From d8cf6a5a544e45528d921fe6730dcb57c6209f0e Mon Sep 17 00:00:00 2001
From: Emre <emre.isbilir@gmail.com>
Date: Thu, 18 Aug 2022 13:30:17 +0300
Subject: [PATCH 1/2] enable other factors beside dice

---
 web-assets/auth0/dev-tenant/rules/DICE DID.js | 74 ++++++-------------
 1 file changed, 22 insertions(+), 52 deletions(-)

diff --git a/web-assets/auth0/dev-tenant/rules/DICE DID.js b/web-assets/auth0/dev-tenant/rules/DICE DID.js
index 107214e..1683af2 100644
--- a/web-assets/auth0/dev-tenant/rules/DICE DID.js	
+++ b/web-assets/auth0/dev-tenant/rules/DICE DID.js	
@@ -1,4 +1,4 @@
-function (user, context, callback) {
+function DICE(user, context, callback) {
     if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
         console.log("rule:DICE DID:enter");
 
@@ -22,27 +22,13 @@ function (user, context, callback) {
                 console.log("rule:DICE DID:User was redirected to the /continue endpoint");
                 if (context.request.query.diceVerificationStatus === 'false') {
                     return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:support@topcoder.com">support@topcoder.com</a>.<br> Back to application ', user, context);
-                } else if (context.request.query.otp) {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId,
-                                "otp": context.request.query.otp
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        if (body.result.content.verified === true) {
-                            return callback(null, user, context);
-                        } else {
-                            return callback('Login Error: wrong OTP', user, context);
-                        }
-                    });
-                } else {
+                } else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
+                } else if (context.request.query.code) {
                     const jwt_decode = require('jwt-decode');
                     request.post({
                         url: 'https://tc-vcauth-uat.diceid.com/vc/connect/token',
@@ -65,35 +51,11 @@ function (user, context, callback) {
                         console.log("rule:DICE DID:credentials approved");
                         return callback(null, user, context);
                     });
+                } else {
+                    return callback('Login Error: Whoops! Something went wrong.', user, context);
                 }
             } else {
                 const maxRetry = 2;
-                const useOtp = function () {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        console.log("rule:DICE DID: redirecting to OTP page");
-                        const hostName = _.get(context, "request.hostname", null);
-                        const otpCompletetUrl = "https://" + hostName + "/continue";
-                        const retUrl = _.get(context, "request.query.returnUrl", null);
-                        const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
-                            "/otp.html?formAction=" + otpCompletetUrl +
-                            "&returnUrl=" + retUrl;
-                        context.redirect = {
-                            url: otpRedirectUrl
-                        };
-                        return callback(null, user, context);
-                    });
-                };
                 const checkDiceHealth = function (attempt) {
                     console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
                     request.get({
@@ -101,8 +63,12 @@ function (user, context, callback) {
                     }, function (error, response, body) {
                         if (error || response.statusCode !== 200) {
                             if (attempt >= maxRetry) {
-                                console.log("rule:DICE DID:dice services down, using otp flow...");
-                                useOtp();
+                                console.log("rule:DICE DID:dice services down, using other factors...");
+                                context.multifactor = {
+                                    provider: 'any',
+                                    allowRememberBrowser: false
+                                };
+                                return callback(null, user, context);
                             } else {
                                 checkDiceHealth(attempt + 1);
                             }
@@ -116,8 +82,12 @@ function (user, context, callback) {
                     });
                 };
                 if (!global.ENABLE_2FA) {
-                    console.log("rule:DICE DID:dice switch disabled, using otp flow...");
-                    useOtp();
+                    console.log("rule:DICE DID:dice switch disabled, using other factors...");
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
                 } else {
                     checkDiceHealth(1);
                 }

From 51a1612b1659de762ecfdaad526f509ff9a3badb Mon Sep 17 00:00:00 2001
From: Emre <emre.isbilir@gmail.com>
Date: Thu, 18 Aug 2022 14:35:34 +0300
Subject: [PATCH 2/2] use auth0 factors instead of tc otp

