From 3af223e0e58c17f7650c040faee0adbaf5d947b1 Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Wed, 13 Jan 2021 16:45:35 +0530 Subject: [PATCH 01/10] circleci integration --- .circleci/config.yml | 78 +++++++++++++++++++++++++ build.sh | 17 ++++++ web-assets/js/setupAuth0WithRedirect.js | 8 +-- 3 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 .circleci/config.yml create mode 100755 build.sh diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..63f046c --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,78 @@ +version: 2 +defaults: &defaults + docker: + - image: circleci/python:2.7.18-stretch-browsers +install_dependency: &install_dependency + name: Installation of build and deployment dependencies. + command: | + sudo apt install jq + sudo pip install awscli --upgrade + sudo pip install docker-compose +install_deploysuite: &install_deploysuite + name: Installation of install_deploysuite. + command: | + git clone --branch v1.4.2 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + cp ./../buildscript/master_deploy.sh . + cp ./../buildscript/buildenv.sh . + cp ./../buildscript/awsconfiguration.sh . + +builddeploy_steps: &builddeploy_steps + - checkout + - setup_remote_docker + - run: *install_dependency + - run: *install_deploysuite + - run: + name: Running build script. + command: | + ./awsconfiguration.sh $DEPLOY_ENV + source awsenvconf + ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar + source buildenvvar + ./build.sh + - deploy: + name: Running MasterScript. + command: | + source awsenvconf + source buildenvvar + #./master_deploy.sh -d CFRONT -e $DEPLOY_ENV -c true + +jobs: + # Build & Deploy against development backend + "build-dev": + <<: *defaults + environment: + DEPLOY_ENV: "DEV" + LOGICAL_ENV: "dev" + APPNAME: "tc-auth-lib" + steps: *builddeploy_steps + + "build-prod": + <<: *defaults + environment: + DEPLOY_ENV: "PROD" + LOGICAL_ENV: "prod" + APPNAME: "tc-auth-lib" + steps: *builddeploy_steps + +workflows: + version: 2 + build: + jobs: + # Development builds are executed on "develop" branch only. + - "build-dev": + context : org-global + filters: + branches: + only: + - develop + + # Production builds are exectuted only on tagged commits to the + # master branch. + - "build-prod": + context : org-global + filters: + branches: + only: master + + + diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..7e0b8ba --- /dev/null +++ b/build.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -eo pipefail +CONFFILENAME="./web-assets/js/setupAuth0WithRedirect.js" + +perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $CONFFILENAME +perl -pi -e "s/\{\{AUTH0_CLIENT_ID\}\}/$AUTH0_CLIENT_ID/g" $CONFFILENAME +perl -pi -e "s/\{\{LOGGERMODE\}\}/$LOGGERMODE/g" $CONFFILENAME +perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CONFFILENAME + +mkdir dist +cp -rv ./web-assets/css/* ./dist/ +cp -rv ./web-assets/js/* ./dist/ +cp -rv ./web-assets/images ./dist/ +cp -rv ./web-assets/static-pages/* ./dist/ + + + diff --git a/web-assets/js/setupAuth0WithRedirect.js b/web-assets/js/setupAuth0WithRedirect.js index 1b04734..54208a9 100644 --- a/web-assets/js/setupAuth0WithRedirect.js +++ b/web-assets/js/setupAuth0WithRedirect.js @@ -23,8 +23,8 @@ const qs = (function (a) { const authSetup = function () { - let domain = 'auth.topcoder-dev.com'; - const clientId = 'BXWXUWnilVUPdN01t2Se29Tw2ZYNGZvH'; + let domain = '{{DOMAIN}}'; + const clientId = '{{AUTH0_CLIENT_ID}}'; const useLocalStorage = false; const useRefreshTokens = false; const v3JWTCookie = 'v3jwt'; @@ -38,7 +38,7 @@ const authSetup = function () { const utmSource = qs['utm_source']; const utmMedium = qs['utm_medium']; const utmCampaign = qs['utm_campaign']; - const loggerMode = "dev"; + const loggerMode = "{{LOGGERMODE}}"; const IframeLogoutRequestType = "LOGOUT_REQUEST"; const enterpriseCustomers = ['zurich', 'cs']; const mode = qs['mode'] || 'signIn'; @@ -48,7 +48,7 @@ const authSetup = function () { if (utmSource && (utmSource != 'undefined') && (enterpriseCustomers.indexOf(utmSource) > -1)) { - domain = "topcoder-dev.auth0.com"; + domain = "{{AUTH0DOMAIN}}"; returnAppUrl += '&utm_source=' + utmSource; } From 13894a34bf684dfde191414ad4e5317d866bd7ec Mon Sep 17 