diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..4b5782d --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,79 @@ +version: 2 +defaults: &defaults + docker: + - image: circleci/python:2.7.18-stretch-browsers +install_dependency: &install_dependency + name: Installation of build and deployment dependencies. + command: | + sudo apt install jq + sudo pip install awscli --upgrade + sudo pip install docker-compose +install_deploysuite: &install_deploysuite + name: Installation of install_deploysuite. + command: | + git clone --branch v1.4.5 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + cp ./../buildscript/master_deploy.sh . + cp ./../buildscript/buildenv.sh . + cp ./../buildscript/awsconfiguration.sh . + +builddeploy_steps: &builddeploy_steps + - checkout + - setup_remote_docker + - run: *install_dependency + - run: *install_deploysuite + - run: + name: Running build script. + command: | + ./awsconfiguration.sh $DEPLOY_ENV + source awsenvconf + ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-buildvar + source buildenvvar + ./build.sh + - deploy: + name: Running MasterScript. + command: | + source awsenvconf + ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar + source buildenvvar + ./master_deploy.sh -d CFRONT -e $DEPLOY_ENV -c true + +jobs: + # Build & Deploy against development backend + "build-dev": + <<: *defaults + environment: + DEPLOY_ENV: "DEV" + LOGICAL_ENV: "dev" + APPNAME: "tc-auth-lib" + steps: *builddeploy_steps + + "build-prod": + <<: *defaults + environment: + DEPLOY_ENV: "PROD" + LOGICAL_ENV: "prod" + APPNAME: "tc-auth-lib" + steps: *builddeploy_steps + +workflows: + version: 2 + build: + jobs: + # Development builds are executed on "develop" branch only. + - "build-dev": + context : org-global + filters: + branches: + only: + - dev + + # Production builds are exectuted only on tagged commits to the + # master branch. + - "build-prod": + context : org-global + filters: + branches: + only: master + + + diff --git a/README.md b/README.md index bf24ef5..e9a34ad 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # authlib Mixed front-end lib for auth0 authorization + diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..7e13884 --- /dev/null +++ b/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -eo pipefail +CONFFILENAME="./web-assets/js/setupAuth0WithRedirect.js" + +perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $CONFFILENAME +perl -pi -e "s/\{\{AUTH0_CLIENT_ID\}\}/$AUTH0_CLIENT_ID/g" $CONFFILENAME +perl -pi -e "s/\{\{LOGGERMODE\}\}/$LOGGERMODE/g" $CONFFILENAME +perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CONFFILENAME + +SIGNUPFILENAME="./web-assets/js/signup.js" +perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME +perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $SIGNUPFILENAME + + +mkdir dist +cp -rv ./web-assets/css/* ./dist/ +cp -rv ./web-assets/js/* ./dist/ +cp -rv ./web-assets/images ./dist/ +cp -rv ./web-assets/static-pages/* ./dist/ + + + diff --git a/web-assets/js/setupAuth0WithRedirect.js b/web-assets/js/setupAuth0WithRedirect.js index 6e5c8db..315f7a3 100644 --- a/web-assets/js/setupAuth0WithRedirect.js +++ b/web-assets/js/setupAuth0WithRedirect.js @@ -23,8 +23,8 @@ const qs = (function (a) { const authSetup = function () { - let domain = 'auth.topcoder.com'; - const clientId = 'UW7BhsnmAQh0itl56g1jUPisBO9GoowD'; + let domain = 'auth.{{DOMAIN}}'; + const clientId = '{{AUTH0_CLIENT_ID}}'; const useLocalStorage = false; const useRefreshTokens = false; const v3JWTCookie = 'v3jwt'; @@ -38,7 +38,7 @@ const authSetup = function () { const utmSource = qs['utm_source']; const utmMedium = qs['utm_medium']; const utmCampaign = qs['utm_campaign']; - const loggerMode = "prod"; + const loggerMode = "{{LOGGERMODE}}"; const IframeLogoutRequestType = "LOGOUT_REQUEST"; const enterpriseCustomers = ['zurich', 'cs']; const mode = qs['mode'] || 'signIn'; @@ -48,7 +48,7 @@ const authSetup = function () { if (utmSource && (utmSource != 'undefined') && (enterpriseCustomers.indexOf(utmSource) > -1)) { - domain = "topcoder.auth0.com"; + domain = "{{AUTH0DOMAIN}}"; returnAppUrl += '&utm_source=' + utmSource; } diff --git a/web-assets/js/signup.js b/web-assets/js/signup.js index 5e5c619..3d13f05 100644 --- a/web-assets/js/signup.js +++ b/web-assets/js/signup.js @@ -1,5 +1,5 @@ -var apiServerUrl = "https://api.topcoder.com/v3/users"; +var apiServerUrl = "https://api.{{DOMAIN}}/v3/users"; var qs = (function (a) { if (a == "") return {}; var b = {}; @@ -46,14 +46,21 @@ $(document).ready(function () { if (result.result.status === 200 && result.result.content.valid) { $("#error").closest(".message").fadeOut(); $("#error").html(""); - document.getElementById("signup").action = qs["formAction"]; - document.getElementById("state").value = qs["state"]; - document.getElementById("regSource").value = qs["regSource"]; - document.getElementById("utmSource").value = qs["utmSource"]; - document.getElementById("utmMedium").value = qs["utmMedium"]; - document.getElementById("utmCampaign").value = qs["utmCampaign"]; - document.getElementById("returnUrl").value = qs["returnUrl"]; - document.getElementById("signup").submit(); + let formAction = qs["formAction"]; + const opt1 = 'https://auth.{{DOMAIN}}/continue'; + const opt2 = 'https://{{AUTH0DOMAIN}}/continue'; + if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) { + // looks like XSS attack + formAction = "#"; + } + $('#signup').attr('action', formAction); + $("#state").val(qs["state"]); + $("#regSource").val(qs["regSource"]); + $("#utmSource").val(qs["utmSource"]); + $("#utmMedium").val(qs["utmMedium"]); + $("#utmCampaign").val(qs["utmCampaign"]); + $("#returnUrl").val(qs["returnUrl"]); + $("#signup").submit(); } }, });