From a242f00bb2fcfeff6c278094d6b71e7385e92b42 Mon Sep 17 00:00:00 2001
From: Emre <emre.isbilir@gmail.com>
Date: Thu, 8 Sep 2022 16:26:25 +0300
Subject: [PATCH 1/3] add resend button to otp page

---
 web-assets/static-pages/otp.html | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/web-assets/static-pages/otp.html b/web-assets/static-pages/otp.html
index c09c518..7f2067c 100644
--- a/web-assets/static-pages/otp.html
+++ b/web-assets/static-pages/otp.html
@@ -51,6 +51,9 @@ <h1 id="page-title-heading" class="page-title-heading">
             </button>
           </div>
         </form>
+        <div id="resend" style="text-align:left;">
+          <a>resend code</a>
+        </div>
       </main>
     </div>
     <footer class="footer">

From 8f87d9e5023f20b4be286c98970100fc930ce95e Mon Sep 17 00:00:00 2001
From: eisbilir <emre.isbilir@gmail.com>
Date: Thu, 8 Sep 2022 23:28:20 +0300
Subject: [PATCH 2/3] update resend otp function

---
 web-assets/css/styles.css        |  8 +++++++
 web-assets/js/otp.js             | 38 ++++++++++++++++++++++++++++++--
 web-assets/static-pages/otp.html |  6 +++++
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/web-assets/css/styles.css b/web-assets/css/styles.css
index 8dbf6d5..a757c52 100644
--- a/web-assets/css/styles.css
+++ b/web-assets/css/styles.css
@@ -675,6 +675,14 @@ select::-ms-expand {
   width: 20px;
 }
 
+.messages .message.notify {
+  background-color: #079531b8;
+  color: #ffffff;
+}
+.messages .message.notify:before {
+  content: "\2713";
+}
+
 /** Desktop + tab - specific CSS **/
 @media (min-width: 768px) {
   .center-align-card .page-content {
diff --git a/web-assets/js/otp.js b/web-assets/js/otp.js
index c3f2853..51e3c8d 100644
--- a/web-assets/js/otp.js
+++ b/web-assets/js/otp.js
@@ -20,12 +20,10 @@ $(document).ready(function () {
     $("#error").closest(".message").fadeOut();
     $("#error").html("");
     let formAction = qs["formAction"];
-    console.log(formAction)
     const opt1 = 'https://auth.{{DOMAIN}}/continue';
     const opt2 = 'https://{{AUTH0DOMAIN}}/continue';
     if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) {
       // looks like XSS attack
-      console.log("err")
       formAction = "#";
     }
     $('#verifyOtp').attr('action', formAction);
@@ -34,6 +32,42 @@ $(document).ready(function () {
     $("#verifyOtp").submit();
     return false;
   });
+  const resendToken = qs["resendToken"];
+  const userId = qs["userId"];
+  if (resendToken && userId) {
+    const apiServerUrl = "https://api.{{DOMAIN}}.com/v3/users";
+    $("#resend").click(function () {
+      $.ajax({
+        type: "POST",
+        url: apiServerUrl + "/resendOtpEmail",
+        contentType: "application/json",
+        mimeType: "application/json",
+        data: JSON.stringify({
+          "param": {
+            userId, resendToken
+          }
+        }),
+        dataType: "json",
+        success: function (result) {
+          $("#notify").html("Email sent");
+          $("#notify").closest(".message").fadeIn();
+          $("#resend").hide();
+        },
+        error: function (error) {
+          if (error.responseJSON && error.responseJSON.result) {
+            $("#error").html(error.responseJSON.result.content);
+            $("#error").closest(".message").fadeIn();
+            $("#resend").hide();
+          } else {
+            $("#error").html("Unknown Error");
+            $("#error").closest(".message").fadeIn();
+          }
+        }
+      });
+    });
+  } else {
+    $("#resend").hide();
+  }
 
   /**
    * Script for field placeholder
diff --git a/web-assets/static-pages/otp.html b/web-assets/static-pages/otp.html
index 7f2067c..a584663 100644
--- a/web-assets/static-pages/otp.html
+++ b/web-assets/static-pages/otp.html
@@ -37,6 +37,12 @@ <h1 id="page-title-heading" class="page-title-heading">
               <span class="clip-me">Close</span>
             </span>
           </div>
+          <div role="alert" class="message notify">
+            <div id="notify" class="message-content"></div>
+            <span class="close-error" tabindex="0">
+              <span class="clip-me">Close</span>
+            </span>
+          </div>
         </div>
         <form method="GET" id="verifyOtp" action="#">
           <input id="state" name="state" value="" type="hidden" />

From 83d65430cf8afc293b2f53912af55250fb9ec60d Mon Sep 17 00:00:00 2001
From: eisbilir <emre.isbilir@gmail.com>
Date: Sun, 11 Sep 2022 23:24:31 +0300
Subject: [PATCH 3/3] use activation code

