commiting auth0 related code here

Sachin Maheshwari · Sachin Maheshwari · commit 688af68926ec · 2021-12-03T11:11:12.000+05:30
diff --git a/web-assets/auth0/dev-tenant/database/login.js b/web-assets/auth0/dev-tenant/database/login.js
@@ -0,0 +1,60 @@
+function login(handleOrEmail, password, callback) {
+    // This script should authenticate a user against the credentials stored in
+    // your database.
+    // It is executed when a user attempts to log in or immediately after signing
+    // up (as a verification that the user was successfully signed up).
+    //
+    // Everything returned by this script will be set as part of the user profile
+    // and will be visible by any of the tenant admins. Avoid adding attributes
+    // with values such as passwords, keys, secrets, etc.
+    //
+    // The `password` parameter of this function is in plain text. It must be
+    // hashed/salted to match whatever is stored in your database. For example:
+    //
+    //     var bcrypt = require('bcrypt@0.8.5');
+    //     bcrypt.compare(password, dbPasswordHash, function(err, res)) { ... }
+    //
+    // There are three ways this script can finish:
+    // 1. The user's credentials are valid. The returned user profile should be in
+    // the following format: https://auth0.com/docs/users/normalized/auth0/normalized-user-profile-schema
+    //     var profile = {
+    //       user_id: ..., // user_id is mandatory
+    //       email: ...,
+    //       [...]
+    //     };
+    //     callback(null, profile);
+    // 2. The user's credentials are invalid
+    //     callback(new WrongUsernameOrPasswordError(email, "my error message"));
+    // 3. Something went wrong while trying to reach your database
+    //     callback(new Error("my error message"));
+    //
+    // A list of Node.js modules which can be referenced is available here:
+    //
+    //    https://tehsis.github.io/webtaskio-canirequire/
+  request.post({
+      url:  "https://api."+configuration.DOMAIN+"/v3/users/login",
+      form: {
+        handleOrEmail: handleOrEmail,
+        password: password
+      }
+      //for more options check: https://github.com/mikeal/request#requestoptions-callback
+    }, function (err, response, body) {
+      console.log("response..............", err,response.statusCode);
+      if (err) return callback(err);
+      if (response.statusCode === 401) return callback();
+      var user = JSON.parse(body);
+      user.result.content.roles = user.result.content.roles.map(function(role) {
+        return role.roleName;
+      });
+  
+      callback(null,   {
+        user_id: user.result.content.id,
+        nickname: user.result.content.handle,
+        email: user.result.content.email,
+        handle:user.result.content.handle,
+        roles: user.result.content.roles,
+        email_verified: user.result.content.emailActive,
+      });
+    });
+  }
+  
diff --git a/web-assets/auth0/dev-tenant/rules/custom.js b/web-assets/auth0/dev-tenant/rules/custom.js
@@ -0,0 +1,78 @@
+
+function (user, context, callback) {
+    if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) { // 
+        const _ = require('lodash');
+        
+      // TODO: implement your rule
+        //  if (context.protocol === "redirect-callback") {
+                            // User was redirected to the /continue endpoint
+        if (context.redirect) { 
+          return callback(null, user, context);
+          // returnning from here no need to check further  
+        }
+       // otherwise to nothing 
+       
+        console.log("Enter Rule: Custom-Claims");
+        let handle = _.get(user, "handle", null);
+        const provider = _.get(user, "identities[0].provider", null);
+        if (!handle && provider === "auth0") {
+          handle = _.get(user, "nickname", null);
+        }
+        console.log("Fetch roles for email/handle: ", user.email, handle, provider);
+        
+        global.AUTH0_CLAIM_NAMESPACE = "https://" + configuration.DOMAIN + "/";
+        try {
+            request.post({
+                url: 'https://api.' + configuration.DOMAIN + '/v3/users/roles',
+                form: {
+                    email: user.email,
+                    handle: handle
+                }
+            }, function (err, response, body) {
+                console.log("called topcoder api for role: response status - ", response.statusCode);
+                if (err) return callback(err, user, context);
+                if (response.statusCode !== 200) {
+                  return callback('Login Error: Whoops! Something went wrong. Looks like your registered email has discrepancy with Authentication. Please connect to our support <a href="mailto:support@topcoder.com">support@topcoder.com</a>. Back to application ', user, context);
+                }
+            
+                let res = JSON.parse(body);
+                // TODO need to double sure about multiple result or no result 
+                let userId = res.result.content.id;
+                let handle = res.result.content.handle;
+                let roles = res.result.content.roles.map(function (role) {
+                    return role.roleName;
+                });
+                let userStatus = res.result.content.active; // true/false 
+
+                // TEMP
+                let tcsso = res.result.content.regSource || '';
+
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'roles'] = roles;
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'userId'] = userId;
