Merge 2a07a14 into fc312cf

examples/hapi-regular-webapp/.env

@@ -0,0 +1,7 @@
+AUTH0_DOMAIN={DOMAIN}
+AUTH0_CLIENT_ID={CLIENT_ID}
+AUTH0_CLIENT_SECRET={CLIENT_SECRET}
+SESSION_COOKIE_PASSWORD={RANDOM_STRING_64}
+SESSION_COOKIE_TTL=86400
+PORT=3000
+NODE_ENV=development

examples/hapi-regular-webapp/.env.example

@@ -0,0 +1,16 @@
+# example.auth0.com
+AUTH0_DOMAIN=
+
+# see https://manage.auth0.com/#/applications
+AUTH0_CLIENT_ID=
+AUTH0_CLIENT_SECRET=
+
+# at least 32 characters
+SESSION_COOKIE_PASSWORD=
+# cookie expiration time in seconds
+SESSION_COOKIE_TTL=
+
+# set to `development` if you don't have SSL set up (SSL must be used in production)
+NODE_ENV=
+
+PORT=3000

examples/hapi-regular-webapp/.gitignore

@@ -0,0 +1,36 @@
+# Created by https://www.gitignore.io
+
+### Node ###
+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directory
+# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git-
+node_modules
+
+# Debug log from npm
+npm-debug.log
+
+.env
+.idea

examples/hapi-regular-webapp/README.markdown

@@ -0,0 +1,28 @@
+# Auth0 + hapi
+
+This seed project shows an example Node web application which is built with [hapi.js](http://hapijs.com/).
+If you want to create a hapi.js API which uses JWT authentication instead, please check [this other seed project](https://github.com/auth0/node-auth0/tree/master/examples/nodejs-api)
+
+# Running the example
+
+Edit the `.env` file and add all the environment variables to it.
+You can find your Auth0 domain, client ID and secret for your client in the [Auth0 dashboard](https://manage.auth0.com/#/applications).
+
+Make sure to add `http://localhost:3000/login` to the Allowed Callback URLs of your Auth0 client.
+
+```bash
+# install dependencies
+npm install
+
+# start the application server
+node index.js
+```
+
+# About this example
+
+When a user successfully authenticates through Auth0, an encrypted cookie containing their entire user profile is set.
+If the user profile is too large for a cookie, some browsers might not set it.
+To prevent this and to reduce the size of the cookie, consider using a server-side cache and only storing the ID of the user in the cookie.
+For more information about server-side caching, [please refer to the hapi.js documentation](http://hapijs.com/tutorials/caching#server-side-caching).
+
+This example is maintained by [@rolodato](https://github.com/rolodato/).

examples/hapi-regular-webapp/index.js

@@ -0,0 +1,85 @@
+'use strict';
+
+require('dotenv-safe').load();
+const Hapi = require('hapi');
+const server = new Hapi.Server({ debug: { request: ['error'] } });
+const Cookie = require('hapi-auth-cookie');
+const Bell = require('bell');
+
+server.connection({
+    port: process.env.PORT
+});
+
+server.register(Cookie, (err) => {
+    if (err) { throw err; }
+    server.auth.strategy('session', 'cookie', {
+        password: process.env.SESSION_COOKIE_PASSWORD,
+        cookie: 'sid-auth0-sample',
+        isSecure: process.env.NODE_ENV === 'production',
+        clearInvalid: true
+    });
+});
+
+server.register(Bell, (err) => {
+    if (err) { throw err; }
+    server.auth.strategy('auth0', 'bell', {
+        provider: 'auth0',
+        config: {
+            domain: process.env.AUTH0_DOMAIN
+        },
+        ttl: process.env.SESSION_COOKIE_TTL,
+        password: process.env.SESSION_COOKIE_PASSWORD,
+        clientId: process.env.AUTH0_CLIENT_ID,
+        clientSecret: process.env.AUTH0_CLIENT_SECRET,
+        isSecure: process.env.NODE_ENV === 'production'
+    });
+});
+
+server.route({
+    method: 'GET',
+    path: '/',
+    config: {
+        auth: {
+            strategy: 'session',
+            mode: 'optional'
+        },
+        handler: function (request, reply) {
+            if (request.auth.isAuthenticated) {
+                reply(`Successfully logged in! Here's the profile returned by Auth0: <pre>${JSON.stringify(request.auth.credentials.sid.raw, null, 2)}</pre> <a href="/logout">Click here to log out</a>`);
+            } else {
+                reply('Not logged in. <a href="/login">Click here to log in.</a>');
+            }
+        }
+    }
+});
+
+server.route({
+    method: 'GET',
+    path: '/login',
+    config: {
+        auth: {
+            strategy: 'auth0',
+            mode: 'required'
+        }
+    },
+    handler: function (request, reply) {
+        // Stores entire Auth0 profile to a cookie, might be slow or cause issues
+        // Consider storing only user ID and mapping it to a server-side cache
+        request.cookieAuth.set({ sid: request.auth.credentials.profile });
+        reply.redirect('/');
+    }
+});
+
+server.route({
+    method: 'GET',
+    path: '/logout',
+    handler: function (request, reply) {
+        request.cookieAuth.clear();
+        reply('You are now logged out from this web application. If you also want to log out from Auth0, take a look at <a href="auth0.com/docs/logout">https://auth0.com/docs/logout</a>.');
+    }
+});
+
+server.start((err) => {
+    if (err) { throw err; }
+    console.log(`listening on port ${process.env.PORT}`);
+});

examples/hapi-regular-webapp/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "auth0-backdoor",
+  "version": "2.0.0",
+  "description": "Troubleshooting tool used to impersonate Auth0 tenant administrators",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/auth0/backdoor.git"
+  },
+  "author": "Rodrigo López Dato <rodrigo@auth0.com>",
+  "license": "GPL-3.0",
+  "bugs": {
+    "url": "https://github.com/auth0/backdoor/issues"
+  },
+  "homepage": "https://github.com/auth0/backdoor#readme",
+  "dependencies": {
+    "bell": "7.1.0",
+    "dotenv-safe": "2.2.0",
+    "hapi": "13.1.0",
+    "hapi-auth-cookie": "6.1.1"
+  }
+}