feat: support-metadata-marketplace-protect

add marketplace node support to the ping protect module

Author: ryanbas21

e2e/autoscript-apps/index.html

@@ -37,6 +37,7 @@
     <a href="./src/authn-second-factor/index.html">AuthN: Second Factor</a><br />
     <a href="./src/authn-saml/index.html">AuthN: SAML</a><br />
     <a href="./src/authn-social-login-am/index.html">AuthN: Social Login AM</a><br />
+    <a href="./src/authn-protect-metadata/index.html">AuthN: Protect Metadata AM</a><br />
     <a href="./src/authn-social-login-idm/index.html">AuthN: Social Login IDM</a><br />
     <a href="./src/authn-webauthn/index.html">AuthN: WebAuthn</a><br />
     <a href="./src/authn-webauthn-device-registration/index.html">

e2e/autoscript-apps/src/authn-protect-metadata/autoscript.ts

@@ -0,0 +1,108 @@
+/*
+ * @forgerock/javascript-sdk
+ *
+ * autoscript.ts
+ *
+ * Copyright (c) 2024 ForgeRock. All rights reserved.
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+// @ts-nocheck
+import * as forgerock from '@forgerock/javascript-sdk';
+import { PIProtect } from '@forgerock/ping-protect';
+import { delay as rxDelay, map, mergeMap } from 'rxjs/operators';
+import { from } from 'rxjs';
+
+function autoscript() {
+  const delay = 0;
+
+  const url = new URL(window.location.href);
+  const amUrl = url.searchParams.get('amUrl') || 'http://localhost:9443/am';
+  const realmPath = url.searchParams.get('realmPath') || 'root';
+  const un = url.searchParams.get('un') || 'sdkuser';
+  const pw = url.searchParams.get('pw') || 'password';
+  const pauseBehaviorData = url.searchParams.get('pauseBehaviorData') || 'true';
+  const tree = url.searchParams.get('tree') || 'TEST_MetadataMarketPlace';
+
+  console.log('Configure the SDK');
+  forgerock.Config.set({
+    realmPath,
+    tree,
+    serverConfig: {
+      baseUrl: amUrl,
+    },
+  });
+
+  try {
+    forgerock.SessionManager.logout();
+  } catch (err) {
+    // Do nothing
+  }
+
+  console.log('Initiate first step with `undefined`');
+  // Wrapping in setTimeout to give the test time to bind listener to console.log
+  setTimeout(function () {
+    from(forgerock.FRAuth.start())
+      .pipe(
+        mergeMap(
+          (step) => {
+            try {
+              const config = PIProtect.getNodeConfig(step);
+
+              console.log('start protect');
+              return PIProtect.start(config);
+            } catch (err) {
+              const cb = (step as forgerock.Step).getCallbackOfType(
+                'MetadataCallback',
+              ) as forgerock.MetadataCallback;
+
+              clientError.setInputValue('we had a failure');
+            }
+          },
+          (step) => {
+            return step;
+          },
+        ),
+        mergeMap((step) => {
+          console.log('Submitting ping protect start');
+          return forgerock.FRAuth.next(step);
+        }),
+        rxDelay(delay),
+
+        mergeMap(async (step) => {
+          try {
+            const data = await PIProtect.getData();
+
+            PIProtect.setNodeInputValue(step, data);
+            console.log('Submitting ping protect evaluation');
+            return forgerock.FRAuth.next(step);
+          } catch (err) {
+            return err;
+          }
+        }),
+        map((step) => {
+          if (step.payload.status === 401) {
+            throw new Error('Auth_Error');
+          } else if (step.payload.tokenId) {
+            console.log('Basic login with Protect successful');
+            document.body.innerHTML = '<p class="Logged_In">Login successful</p>';
+          } else {
+            throw new Error('Something went wrong.');
+          }
+        }),
+      )
+      .subscribe({
+        error: (err) => {
+          console.log(`Error: ${err.message}`);
+          document.body.innerHTML = `<p class="Test_Complete">${err.message}</p>`;
+        },
+        complete: () => {
+          console.log('Test script complete');
+          document.body.innerHTML = `<p class="Test_Complete">Test script complete</p>`;
+        },
+      });
+  }, 250);
+}
+autoscript();
+
+export default autoscript;