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'handle'] = handle;
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'user_id'] = user.identities[0].provider + "|" + userId;
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'tcsso'] = tcsso;
+                context.idToken[global.AUTH0_CLAIM_NAMESPACE + 'active'] = userStatus;
+                context.idToken.nickname = handle;
+                //console.log(user, context);
+                if (!userStatus) {
+                   context.redirect = {
+      								url: `https://accounts-auth0.${configuration.DOMAIN}/check_email.html`
+    						    };
+                  return callback(null, user, context);
+                }
+                if (!userStatus && context.login_counts > 1) {
+                  return callback('Login Alert: Please verify your email first! Please connect to our support <a href="mailto:support@topcoder.com">support@topcoder.com</a>. Back to application ', user, context);
+                }
+                return callback(null, user, context);
+            }
+            );
+        } catch (e) {
+            console.log("Error in calling user roles" + e);
+            return callback("Something went worng!. Please retry.", user, context);
+        }
+    } else {
+        // for other apps do nothing 
+        return callback(null, user, context);
+    }
+}
diff --git a/web-assets/auth0/dev-tenant/rules/enterprise.js b/web-assets/auth0/dev-tenant/rules/enterprise.js
@@ -0,0 +1,163 @@
+
+function (user, context, callback) {
+    if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) { // client/application specific
+
+        const _ = require('lodash');
+        console.log("Enter Rule: Enterprise-User-Registration");
+
+        const baseApiUrl = "https://api." + configuration.DOMAIN + "/v3";
+        //console.log("register user rule executed- user", user);
+        //console.log("register user rule executed - context", context);
+
+        const isEnterprise = (_.get(user, "identities[0].provider") !== 'auth0') &&
+            !(_.get(user, "identities[0].isSocial")) ? true : false;
+
+        console.log("Is enterprise login: ", isEnterprise);
+        if (isEnterprise) {
+            let provider = _.get(user, "identities[0].connection");
+            const providerType = _.get(user, "identities[0].provider");
+            let userId = _.get(user, "identities[0].user_id");
+            userId = userId.substring(userId.lastIndexOf('|') + 1);
+
+            let handle = _.get(user, "nickname", "");
+            const lastName = _.get(user, "family_name");
+            const firstName = _.get(user, "given_name");
+            const email = _.get(user, "email");
+            //const emailVerified = _.get(user, "email_verified", true);
+            const name = _.get(user, "name");
+
+            let isoAlpha2Code = _.get(context, "request.geoip.country_code");
+            let isoAlpha3Code = _.get(context, "request.geoip.country_code3");
+            let countryCode = _.get(context, "request.geoip.country_name");
+            let regSource = _.get(context, "request.query.regSource", null);
+            let retUrl = _.get(context, "request.query.returnUrl", null);
+            let utmSource = _.get(context, "request.query.utmSource", null);
+            let utmMedium = _.get(context, "request.query.utmMedium", null);
+            let utmCampaign = _.get(context, "request.query.utmCampaign", null);
+
+            const resourcePath = '/identityproviders?filter=handle=' + email;
+            const afterActivationURL = configuration.DEFAULT_AFTER_ACTIVATION_URL;
+            const hostName = _.get(context, "request.hostname", null);
+            const registrationCompletetUrl = "https://" + hostName + "/continue";
+            //const userHandleRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL + '/signup.html?source='+ utmSource + '&formAction=' + registrationCompletetUrl;
+            const userHandleRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
+                "/signup.html?regSource=" + regSource +
+                "&firstName=" + encodeURIComponent(firstName) +
+                "&lastName=" + encodeURIComponent(lastName) +
+                "&utmSource=" + encodeURIComponent(utmSource) +
+                "&utmMedium=" + encodeURIComponent(utmMedium) +
+                "&utmCampaign=" + encodeURIComponent(utmCampaign) +
+                "&formAction=" + registrationCompletetUrl +
+                "&returnUrl=" + retUrl;
+
+            console.log("provider", provider, email);
+            try {
+                request.get({
+                    url: baseApiUrl + resourcePath
+                }, function (err, response, body) {
+                    console.log("Enterprise user check - responseBody", body);
+
+                    if (err) {
+                        console.log("Enterprise validation error:", err);
+                    }
+
+                    /**
+                     * check if enterprise profile is valid for our TC database 
+                     */
+
+                    /* 
+                        Aug 2021 adding new wipro-sso connection with name wipro_azuread
+                    */ 
+                     
+                    if (_.includes([configuration.WIPRO_SSO_AZURE_AD_CONNECTION_NAME], provider)
+                    ) {
+                        provider = configuration.WIPRO_SSO_ADFS_CONNECTION_NAME;
+                    }
+
+                    let isSSOUserExist = (_.get(JSON.parse(body), "result.content.name") === provider) ?