---
 build.sh                                 |   3 +-
 web-assets/css/styles.css                |   1 +
 web-assets/js/check_email.js             | 156 +++++++++++++++++++++++
 web-assets/static-pages/check_email.html |  63 +++++----
 4 files changed, 190 insertions(+), 33 deletions(-)
 create mode 100644 web-assets/js/check_email.js

diff --git a/build.sh b/build.sh
index 4ee2650..5d0d4fb 100755
--- a/build.sh
+++ b/build.sh
@@ -12,8 +12,9 @@ SIGNUPFILENAME="./web-assets/js/signup.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME
 perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $SIGNUPFILENAME
 
-CHECKEMAIL="./web-assets/static-pages/check_email.html"
+CHECKEMAIL="./web-assets/js/check_email.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $CHECKEMAIL
+perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CHECKEMAIL
 
 OTPFILENAME="./web-assets/js/otp.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $OTPFILENAME
diff --git a/web-assets/css/styles.css b/web-assets/css/styles.css
index a757c52..cc2d1eb 100644
--- a/web-assets/css/styles.css
+++ b/web-assets/css/styles.css
@@ -295,6 +295,7 @@ select::-ms-expand {
   list-style: none;
   list-style-image: url(./images/arrow.svg);
   margin: 0px;
+  padding-left: 15px;
 }
 
 .checkemail-card.center-align-card .page-content .page-main .page-description ul li {
diff --git a/web-assets/js/check_email.js b/web-assets/js/check_email.js
new file mode 100644
index 0000000..58d1ff1
--- /dev/null
+++ b/web-assets/js/check_email.js
@@ -0,0 +1,156 @@
+var qs = (function (a) {
+  if (a == "") return {};
+  var b = {};
+  for (var i = 0; i < a.length; ++i) {
+    var p = a[i].split("=", 2);
+    if (p.length == 1) b[p[0]] = "";
+    else b[p[0]] = decodeURIComponent(p[1].replace(/\+/g, " "));
+  }
+  return b;
+})(window.location.search.substr(1).split("&"));
+$(document).ready(function () {
+  window.history.forward();
+  const resendToken = qs["resendToken"];
+  const canResend = qs["canResend"];
+  const userId = qs["userId"];
+  let formAction = qs["formAction"] || "#";
+  const opt1 = 'https://auth.{{DOMAIN}}/continue';
+  const opt2 = 'https://{{AUTH0DOMAIN}}/continue';
+  if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) {
+    // looks like XSS attack
+    formAction = "#";
+    return false;
+  }
+  const apiServerUrl = "https://api.{{DOMAIN}}.com/v3/users";
+  $("#continueBtn").click(function () {
+    var otp = $("#otp").val();
+    if (!otp) {
+      $("#error").html("Need Password");
+      $("#error").closest(".message").fadeIn();
+      return false;
+    }
+    $("#error").closest(".message").fadeOut();
+    $("#error").html("");
+    $.ajax({
+      type: "PUT",
+      url: apiServerUrl + "/activate",
+      contentType: "application/json",
+      mimeType: "application/json",
+      data: JSON.stringify({
+        "param": {
+          userId, resendToken, otp
+        }
+      }),
+      dataType: "json",
+      success: function (result) {
+        $("#notify").html("Your account is activated");
+        $("#notify").closest(".message").fadeIn();
+        $("#resend-text").hide();
+        $('#verifyOtp').attr('action', formAction);
+        $("#state").val(qs["state"]);
+        $("#returnUrl").val(qs["returnUrl"]);
+        $("#otp").attr('disabled', 'disabled');
+        $("#verifyOtp").submit();
+      },
+      error: function (error) {
+        if (error.responseJSON && error.responseJSON.result) {
+          $("#error").html(error.responseJSON.result.content);
+          $("#error").closest(".message").fadeIn();
+        } else {
+          $("#error").html("Unknown Error");
+          $("#error").closest(".message").fadeIn();
+        }
+      }
+    });
+    return false;
+  });
+  if (canResend) {
+    $("#resend").click(function () {
+      $.ajax({
+        type: "POST",
+        url: apiServerUrl + "/resendActivationEmail",
+        contentType: "application/json",
+        mimeType: "application/json",
+        data: JSON.stringify({
+          "param": {
+            userId, resendToken
+          }
+        }),
+        dataType: "json",
+        success: function (result) {
+          $("#notify").html("Email sent");
+          $("#notify").closest(".message").fadeIn();
+          $("#resend-text").hide();
+        },
+        error: function (error) {
+          if (error.responseJSON && error.responseJSON.result) {
+            $("#error").html(error.responseJSON.result.content);
+            $("#error").closest(".message").fadeIn();
+            $("#resend-text").hide();
+          } else {
+            $("#error").html("Unknown Error");
+            $("#error").closest(".message").fadeIn();
+          }
+        }
+      });
+      return false;
+    });
+  } else {
+    $("#resend-text").hide();
+  }
+
+  /**
+   * Script for field placeholder
+   **/
+  $(".messages .close-error").on("click", function () {
+    $(this).closest(".message").fadeOut();
+  });
+  var inputObj = $(".input-field .input-text"),
+    continueBtnDisable = false;
+  inputObj
+    .on("focus", function () {
+      $(this).parent().addClass("active focussed");
+    })
+    .on("blur", function () {
+      var parentObj = $(this).parent();
+      if ($(this).val() === "") {
+        parentObj.removeClass("active");
+      }
+      parentObj.removeClass("focussed");
+    })
+    .on("change keydown paste input", function () {
+      var disableStatus = false;
+      inputObj.each(function (index, element) {
+        if ($(element).val() === "") {
+          disableStatus = true;
+          return;
+        } else {
+          disableStatus = false;
+          return;
+        }
+      });
+      setContinueButtonDisabledStatus(disableStatus);
+    })
+    .each(function (index, element) {
+      var parentObj = $(element).parent();
+      if ($(element).val() !== "") {
+        parentObj.addClass("active");
+      } else {
+        parentObj.removeClass("active");
+      }
+
+      if ($(element).val() === "" && continueBtnDisable === false) {
+        continueBtnDisable = true;
+      }
+
+      setContinueButtonDisabledStatus(continueBtnDisable);
+    });
+});
+function setContinueButtonDisabledStatus(status) {
+  var continueBtnObj = $("#continueBtn");
+  if (status) {
+    continueBtnObj.attr("disabled", true);
+  } else {
+    continueBtnObj.removeAttr("disabled");
+  }
+}
diff --git a/web-assets/static-pages/check_email.html b/web-assets/static-pages/check_email.html
index 670ac92..00598e4 100644
--- a/web-assets/static-pages/check_email.html
+++ b/web-assets/static-pages/check_email.html
@@ -11,36 +11,8 @@
   <link href="https://fonts.googleapis.com/css2?family=Barlow&family=Barlow+Condensed:wght@500&display=swap"
     rel="stylesheet">
   <link rel="stylesheet" href="./styles.css" />
-  <script>
-    var qs = (function (a) {
-      if (a == "") return {};
-      var b = {};
-      for (var i = 0; i < a.length; ++i) {
-        var p = a[i].split("=", 2);
-        if (p.length == 1) b[p[0]] = "";
-        else b[p[0]] = decodeURIComponent(p[1].replace(/\+/g, " "));
-      }
-      return b;
-    })(window.location.search.substr(1).split("&"));
-    window.addEventListener("load", () => {
-      var state = qs['state'];
-      if (state) {
-        document.querySelector("#resend").addEventListener("click", e => {
-          e.preventDefault();
-          window.location = 'https://auth.{{DOMAIN}}/continue?state=' + state + '&resend=1';
-        });
-      } else {
-        document.querySelector("#resend-text").style.display = "none";
-      }
-    });
-  </script>
-  <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
-  new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
-  j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
-  'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
-  })(window,document,'script','dataLayer','GTM-MXXQHG8');</script>
-  <!-- End Google Tag Manager -->
+  <script src="https://tc-public-static-files.topcoder.com/topcoder-auth/js/jquery-3.5.1.min.js"></script>
+  <script type="text/javascript" src="check_email.js"></script>
 </head>
 