---
 web-assets/auth0/dev-tenant/rules/custom.js   |  1 -
 .../auth0/prod-tenant/rules/DICE DID.js       | 74 ++++++-------------
 .../rules/New-Account-App-Custom-Claims.js    |  1 -
 3 files changed, 22 insertions(+), 54 deletions(-)

diff --git a/web-assets/auth0/dev-tenant/rules/custom.js b/web-assets/auth0/dev-tenant/rules/custom.js
index 1f5bde9..f795384 100644
--- a/web-assets/auth0/dev-tenant/rules/custom.js
+++ b/web-assets/auth0/dev-tenant/rules/custom.js
@@ -39,7 +39,6 @@ function (user, context, callback) {
               user.mfa_verified = res.result.content.mfaVerified;
               // TODO need to double sure about multiple result or no result 
               let userId = res.result.content.id;
-              user.userId = userId;
               let handle = res.result.content.handle;
               let roles = res.result.content.roles.map(function (role) {
                   return role.roleName;
diff --git a/web-assets/auth0/prod-tenant/rules/DICE DID.js b/web-assets/auth0/prod-tenant/rules/DICE DID.js
index 18bb878..dba6c02 100644
--- a/web-assets/auth0/prod-tenant/rules/DICE DID.js	
+++ b/web-assets/auth0/prod-tenant/rules/DICE DID.js	
@@ -1,4 +1,4 @@
-function (user, context, callback) {
+function DICE(user, context, callback) {
     if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
         console.log("rule:DICE DID:enter");
         if (context.redirect) {
@@ -20,27 +20,13 @@ function (user, context, callback) {
                 console.log("rule:DICE DID:User was redirected to the /continue endpoint");
                 if (context.request.query.diceVerificationStatus === 'false') {
                     return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:support@topcoder.com">support@topcoder.com</a>.<br> Back to application ', user, context);
-                } else if (context.request.query.otp) {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId,
-                                "otp": context.request.query.otp
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        if (body.result.content.verified === true) {
-                            return callback(null, user, context);
-                        } else {
-                            return callback('Login Error: wrong OTP', user, context);
-                        }
-                    });
-                } else {
+                } else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
+                } else if (context.request.query.code) {
                     const jwt_decode = require('jwt-decode');
                     request.post({
                         url: 'https://tc-vcauth.diceid.com/vc/connect/token',
@@ -63,35 +49,11 @@ function (user, context, callback) {
                         console.log("rule:DICE DID:credentials approved");
                         return callback(null, user, context);
                     });
+                } else {
+                    return callback('Login Error: Whoops! Something went wrong.', user, context);
                 }
             } else {
                 const maxRetry = 2;
-                const useOtp = function () {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        console.log("rule:DICE DID: redirecting to OTP page");
-                        const hostName = _.get(context, "request.hostname", null);
-                        const otpCompletetUrl = "https://" + hostName + "/continue";
-                        const retUrl = _.get(context, "request.query.returnUrl", null);
-                        const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
-                            "/otp.html?formAction=" + otpCompletetUrl +
-                            "&returnUrl=" + retUrl;
-                        context.redirect = {
-                            url: otpRedirectUrl
-                        };
-                        return callback(null, user, context);
-                    });
-                };
                 const checkDiceHealth = function (attempt) {
                     console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
                     request.get({
@@ -99,8 +61,12 @@ function (user, context, callback) {
                     }, function (error, response, body) {
                         if (error || response.statusCode !== 200) {
                             if (attempt >= maxRetry) {
-                                console.log("rule:DICE DID:dice services down, using otp flow...");
-                                useOtp();
+                                console.log("rule:DICE DID:dice services down, using other factors...");
+                                context.multifactor = {
+                                    provider: 'any',
+                                    allowRememberBrowser: false
+                                };
+                                return callback(null, user, context);
                             } else {
                                 checkDiceHealth(attempt + 1);
                             }
@@ -114,8 +80,12 @@ function (user, context, callback) {
                     });
                 };
                 if (!global.ENABLE_2FA) {
-                    console.log("rule:DICE DID:dice switch disabled, using otp flow...");
-                    useOtp();
+                    console.log("rule:DICE DID:dice switch disabled, using other factors...");
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
                 } else {
                     checkDiceHealth(1);
                 }
diff --git a/web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js b/web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js
index bca4f7c..8688144 100644
--- a/web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js
+++ b/web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js
@@ -36,7 +36,6 @@ function (user, context, callback) {
                 user.mfa_verified = res.result.content.mfaVerified;
                 // TODO need to double sure about multiple result or no result 
                 let userId = res.result.content.id;
-                user.userId = userId;
                 let handle = res.result.content.handle;
                 let roles = res.result.content.roles.map(function (role) {
                     return role.roleName;