e2e/autoscript-apps/src/authn-protect-metadata/index.html

@@ -0,0 +1,33 @@
+<!doctype html>
+<html>
+  <head>
+    <title>E2E Test | ForgeRock JavaScript SDK</title>
+
+    <!-- Needed only for automation with mock server -->
+    <meta name="referrer" content="unsafe-url" />
+
+    <link rel="shortcut icon" href="/fr-ico.png" type="image/png" />
+
+    <style>
+      @media (prefers-color-scheme: dark) {
+        html {
+          background-color: black;
+          color: white;
+        }
+        a {
+          color: lightblue;
+        }
+        a:visited {
+          color: lavender;
+        }
+        a:hover {
+          color: lightskyblue;
+        }
+      }
+    </style>
+  </head>
+
+  <body>
+    <script type="module" src="./autoscript.ts"></script>
+  </body>
+</html>

e2e/autoscript-suites/src/suites/authn-ping-marketplace.test.ts

@@ -0,0 +1,23 @@
+/*
+ * @forgerock/javascript-sdk
+ *
+ * authn-otp-reg.test.ts
+ *
+ * Copyright (c) 2024 ForgeRock. All rights reserved.
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { test, expect } from '@playwright/test';
+import { setupAndGo } from '../utilities/setup-and-go';
+
+test.describe('Login with marketplace nodes', () => {
+  test(`Ping marketplace nodes`, async ({ page, browserName }) => {
+    const { messageArray } = await setupAndGo(page, browserName, 'authn-protect-metadata/');
+
+    // Test assertions
+    expect(messageArray.includes('Submitting ping protect start')).toBe(true);
+
+    expect(messageArray.includes('Submitting ping protect evaluation')).toBe(true);
+    expect(messageArray.includes('Basic login with Protect successful')).toBe(true);
+  });
+});

e2e/mock-api-v2/project.json

@@ -29,6 +29,9 @@
         "development": {
           "watch": true
         },
+        "example-server": {
+          "main": "e2e/mock-api-v2/src/example-server.ts"
+        },
         "production": {
           "esbuildOptions": {
             "sourcemap": false,
@@ -46,8 +49,8 @@
         "buildTarget": "e2e-mock-api-v2:build"
       },
       "configurations": {
-        "development": {
-          "buildTarget": "e2e-mock-api-v2:build:development"
+        "example-server": {
+          "buildTarget": "e2e-mock-api-v2:build:example-server"
         },
         "production": {
           "buildTarget": "e2e-mock-api-v2:build:production"

e2e/mock-api-v2/src/example-server.ts

@@ -0,0 +1,8 @@
+import { RouterBuilder, Middlewares, ExampleServer } from 'effect-http';
+import { NodeRuntime } from '@effect/platform-node';
+import { NodeServer } from 'effect-http-node';
+import { apiSpec } from './spec';
+
+const app = ExampleServer.make(apiSpec).pipe(RouterBuilder.build, Middlewares.errorLog);
+
+app.pipe(NodeServer.listen({ port: 9443 }), NodeRuntime.runMain);

e2e/mock-api/src/app/responses.js

@@ -1119,6 +1119,111 @@ export const wellKnownPing = {
   code_challenge_methods_supported: ['plain', 'S256'],
 };
 
+export const MetadataMarketPlaceInitialize = {
+  authId: 'foo',
+  callbacks: [
+    {
+      type: 'MetadataCallback',
+      output: [
+        {
+          name: 'data',
+          value: {
+            _type: 'PingOneProtect',
+            _action: 'protect_initialize',
+            envId: 'some_id',
+            consoleLogEnabled: true,
+            deviceAttributesToIgnore: [],
+            customHost: '',
+            lazyMetadata: true,
+            behavioralDataCollection: true,
+            disableHub: true,
+            deviceKeyRsyncIntervals: 10,
+            enableTrust: true,
+            disableTags: true,
+          },
+        },
+      ],
+    },
+    {
+      type: 'HiddenValueCallback',
+      output: [
+        {
+          name: 'value',
+          value: '',
+        },
+        {
+          name: 'id',
+          value: 'clientError',
+        },
+      ],
+      input: [
+        {
+          name: 'IDToken1',
+          value: '',
+        },
+      ],
+    },
+  ],
+};
+
+export const MetadataMarketPlacePingOneEvaluation = {
+  authId: 'foo',
+  callbacks: [
+    {
+      type: 'MetadataCallback',
+      output: [
+        {
+          name: 'data',
+          value: {
+            _type: 'PingOneProtect',
+            _action: 'protect_risk_evaluation',
+            envId: 'some_id',
+            pauseBehavioralData: true,
+          },
+        },
+      ],
+    },
+    {
+      type: 'HiddenValueCallback',
+      output: [
+        {
+          name: 'value',
+          value: '',
+        },
+        {
+          name: 'id',
+          value: 'pingone_risk_evaluation_signals',
+        },
+      ],
+      input: [
+        {
+          name: 'IDToken1',
+          value: 'pingone_risk_evaluation_signals',
+        },
+      ],
+    },
+    {
+      type: 'HiddenValueCallback',
+      output: [
+        {
+          name: 'value',
+          value: '',
+        },
+        {
+          name: 'id',
+          value: 'clientError',
+        },
+      ],
+      input: [
+        {
+          name: 'IDToken1',
+          value: '',
+        },
+      ],
+    },
+  ],
+};
+
 export const recaptchaEnterpriseCallback = {
   authId: 'foo',
   callbacks: [

