Skip to content

Commit dfbe8a8

Browse files
eisbilireisbilir
committed
add DICE rules
1 parent ba4010e commit dfbe8a8

File tree

2 files changed

+130
-0
lines changed

2 files changed

+130
-0
lines changed

web-assets/auth0/dev-tenant/rules/DICE DID.js

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,126 @@
1+
function (user, context, callback) {
2+
if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
3+
console.log("rule:DICE DID:enter");
4+
5+
if (context.redirect) {
6+
console.log("rule:DICE DID:exiting due to context being a redirect");
7+
return callback(null, user, context);
8+
}
9+
const _ = require('lodash');
10+
const isAuth0 = (_.get(user, "identities[0].provider") === 'auth0') ? true : false;
11+
const isSocial = _.get(user, "identities[0].isSocial");
12+
const mfaEnabled = _.get(user, "mfa_enabled", false);
13+
const mfaVerified = _.get(user, "mfa_verified", false);
14+
15+
if (!isAuth0 && !isSocial) {
16+
console.log("rule:DICE DID:exiting due to enterprise user");
17+
return callback(null, user, context);
18+
}
19+
if (mfaEnabled && mfaVerified) {
20+
if (context.protocol === "redirect-callback") {
21+
// User was redirected to the /continue endpoint
22+
console.log("rule:DICE DID:User was redirected to the /continue endpoint");
23+
if (context.request.query.diceVerificationStatus === 'false') {
24+
return callback('Login Error: Whoops! Something went wrong. Please connect to DICE Platform Admin <a href="mailto:info@diceid.com">dice.wallet@wipro.com</a>.<br> Back to application ', user, context);
25+
} else if (context.request.query.otp) {
26+
request.post({
27+
url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
28+
json: {
29+
"param": {
30+
"userId": user.userId,
31+
"otp": context.request.query.otp
32+
}
33+
}
34+
}, function (error, response, body) {
35+
if (error) return callback(error, user, context);
36+
if (response.statusCode !== 200) {
37+
return callback('Login Error: Whoops! Something went wrong.', user, context);
38+
}
39+
if (body.result.content.verified === true) {
40+
return callback(null, user, context);
41+
} else {
42+
return callback('Login Error: wrong OTP', user, context);
43+
}
44+
});
45+
} else {
46+
const jwt_decode = require('jwt-decode');
47+
request.post({
48+
url: 'https://tc-vcauth-uat.diceid.com/vc/connect/token',
49+
form: {
50+
code: context.request.query.code,
51+
grant_type: 'authorization_code',
52+
client_id: 'topcoder'
53+
}
54+
}, function (error, response, body) {
55+
if (error) return callback(error, user, context);
56+
if (response.statusCode !== 200) {
57+
return callback('Login Error: Whoops! Something went wrong.', user, context);
58+
}
59+
const result = JSON.parse(body);
60+
const decoded = jwt_decode(result.id_token);
61+
console.log("Decoded: ", decoded);
62+
if (decoded.Email !== user.email) {
63+
return callback('Login Error: Credetials do not match', user, context);
64+
}
65+
console.log("rule:DICE DID:credentials approved");
66+
return callback(null, user, context);
67+
});
68+
}
69+
} else {
70+
const maxRetry = 2;
71+
const useOtp = function () {
72+
request.post({
73+
url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
74+
json: {
75+
"param": {
76+
"userId": user.userId
77+
}
78+
}
79+
}, function (error, response, body) {
80+
if (error) return callback(error, user, context);
81+
if (response.statusCode !== 200) {
82+
return callback('Login Error: Whoops! Something went wrong.', user, context);
83+
}
84+
console.log("rule:DICE DID: redirecting to OTP page");
85+
context.redirect = {
86+
url: `https://accounts-auth0.${configuration.DOMAIN}/check_email.html`
87+
};
88+
return callback(null, user, context);
89+
});
90+
};
91+
const checkDiceHealth = function (attempt) {
92+
console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
93+
request.get({
94+
url: 'https://tc-vcauth-uat.diceid.com/.well-known/openid-configuration'
95+
}, function (error, response, body) {
96+
if (error || response.statusCode !== 200) {
97+
if (attempt >= maxRetry) {
98+
console.log("rule:DICE DID:dice services down, using otp flow...");
99+
useOtp();
100+
} else {
101+
checkDiceHealth(attempt + 1);
102+
}
103+
} else {
104+
console.log("rule:DICE DID:exiting with redirecting user to QR code page.");
105+
context.redirect = {
106+
url: `https://tc-vcauth-uat.diceid.com/vc/connect/authorize?pres_req_conf_id=Topcoder_2FA&client_id=topcoder&redirect_uri=https%3A%2F%2Fauth.topcoder-dev.com%2Fcontinue&response_type=code&scope=openid%20profile%20vc_authn`
107+
};
108+
return callback(null, user, context);
109+
}
110+
});
111+
};
112+
if (!global.ENABLE_2FA) {
113+
console.log("rule:DICE DID:dice switch disabled, using otp flow...");
114+
useOtp();
115+
} else {
116+
checkDiceHealth(1);
117+
}
118+
}
119+
} else {
120+
console.log("rule:DICE DID:exiting due to mfa is not enabled");
121+
return callback(null, user, context);
122+
}
123+
} else {
124+
return callback(null, user, context);
125+
}
126+
}

web-assets/auth0/dev-tenant/rules/Disable DID.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
function (user, context, callback) {
2+
global.ENABLE_2FA = false;
3+
return callback(null, user, context);
4+
}

0 commit comments

Comments
 (0)