Skip to content

Dice integration2 #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
eisbilir merged 2 commits into from
Aug 18, 2022
Merged

Dice integration2 #322

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d8cf6a5
enable other factors beside dice
eisbilir Aug 18, 2022
51a1612
use auth0 factors instead of tc otp
eisbilir Aug 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 22 additions & 52 deletions web-assets/auth0/dev-tenant/rules/DICE DID.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
function (user, context, callback) {
function DICE(user, context, callback) {
if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
console.log("rule:DICE DID:enter");

Expand All @@ -22,27 +22,13 @@ function (user, context, callback) {
console.log("rule:DICE DID:User was redirected to the /continue endpoint");
if (context.request.query.diceVerificationStatus === 'false') {
return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:support@topcoder.com">support@topcoder.com</a>.<br> Back to application ', user, context);
} else if (context.request.query.otp) {
request.post({
url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
json: {
"param": {
"userId": user.userId,
"otp": context.request.query.otp
}
}
}, function (error, response, body) {
if (error) return callback(error, user, context);
if (response.statusCode !== 200) {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
if (body.result.content.verified === true) {
return callback(null, user, context);
} else {
return callback('Login Error: wrong OTP', user, context);
}
});
} else {
} else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else if (context.request.query.code) {
const jwt_decode = require('jwt-decode');
request.post({
url: 'https://tc-vcauth-uat.diceid.com/vc/connect/token',
Expand All @@ -65,44 +51,24 @@ function (user, context, callback) {
console.log("rule:DICE DID:credentials approved");
return callback(null, user, context);
});
} else {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
} else {
const maxRetry = 2;
const useOtp = function () {
request.post({
url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
json: {
"param": {
"userId": user.userId
}
}
}, function (error, response, body) {
if (error) return callback(error, user, context);
if (response.statusCode !== 200) {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
console.log("rule:DICE DID: redirecting to OTP page");
const hostName = _.get(context, "request.hostname", null);
const otpCompletetUrl = "https://" + hostName + "/continue";
const retUrl = _.get(context, "request.query.returnUrl", null);
const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
"/otp.html?formAction=" + otpCompletetUrl +
"&returnUrl=" + retUrl;
context.redirect = {
url: otpRedirectUrl
};
return callback(null, user, context);
});
};
const checkDiceHealth = function (attempt) {
console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
request.get({
url: 'https://tc-vcauth-uat.diceid.com/.well-known/openid-configuration'
}, function (error, response, body) {
if (error || response.statusCode !== 200) {
if (attempt >= maxRetry) {
console.log("rule:DICE DID:dice services down, using otp flow...");
useOtp();
console.log("rule:DICE DID:dice services down, using other factors...");
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else {
checkDiceHealth(attempt + 1);
}
Expand All @@ -116,8 +82,12 @@ function (user, context, callback) {
});
};
if (!global.ENABLE_2FA) {
console.log("rule:DICE DID:dice switch disabled, using otp flow...");
useOtp();
console.log("rule:DICE DID:dice switch disabled, using other factors...");
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else {
checkDiceHealth(1);
}
Expand Down
1 change: 0 additions & 1 deletion web-assets/auth0/dev-tenant/rules/custom.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ function (user, context, callback) {
user.mfa_verified = res.result.content.mfaVerified;
// TODO need to double sure about multiple result or no result
let userId = res.result.content.id;
user.userId = userId;
let handle = res.result.content.handle;
let roles = res.result.content.roles.map(function (role) {
return role.roleName;
Expand Down
74 changes: 22 additions & 52 deletions web-assets/auth0/prod-tenant/rules/DICE DID.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
function (user, context, callback) {
function DICE(user, context, callback) {
if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
console.log("rule:DICE DID:enter");
if (context.redirect) {
Expand All @@ -20,27 +20,13 @@ function (user, context, callback) {
console.log("rule:DICE DID:User was redirected to the /continue endpoint");
if (context.request.query.diceVerificationStatus === 'false') {
return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:support@topcoder.com">support@topcoder.com</a>.<br> Back to application ', user, context);
} else if (context.request.query.otp) {
request.post({
url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
json: {
"param": {
"userId": user.userId,
"otp": context.request.query.otp
}
}
}, function (error, response, body) {
if (error) return callback(error, user, context);
if (response.statusCode !== 200) {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
if (body.result.content.verified === true) {
return callback(null, user, context);
} else {
return callback('Login Error: wrong OTP', user, context);
}
});
} else {
} else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else if (context.request.query.code) {
const jwt_decode = require('jwt-decode');
request.post({
url: 'https://tc-vcauth.diceid.com/vc/connect/token',
Expand All @@ -63,44 +49,24 @@ function (user, context, callback) {
console.log("rule:DICE DID:credentials approved");
return callback(null, user, context);
});
} else {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
} else {
const maxRetry = 2;
const useOtp = function () {
request.post({
url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
json: {
"param": {
"userId": user.userId
}
}
}, function (error, response, body) {
if (error) return callback(error, user, context);
if (response.statusCode !== 200) {
return callback('Login Error: Whoops! Something went wrong.', user, context);
}
console.log("rule:DICE DID: redirecting to OTP page");
const hostName = _.get(context, "request.hostname", null);
const otpCompletetUrl = "https://" + hostName + "/continue";
const retUrl = _.get(context, "request.query.returnUrl", null);
const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
"/otp.html?formAction=" + otpCompletetUrl +
"&returnUrl=" + retUrl;
context.redirect = {
url: otpRedirectUrl
};
return callback(null, user, context);
});
};
const checkDiceHealth = function (attempt) {
console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
request.get({
url: 'https://tc-vcauth.diceid.com/.well-known/openid-configuration'
}, function (error, response, body) {
if (error || response.statusCode !== 200) {
if (attempt >= maxRetry) {
console.log("rule:DICE DID:dice services down, using otp flow...");
useOtp();
console.log("rule:DICE DID:dice services down, using other factors...");
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else {
checkDiceHealth(attempt + 1);
}
Expand All @@ -114,8 +80,12 @@ function (user, context, callback) {
});
};
if (!global.ENABLE_2FA) {
console.log("rule:DICE DID:dice switch disabled, using otp flow...");
useOtp();
console.log("rule:DICE DID:dice switch disabled, using other factors...");
context.multifactor = {
provider: 'any',
allowRememberBrowser: false
};
return callback(null, user, context);
} else {
checkDiceHealth(1);
}
Expand Down
1 change: 0 additions & 1 deletion web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ function (user, context, callback) {
user.mfa_verified = res.result.content.mfaVerified;
// TODO need to double sure about multiple result or no result
let userId = res.result.content.id;
user.userId = userId;
let handle = res.result.content.handle;
let roles = res.result.content.roles.map(function (role) {
return role.roleName;
Expand Down