e2e/mock-api/src/app/routes.auth.js

@@ -46,6 +46,7 @@ import {
   wellKnownForgeRock,
   wellKnownPing,
   recaptchaEnterpriseCallback,
+  MetadataMarketPlaceInitialize,
 } from './responses.js';
 import initialRegResponse from './response.registration.js';
 import wait from './wait.js';
@@ -87,6 +88,8 @@ export default function (app) {
         res.json(pingProtectInitialize);
       } else if (req.query.authIndexValue === 'IDMSocialLogin') {
         res.json(selectIdPCallback);
+      } else if (req.query.authIndexValue === 'TEST_MetadataMarketPlace') {
+        res.json(MetadataMarketPlaceInitialize);
       } else if (req.query.authIndexValue === 'AMSocialLogin') {
         res.json(idpChoiceCallback);
       } else if (req.query.authIndexValue === 'RecaptchaEnterprise') {
@@ -109,6 +112,7 @@ export default function (app) {
       }
     } else if (req.query.authIndexValue === 'LoginWithEmail') {
       res.json(emailSuspend);
+<<<<<<< HEAD
     } else if (req.query.authIndexValue === 'RecaptchaEnterprise') {
       console.log(req.body.callbacks);
       if (req.body.callbacks[0].type === 'NameCallback') {
@@ -132,6 +136,42 @@ export default function (app) {
           res.json(authSuccess);
         }
       }
+=======
+    } else if (req.query.authIndexValue === 'TEST_MetadataMarketPlace') {
+      if (req.body.callbacks.find((cb) => cb.type === 'MetadataCallback')) {
+        const metadataCb = req.body.callbacks.find((cb) => cb.type === 'MetadataCallback');
+        const action = metadataCb.output[0].value._action;
+        console.log('the action', action);
+        if (action === 'protect_initialize') {
+          if (req.body.callbacks.find((cb) => cb.type === 'HiddenValueCallback')) {
+            const hiddenCb = req.body.callbacks.find((cb) => cb.type === 'HiddenValueCallback');
+            if (hiddenCb.input[0].value === 'we had an error') {
+              return res.json(authFail);
+            }
+            return res.json(MetadataMarketPlacePingOneEvaluation);
+          }
+        }
+        if (action === 'protect_risk_evaluation') {
+          if (req.body.callbacks.find((cb) => cb.type === 'HiddenValueCallback')) {
+            const hiddenCb = req.body.callbacks.find((cb) => cb.type === 'HiddenValueCallback');
+            if (hiddenCb.input[0].value === 'we had an error') {
+              return res.json(authFail);
+            }
+            return res.json(authSuccess);
+          }
+        }
+      } else {
+        if (req.body.callbacks.find((cb) => cb.type === 'PingOneEvaluationCallback')) {
+          const cb = req.body.callbacks.find((cb) => cb.type === 'PingOneEvaluationCallback');
+          if (cb.input[0].value === 'the value to set') {
+            return res.json(authSuccess);
+          } else {
+            return res.json(authFail);
+          }
+        }
+      }
+      return res.json(MetadataMarketPlacePingOneEvaluation);
+>>>>>>> 0fab975 (feat: support-metadata-marketplace-protect)
     } else if (req.query.authIndexValue === 'QRCodeTest') {
       // If QR Code callbacks are being returned, return success
       if (req.body.callbacks.find((cb) => cb.type === 'HiddenValueCallback')) {