00:00:00 2001 From: Gunasekar-K Date: Fri, 15 Jan 2021 11:08:48 +0530 Subject: [PATCH 02/10] Update config.yml --- .circleci/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 63f046c..1c51d0f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -26,13 +26,14 @@ builddeploy_steps: &builddeploy_steps command: | ./awsconfiguration.sh $DEPLOY_ENV source awsenvconf - ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar + ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-buildvar source buildenvvar ./build.sh - deploy: name: Running MasterScript. command: | source awsenvconf + ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar source buildenvvar #./master_deploy.sh -d CFRONT -e $DEPLOY_ENV -c true From 6507fc3a49e01a922d49197511c5e40e1623ad82 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 10 Mar 2021 16:18:42 +0530 Subject: [PATCH 03/10] deploying through CI/CD --- build.sh | 4 ++++ web-assets/js/setupAuth0WithRedirect.js | 2 +- web-assets/js/signup.js | 18 +++++++++--------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/build.sh b/build.sh index 7e0b8ba..d2563f9 100755 --- a/build.sh +++ b/build.sh @@ -7,6 +7,10 @@ perl -pi -e "s/\{\{AUTH0_CLIENT_ID\}\}/$AUTH0_CLIENT_ID/g" $CONFFILENAME perl -pi -e "s/\{\{LOGGERMODE\}\}/$LOGGERMODE/g" $CONFFILENAME perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CONFFILENAME +SIGNUPFILENAME="./web-assets/js/signup.js" +perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME + + mkdir dist cp -rv ./web-assets/css/* ./dist/ cp -rv ./web-assets/js/* ./dist/ diff --git a/web-assets/js/setupAuth0WithRedirect.js b/web-assets/js/setupAuth0WithRedirect.js index 54208a9..315f7a3 100644 --- a/web-assets/js/setupAuth0WithRedirect.js +++ b/web-assets/js/setupAuth0WithRedirect.js @@ -23,7 +23,7 @@ const qs = (function (a) { const authSetup = function () { - let domain = '{{DOMAIN}}'; + let domain = 'auth.{{DOMAIN}}'; const clientId = '{{AUTH0_CLIENT_ID}}'; const useLocalStorage = false; const useRefreshTokens = false; diff --git a/web-assets/js/signup.js b/web-assets/js/signup.js index 5e5c619..b691188 100644 --- a/web-assets/js/signup.js +++ b/web-assets/js/signup.js @@ -1,5 +1,5 @@ -var apiServerUrl = "https://api.topcoder.com/v3/users"; +var apiServerUrl = "https://api.{{DOMAIN}}/v3/users"; var qs = (function (a) { if (a == "") return {}; var b = {}; @@ -46,14 +46,14 @@ $(document).ready(function () { if (result.result.status === 200 && result.result.content.valid) { $("#error").closest(".message").fadeOut(); $("#error").html(""); - document.getElementById("signup").action = qs["formAction"]; - document.getElementById("state").value = qs["state"]; - document.getElementById("regSource").value = qs["regSource"]; - document.getElementById("utmSource").value = qs["utmSource"]; - document.getElementById("utmMedium").value = qs["utmMedium"]; - document.getElementById("utmCampaign").value = qs["utmCampaign"]; - document.getElementById("returnUrl").value = qs["returnUrl"]; - document.getElementById("signup").submit(); + $('#signup').attr('action', qs["formAction"]); + $("#state").val(qs["state"]); + $("#regSource").val(qs["regSource"]); + $("#utmSource").val(qs["utmSource"]); + $("#utmMedium").val(qs["utmMedium"]); + $("#utmCampaign").val(qs["utmCampaign"]); + $("#returnUrl").val(qs["returnUrl"]); + $("#signup").submit(); } }, }); From 6e3ff53360ec3aa2fc51f3810a8523d22ee5e50e Mon Sep 17 00:00:00 2001 From: sachin-maheshwari Date: Wed, 10 Mar 2021 16:23:15 +0530 Subject: [PATCH 04/10] Update README.md redeploying... --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bf24ef5..e9a34ad 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ # authlib Mixed front-end lib for auth0 authorization + From ab89aa50e56b2fba98660972a5519cd8093e0143 Mon Sep 17 00:00:00 2001 From: sachin-maheshwari Date: Wed, 10 Mar 2021 16:24:37 +0530 Subject: [PATCH 05/10] Updated config.yml --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1c51d0f..289696b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -65,7 +65,7 @@ workflows: filters: branches: only: - - develop + - dev # Production builds are exectuted only on tagged commits to the # master branch. From 14781dc357ebd39987cb958a77b856a83e406593 