87 @@
+# Twilio Verify Time-based One-time passwords (TOTP)
+
+This demo of the [Twilio Verify API](https://www.twilio.com/docs/verify/api) includes the TOTP factor type for supporting authenticator apps like Authy or Google Authenticator.
+
+**Verify TOTP is in Pilot, which means that you'll need to [contact sales to request access to the API](https://www.twilio.com/help/sales). We expect to have Verify TOTP in Public Beta (at which point the API will be availble for self service) by the end of 2021.**
+
+## Pre-requisites
+
+* A Verify Service. [Create one in the Twilio Console](https://www.twilio.com/console/verify/services)
+
+### Environment variables
+
+This project requires some environment variables to be set. To keep your tokens and secrets secure, make sure to not commit the `.env` file in git. When setting up the project with `twilio serverless:init ...` the Twilio CLI will create a `.gitignore` file that excludes `.env` from the version history.
+
+In your `.env` file, set the following values:
+
+| Variable             | Meaning                                                           | Required |
+| :------------------- | :---------------------------------------------------------------- | :------- |
+| `ACCOUNT_SID`        | Find in the [console](https://www.twilio.com/console)             | Yes      |
+| `AUTH_TOKEN`         | Find in the [console](https://www.twilio.com/console)             | Yes      |
+| `VERIFY_SERVICE_SID` | Create one [here](https://www.twilio.com/console/verify/services) | Yes      |
+
+### Function Parameters
+
+`create-factor.js` expects the following parameters:
+
+| Parameter      | Description                                 | Required |
+| :------------- | :------------------------------------------ | :------- |
+| `name`         | An identifier that is used in the authenticator app account name. | Yes |
+
+`verify-new-factor.js` expects the following parameters:
+
+| Parameter           | Description                | Required |
+| :------------------ | :------------------------- | :------- |
+| `identity`          | Unique identity UUID. Returned from `create-factor` function. | Yes |
+| `factorSid`         | Starts with `YF`. Returned from `create-factor` function. | Yes |
+| `code`              | Collected from user input. | Yes |
+
+`verify-new-factor` will also return backup codes in the response.
+
+`create-challenge.js` expects the following parameters:
+
+| Parameter           | Description                | Required |
+| :------------------ | :------------------------- | :------- |
+| `identity`          | Unique identity UUID. Returned from `create-factor` function. | Yes |
+| `factorSid`         | Starts with `YF`. Returned from `create-factor` function. | Yes |
+| `code`              | Collected from user input. | Yes |
+
+
+## Create a new project with the template
+
+1. Install the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart#install-twilio-cli)
+2. Install the [serverless toolkit](https://www.twilio.com/docs/labs/serverless-toolkit/getting-started)
+
+```shell
+twilio plugins:install @twilio-labs/plugin-serverless
+```
+
+3. Initiate a new project
+
+```
+twilio serverless:init totp-sample-app --template=verify-totp && cd totp-sample-app
+```
+
+4. Add your environment variables to `.env`:
+
+Make sure variables are populated in your `.env` file. See [Environment variables](#environment-variables).
+
+5. Start the server :
+
+```
+twilio serverless:start
+```
+
+5. Open the web page at https://localhost:3000/index.html and enter your phone number to test
+
+ℹ️ Check the developer console and terminal for any errors, make sure you've set your environment variables.
+
+## Deploying
+
+Deploy your functions and assets with either of the following commands. Note: you must run these commands from inside your project folder. [More details in the docs.](https://www.twilio.com/docs/labs/serverless-toolkit)
+
+With the [Twilio CLI](https://www.twilio.com/docs/twilio-cli/quickstart):
+
+```
+twilio serverless:deploy
+```

verify-totp/assets/helpers.js

@@ -0,0 +1,61 @@
+document.getElementById('session-reset').addEventListener('click', (event) => {
+  event.preventDefault();
+  sessionStorage.removeItem('name');
+  sessionStorage.removeItem('identity');
+  sessionStorage.removeItem('totpFactorSid');
+  window.location.reload(false);
+});
+
+function hide(element) {
+  element.style.display = 'none';
+}
+
+function hideAll(className) {
+  Array.from(document.getElementsByClassName(className)).forEach((elem) =>
+    hide(elem)
+  );
+}
+
+function showExplainer(name) {
+  hideAll('explainer');
+  document.getElementById(name).style.display = 'block';
+}
+
+function clearStatus() {
+  hideAll('explainer');
+  document.getElementById('status').textContent = '';
+}
+
+function showStatus(message, color = 'gray') {
+  clearStatus();
+  const status = document.getElementById('status');
+  status.style.color = color;
+  status.textContent = message;
+}
+
+function showError(error) {
+  console.error(error);
+  showStatus(error, (color = '#a94442'));
+}
+
+function showSessionData() {
+  const identity = sessionStorage.getItem('identity');
+  const friendlyName = sessionStorage.getItem('name');
+
+  if (identity === null) {
+    hide(document.getElementById('validate-code'));
+  } else {
+    document.getElementById(
+      'session-data'
+    ).textContent = `Demo is running for username '${friendlyName}' with identity '${identity}'.`;
+    document.getElementById('validate-code').style.display = 'inline';
+  }
+}
+
+showSessionData();
+
+function clearPage() {
+  clearStatus();
+  hideAll('dynamic-render');
+  hideAll('otp-form');
+}