+                        true : false;
+
+                    console.log("Enterprise customer alreday available:", isSSOUserExist);
+                    if (!isSSOUserExist) {
+                        console.log("register enterprise user.");
+                        if (context.protocol === "redirect-callback") {
+                            // User was redirected to the /continue endpoint
+                            console.log("print data", typeof context);
+                            console.log("get user extra data from query param");
+                            handle = _.get(context, "request.query.handle", handle);
+                            console.log("...Handle....", handle);
+
+                            const countryStr = _.get(context, "request.query.country", null);
+                            const countryObj = JSON.parse(countryStr);
+                            if (countryObj) {
+                                countryCode = _.get(countryObj, "code", countryCode);
+                                isoAlpha2Code = _.get(countryObj, "alpha2", isoAlpha2Code);
+                                isoAlpha3Code = _.get(countryObj, "alpha3", isoAlpha3Code);
+                            }
+                            utmSource = _.get(context, "request.query.source", utmSource);
+                            utmMedium = _.get(context, "request.query.utmMedium", utmMedium);
+                            utmCampaign = _.get(context, "request.query.utmCampaign", utmCampaign);
+                        } else {
+                            console.log('Redirect to choose user handle page.');
+                            context.redirect = {
+                                url: userHandleRedirectUrl
+                            };
+                            return callback(null, user, context);
+                        }
+                        // Enterprise profile will be active default
+                        let data = {
+                            "param": {
+                                "handle": handle,
+                                "firstName": firstName,
+                                "lastName": lastName,
+                                "email": email,
+                                "country": {
+                                    "code": countryCode,
+                                    "isoAlpha3Code": isoAlpha3Code,
+                                    "isoAlpha2Code": isoAlpha2Code
+                                },
+                                "utmSource": utmSource,
+                                "utmMedium": utmMedium,
+                                "utmCampaign": utmCampaign,
+                                "active": true,
+                                "profile": {
+                                    "name": name,
+                                    "email": email,
+                                    "providerType": providerType,
+                                    "provider": provider,
+                                    "userId": userId
+                                }
+                            },
+                            "options": {
+                                "afterActivationURL": encodeURIComponent( configuration.DEFAULT_AFTER_ACTIVATION_URL)
+                            }
+                        };
+                        console.log("Going to add enterprise", JSON.stringify(data));
+                        request.post({
+                            url: "https://api." + configuration.DOMAIN + "/v3/users",
+                            json: data
+                        }, function (error, response, body) {
+                            if (response.statusCode !== 200) {
+                                console.log("Enterprise registration error", error);
+                            }
+                            // on success 
+                            return callback(null, user, context);
+                            //if (response.statusCode === 401) return callback();
+                        });
+                    } else { // valid social user if block end
+                        return callback(null, user, context);
+                    }
+                }
+                ); // end validatesocial request
+            } catch (e) {
+                console.log(`Error in calling validate enterprise user ${e}`);
+                return callback(null, user, context);
+            }
+        } else {// end isSocial if-block
+            console.log("existing from Enterprise-User-Registration rule.");
+            return callback(null, user, context);
+        }
+    } else { // END client-id check 
+        return callback(null, user, context);
+    }
+}
diff --git a/web-assets/auth0/dev-tenant/rules/resendEmail.js b/web-assets/auth0/dev-tenant/rules/resendEmail.js
@@ -0,0 +1,49 @@
+
+function (user, context, callback) {
+    if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) { // client/application specific
+        // TODO: implement your rule
+        const _ = require('lodash');
+
+        const resend = _.get(context, "request.query.resend", null);
+
+        if (context.protocol === 'redirect-callback' && resend) {
+            console.log("----------:Entered Email Resend Rule:------------");
+            let handle = _.get(user, "handle", null);
+            const provider = _.get(user, "identities[0].provider", null);
+            if (!handle && provider === "auth0") {
+                handle = _.get(user, "nickname", null);
+            }
+
+            global.AUTH0_CLAIM_NAMESPACE = "https://" + configuration.DOMAIN + "/";
+            // trigger resend email event at identity servcie 
+            try {
+                request.post({
+                    url: 'https://api.' + configuration.DOMAIN + '/v3/users/resendEmail',
+                    form: {
+                        email: user.email,
+                        handle: handle
+                    }
+                }, function (err, response, body) {
+                    console.log("called topcoder api for resend email: response status - ", response.statusCode);
+                    if (err) return callback(err, user, context);
+                    if (response.statusCode !== 200) {
+                      //{"id":"2fb48e50:17a334870b1:-457c","result":{"success":true,"status":400,"metadata":null,"content":"User has been activated"},"version":"v3"}
+
+                        const error_message = _.get(JSON.parse(body), 'result.content', 'unknown error');
+                        return callback(`Resend email error: ${error_message}`, user, context);
+                    }
+                    return callback(null, user, context);
+                }
+                );
+            } catch (e) {
+                return callback("Something went worng!. Please retry.", user, context);
+            }
+            // returnning from here no need to check further  
+        } else {  // if it is not redirect, do nothing 
+            return callback(null, user, context);
+        }
+    } else {
+        // for other apps do nothing 
+        return callback(null, user, context);
+    }
+}
diff --git a/web-assets/auth0/dev-tenant/rules/social.js b/web-assets/auth0/dev-tenant/rules/social.js