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 10 Mar 2021 16:31:55 +0530 Subject: [PATCH 06/10] deploying on S3 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 289696b..a5e522f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,7 +35,7 @@ builddeploy_steps: &builddeploy_steps source awsenvconf ./buildenv.sh -e $DEPLOY_ENV -b ${LOGICAL_ENV}-${APPNAME}-deployvar source buildenvvar - #./master_deploy.sh -d CFRONT -e $DEPLOY_ENV -c true + ./master_deploy.sh -d CFRONT -e $DEPLOY_ENV -c true jobs: # Build & Deploy against development backend From 8f615722e27a22c59f6d104523918736ed10dc2a Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 10 Mar 2021 17:23:15 +0530 Subject: [PATCH 07/10] masterscript version change --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a5e522f..8afb3e2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,7 +11,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch v1.4.2 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch master https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From 1b4195a05a90a760c56f38030c4a5674379a46a9 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 10 Mar 2021 17:55:56 +0530 Subject: [PATCH 08/10] masterscript latest tag v1.4.4 --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8afb3e2..6879286 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,7 +11,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch master https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch v1.4.4 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . From 8517705edf28da3def99119ea28b9116453fafe4 Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Wed, 10 Mar 2021 18:46:50 +0530 Subject: [PATCH 09/10] fix for issue #111 --- .circleci/config.yml | 2 +- build.sh | 1 + web-assets/js/signup.js | 9 ++++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6879286..4b5782d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -11,7 +11,7 @@ install_dependency: &install_dependency install_deploysuite: &install_deploysuite name: Installation of install_deploysuite. command: | - git clone --branch v1.4.4 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript + git clone --branch v1.4.5 https://github.com/topcoder-platform/tc-deploy-scripts ../buildscript cp ./../buildscript/master_deploy.sh . cp ./../buildscript/buildenv.sh . cp ./../buildscript/awsconfiguration.sh . diff --git a/build.sh b/build.sh index d2563f9..7e13884 100755 --- a/build.sh +++ b/build.sh @@ -9,6 +9,7 @@ perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CONFFILENAME SIGNUPFILENAME="./web-assets/js/signup.js" perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME +perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $SIGNUPFILENAME mkdir dist diff --git a/web-assets/js/signup.js b/web-assets/js/signup.js index b691188..d2f88f5 100644 --- a/web-assets/js/signup.js +++ b/web-assets/js/signup.js @@ -46,7 +46,14 @@ $(document).ready(function () { if (result.result.status === 200 && result.result.content.valid) { $("#error").closest(".message").fadeOut(); $("#error").html(""); - $('#signup').attr('action', qs["formAction"]); + let formAction = qs["formAction"]; + const opt1 = 'https://auth.{{DOMAIN}}/continue'; + const opt2 = 'https://{{AUTH0DOMAIN}}/continue'; + if (!formAction.startWith(opt1) && !formAction(opt2)) { + // looks like XSS attack + formAction = "#"; + } + $('#signup').attr('action', formAction); $("#state").val(qs["state"]); $("#regSource").val(qs["regSource"]); $("#utmSource").val(qs["utmSource"]); From 07e5f5c63e95b53ee55e30f215ccd843c0551c3a Mon Sep 17 00:00:00 2001 From: Sachin Maheshwari Date: Thu, 11 Mar 2021 19:10:39 +0530 Subject: [PATCH 10/10] typo --- web-assets/js/signup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web-assets/js/signup.js b/web-assets/js/signup.js index d2f88f5..3d13f05 100644 --- a/web-assets/js/signup.js +++ b/web-assets/js/signup.js @@ -49,7 +49,7 @@ $(document).ready(function () { let formAction = qs["formAction"]; const opt1 = 'https://auth.{{DOMAIN}}/continue'; const opt2 = 'https://{{AUTH0DOMAIN}}/continue'; - if (!formAction.startWith(opt1) && !formAction(opt2)) { + if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) { // looks like XSS attack formAction = "#"; }