Skip to content

Dice new flow #324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
eisbilir merged 3 commits into from
Sep 12, 2022
Merged

Dice new flow #324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a242f00
add resend button to otp page
eisbilir Sep 8, 2022
8f87d9e
update resend otp function
eisbilir Sep 8, 2022
83d6543
use activation code
eisbilir Sep 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ SIGNUPFILENAME="./web-assets/js/signup.js"
perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME
perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $SIGNUPFILENAME

CHECKEMAIL="./web-assets/static-pages/check_email.html"
CHECKEMAIL="./web-assets/js/check_email.js"
perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $CHECKEMAIL
perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CHECKEMAIL

OTPFILENAME="./web-assets/js/otp.js"
perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $OTPFILENAME
Expand Down
9 changes: 9 additions & 0 deletions web-assets/css/styles.css
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ select::-ms-expand {
list-style: none;
list-style-image: url(./images/arrow.svg);
margin: 0px;
padding-left: 15px;
}

.checkemail-card.center-align-card .page-content .page-main .page-description ul li {
Expand Down Expand Up @@ -675,6 +676,14 @@ select::-ms-expand {
width: 20px;
}

.messages .message.notify {
background-color: #079531b8;
color: #ffffff;
}
.messages .message.notify:before {
content: "\2713";
}

/** Desktop + tab - specific CSS **/
@media (min-width: 768px) {
.center-align-card .page-content {
Expand Down
156 changes: 156 additions & 0 deletions web-assets/js/check_email.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
var qs = (function (a) {
if (a == "") return {};
var b = {};
for (var i = 0; i < a.length; ++i) {
var p = a[i].split("=", 2);
if (p.length == 1) b[p[0]] = "";
else b[p[0]] = decodeURIComponent(p[1].replace(/\+/g, " "));
}
return b;
})(window.location.search.substr(1).split("&"));
$(document).ready(function () {
window.history.forward();
const resendToken = qs["resendToken"];
const canResend = qs["canResend"];
const userId = qs["userId"];
let formAction = qs["formAction"] || "#";
const opt1 = 'https://auth.{{DOMAIN}}/continue';
const opt2 = 'https://{{AUTH0DOMAIN}}/continue';
if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) {
// looks like XSS attack
formAction = "#";
return false;
}
const apiServerUrl = "https://api.{{DOMAIN}}.com/v3/users";
$("#continueBtn").click(function () {
var otp = $("#otp").val();
if (!otp) {
$("#error").html("Need Password");
$("#error").closest(".message").fadeIn();
return false;
}
$("#error").closest(".message").fadeOut();
$("#error").html("");
$.ajax({
type: "PUT",
url: apiServerUrl + "/activate",
contentType: "application/json",
mimeType: "application/json",
data: JSON.stringify({
"param": {
userId, resendToken, otp
}
}),
dataType: "json",
success: function (result) {
$("#notify").html("Your account is activated");
$("#notify").closest(".message").fadeIn();
$("#resend-text").hide();
$('#verifyOtp').attr('action', formAction);

Check warning

Code scanning / CodeQL

Client-side cross-site scripting

Cross-site scripting vulnerability due to [user-provided value](1).

Check warning

Code scanning / CodeQL

Client-side URL redirect

Untrusted URL redirection due to [user-provided value](1).
$("#state").val(qs["state"]);
$("#returnUrl").val(qs["returnUrl"]);
$("#otp").attr('disabled', 'disabled');
$("#verifyOtp").submit();
},
error: function (error) {
if (error.responseJSON && error.responseJSON.result) {
$("#error").html(error.responseJSON.result.content);
$("#error").closest(".message").fadeIn();
} else {
$("#error").html("Unknown Error");
$("#error").closest(".message").fadeIn();
}
}
});
return false;
});
if (canResend) {
$("#resend").click(function () {
$.ajax({
type: "POST",
url: apiServerUrl + "/resendActivationEmail",
contentType: "application/json",
mimeType: "application/json",
data: JSON.stringify({
"param": {
userId, resendToken
}
}),
dataType: "json",
success: function (result) {
$("#notify").html("Email sent");
$("#notify").closest(".message").fadeIn();
$("#resend-text").hide();
},
error: function (error) {
if (error.responseJSON && error.responseJSON.result) {
$("#error").html(error.responseJSON.result.content);
$("#error").closest(".message").fadeIn();
$("#resend-text").hide();
} else {
$("#error").html("Unknown Error");
$("#error").closest(".message").fadeIn();
}
}
});
return false;
});
} else {
$("#resend-text").hide();
}