 <body class="center-align-card checkemail-card">
@@ -61,6 +33,33 @@ <h1 id="page-title-heading" class="page-title-heading">
         <h2 id="page-subtitle-heading" class="page-subtitle-heading">
           Welcome to the Topcoder Community!
         </h2>
+        <div class="messages">
+          <div role="alert" class="message error">
+            <div id="error" class="message-content"></div>
+            <span class="close-error" tabindex="0">
+              <span class="clip-me">Close</span>
+            </span>
+          </div>
+          <div role="alert" class="message notify">
+            <div id="notify" class="message-content"></div>
+            <span class="close-error" tabindex="0">
+              <span class="clip-me">Close</span>
+            </span>
+          </div>
+        </div>
+        <form method="GET" id="verifyOtp" action="#">
+          <input id="state" name="state" value="" type="hidden" />
+          <input id="returnUrl" name="returnUrl" value="" type="hidden" />
+          <div id="otpdiv" class="input-field active">
+            <label for="otp">One Time Password</label>
+            <input id="otp" name="otp" size="6" class="input-text" autocomplete="off" />
+          </div>
+          <div id="sb" class="action-wrapper">
+            <button type="submit" id="continueBtn" class="continue-btn" disabled="disabled">
+              Continue
+            </button>
+          </div>
+        </form>
         <div class="page-description">
           <ul>
             <li><span>Don't see an email? Try spam just in case.
@@ -89,11 +88,11 @@ <h2 id="page-subtitle-heading" class="page-subtitle-heading">
     </footer>
   </div>
   <script>
-    document.addEventListener("DOMContentLoaded", function(){
+    document.addEventListener("DOMContentLoaded", function () {
       var copyRightText = document.getElementsByClassName("copyright-text");
       copyRightText[0].innerHTML = "<strong>&copy;</strong> " + new Date().getFullYear() + " Topcoder. All Rights Reserved"
     });
   </script>
 </body>
 
-</html>
+</html>
\ No newline at end of file