Support AD domain in addition to the email suffix for HRD #153

sandrinodimattia · 2015-03-24T09:08:18Z

So currently the Lock will look at the email suffix (eg: jon@fabrikamcorp.com) and match this to the email domains configured for the different enterprise connections in a subscription.

Now it would make sense to extend this support to also handle domains (in the format of DOMAINNAME\USERNAME).

We now did this by injecting custom logic on events:

      var connection = '@@connection@@';
      var prompt = @@prompt@@;
      var currentUsername = null;

      var initializationOptions = {
        assetsUrl:  '@@assetsUrl@@',
        cdn:        '@@cdn@@'
      };

      var lock = new Auth0Lock('@@clientID@@', '@@auth0Domain@@', initializationOptions);

      /*
       * This will match fabrikam-adfs\jon to a connection that matches:
       *    - name == 'fabrikam-adfs'
       *    - first domain == 'fabrikam-adfs'
       */
      function findConnectionForDomain(username) {
        if (!username)
          return null;

        var domain = username.split('\\');
        if (domain.length !== 2)
          return null;

        var connections = $.map(lock.options.$client.strategies, function(n){
          $.each(n.connections, function(i, conn) {
            conn.strategy = n;
          });
          return n.connections;
        });
        if (connections.length === 1)
          return;
        var results = $.grep(connections, function(conn) { 
          return (conn.name && conn.name.toLowerCase() 
                  === domain[0].toLowerCase()) || 
            (conn.domain && conn.domain.toLowerCase() 
             === domain[0].toLowerCase());
        });
        if (results && results.length > 0)
          return results[0];  
        return null;
      }

      /*
       * If we switch over to an AD connection, make sure the current username is preserved.
       */
      lock.on('signin ready', function() {
        if (currentUsername) {
          $(lock.$container)
                .find('input[name=email]').val(currentUsername);
        }
      });
      /*
       * When the lock starts, add our custom logic to handle domain names in addition to email suffixes.
       */
      lock.once('signin ready', function(options) {

        var oldText = null;
        var currentConnection = null;

        var nextButton = $(lock.$container).find('.a0-action > button.a0-next');
        nextButton.click(function(e) {
          if (currentConnection) {
            if (currentConnection.strategy 
                && currentConnection.strategy.name === "ad") {
              connection = currentConnection.name;

              currentUsername = $(lock.$container)
                .find('input[name=email]').val();
              lock.show({
                // icon:            '{YOUR_LOGO_URL}',
                callbackURL:        '@@callbackURL@@',
                responseType:       @@callbackOnLocationHash@@ ? 'token' : 'code',
                dict:               @@dict@@,
                connections:        connection ? [connection] : null,
                rememberLastLogin:  !prompt,
                container:          'widget-container',
                authParams:         JSON.parse('{' + '@@internalOptions@@' + '}')
              });
            }
            else {
              lock.$auth0.login({
                connection: currentConnection.name
              });
            }

            e.preventDefault();
          }
        });

        // Try to match a domain every time the users leaves the username field.
        var emailField = $(lock.$container)
        .find('input[name=email]').change(function() {

          var username = $(this).val();
          var conn = findConnectionForDomain(username);
          if (conn) {
            var mailField = 
                $(lock.$container).find('.a0-email input');
            var pwdField = 
                $(lock.$container).find('.a0-password input').first();
            $(lock.$container).find('.a0-sso-notice-container')
            .removeClass('a0-hide');
            $(lock.$container).find('.a0-password')
            .addClass('a0-hide');

            oldText = nextButton.text();

            var msg = lock.options.i18n.t('signin:actionDomain');
            msg = msg.replace('{domain}', conn.name);

            nextButton.text(msg);
            nextButton.attr('title', msg);

            currentConnection = conn;

            return pwdField.attr('disabled', true);
          }
          else {
            if (oldText) {
              nextButton.text(oldText);
              nextButton.attr('title', oldText);
              oldText = null;
            }
          }
        });
      });

      lock.show({
        // icon:            '{YOUR_LOGO_URL}',
        callbackURL:        '@@callbackURL@@',
        responseType:       @@callbackOnLocationHash@@ ? 'token' : 'code',
        dict:               @@dict@@,
        connections:        connection ? [connection] : null,
        rememberLastLogin:  !prompt,
        container:          'widget-container',
        authParams:         JSON.parse('{' + '@@internalOptions@@' + '}') // Please don't remove
      });

Improve A0WebKitViewController UI and customisation options

hzalaz · 2016-08-30T15:50:07Z

Moved to internal backlog

billbonney pushed a commit to billbonney/lock that referenced this issue Jun 4, 2016

Merge pull request auth0#153 from auth0/improve-wkwebview-controller

2c24d15

Improve A0WebKitViewController UI and customisation options

hzalaz closed this as completed Aug 30, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support AD domain in addition to the email suffix for HRD #153

Support AD domain in addition to the email suffix for HRD #153

sandrinodimattia commented Mar 24, 2015

hzalaz commented Aug 30, 2016

Support AD domain in addition to the email suffix for HRD #153

Support AD domain in addition to the email suffix for HRD #153

Comments

sandrinodimattia commented Mar 24, 2015

hzalaz commented Aug 30, 2016