/**
* Script for field placeholder
**/
$(".messages .close-error").on("click", function () {
$(this).closest(".message").fadeOut();
});
var inputObj = $(".input-field .input-text"),
continueBtnDisable = false;
inputObj
.on("focus", function () {
$(this).parent().addClass("active focussed");
})
.on("blur", function () {
var parentObj = $(this).parent();
if ($(this).val() === "") {
parentObj.removeClass("active");
}
parentObj.removeClass("focussed");
})
.on("change keydown paste input", function () {
var disableStatus = false;
inputObj.each(function (index, element) {
if ($(element).val() === "") {
disableStatus = true;
return;
} else {
disableStatus = false;
return;
}
});
setContinueButtonDisabledStatus(disableStatus);
})
.each(function (index, element) {
var parentObj = $(element).parent();
if ($(element).val() !== "") {
parentObj.addClass("active");
} else {
parentObj.removeClass("active");
}

if ($(element).val() === "" && continueBtnDisable === false) {
continueBtnDisable = true;
}

setContinueButtonDisabledStatus(continueBtnDisable);
});
});
function setContinueButtonDisabledStatus(status) {
var continueBtnObj = $("#continueBtn");
if (status) {
continueBtnObj.attr("disabled", true);
} else {
continueBtnObj.removeAttr("disabled");
}
}
38 changes: 36 additions & 2 deletions web-assets/js/otp.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,10 @@ $(document).ready(function () {
$("#error").closest(".message").fadeOut();
$("#error").html("");
let formAction = qs["formAction"];
console.log(formAction)
const opt1 = 'https://auth.{{DOMAIN}}/continue';
const opt2 = 'https://{{AUTH0DOMAIN}}/continue';
if (!formAction.startsWith(opt1) && !formAction.startsWith(opt2)) {
// looks like XSS attack
console.log("err")
formAction = "#";
}
$('#verifyOtp').attr('action', formAction);
Expand All @@ -34,6 +32,42 @@ $(document).ready(function () {
$("#verifyOtp").submit();
return false;
});
const resendToken = qs["resendToken"];
const userId = qs["userId"];
if (resendToken && userId) {
const apiServerUrl = "https://api.{{DOMAIN}}.com/v3/users";
$("#resend").click(function () {
$.ajax({
type: "POST",
url: apiServerUrl + "/resendOtpEmail",
contentType: "application/json",
mimeType: "application/json",
data: JSON.stringify({
"param": {
userId, resendToken
}
}),
dataType: "json",
success: function (result) {
$("#notify").html("Email sent");
$("#notify").closest(".message").fadeIn();
$("#resend").hide();
},
error: function (error) {
if (error.responseJSON && error.responseJSON.result) {
$("#error").html(error.responseJSON.result.content);
$("#error").closest(".message").fadeIn();
$("#resend").hide();
} else {
$("#error").html("Unknown Error");
$("#error").closest(".message").fadeIn();
}
}
});
});
} else {
$("#resend").hide();
}

/**
* Script for field placeholder
Expand Down
63 changes: 31 additions & 32 deletions web-assets/static-pages/check_email.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,36 +11,8 @@
<link href="https://fonts.googleapis.com/css2?family=Barlow&family=Barlow+Condensed:wght@500&display=swap"
rel="stylesheet">
<link rel="stylesheet" href="./styles.css" />
<script>
var qs = (function (a) {
if (a == "") return {};
var b = {};
for (var i = 0; i < a.length; ++i) {
var p = a[i].split("=", 2);
if (p.length == 1) b[p[0]] = "";
else b[p[0]] = decodeURIComponent(p[1].replace(/\+/g, " "));
}
return b;
})(window.location.search.substr(1).split("&"));
window.addEventListener("load", () => {
var state = qs['state'];
if (state) {
document.querySelector("#resend").addEventListener("click", e => {
e.preventDefault();
window.location = 'https://auth.{{DOMAIN}}/continue?state=' + state + '&resend=1';
});
} else {
document.querySelector("#resend-text").style.display = "none";
}
});
</script>
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-MXXQHG8');</script>
<!-- End Google Tag Manager -->
<script src="https://tc-public-static-files.topcoder.com/topcoder-auth/js/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="check_email.js"></script>
</head>

<body class="center-align-card checkemail-card">
Expand All @@ -61,6 +33,33 @@ <h1 id="page-title-heading" class="page-title-heading">
<h2 id="page-subtitle-heading" class="page-subtitle-heading">
Welcome to the Topcoder Community!
</h2>
<div class="messages">
<div role="alert" class="message error">
<div id="error" class="message-content"></div>
<span class="close-error" tabindex="0">
<span class="clip-me">Close</span>
</span>
</div>
<div role="alert" class="message notify">
<div id="notify" class="message-content"></div>
<span class="close-error" tabindex="0">
<span class="clip-me">Close</span>
</span>
</div>
</div>
<form method="GET" id="verifyOtp" action="#">
<input id="state" name="state" value="" type="hidden" />
<input id="returnUrl" name="returnUrl" value="" type="hidden" />
<div id="otpdiv" class="input-field active">
<label for="otp">One Time Password</label>
<input id="otp" name="otp" size="6" class="input-text" autocomplete="off" />
</div>
<div id="sb" class="action-wrapper">
<button type="submit" id="continueBtn" class="continue-btn" disabled="disabled">
Continue
</button>
</div>
</form>
<div class="page-description">
<ul>
<li><span>Don't see an email? Try spam just in case.
Expand Down Expand Up @@ -89,11 +88,11 @@ <h2 id="page-subtitle-heading" class="page-subtitle-heading">
</footer>
</div>
<script>
document.addEventListener("DOMContentLoaded", function(){
document.addEventListener("DOMContentLoaded", function () {
var copyRightText = document.getElementsByClassName("copyright-text");
copyRightText[0].innerHTML = "<strong>&copy;</strong> " + new Date().getFullYear() + " Topcoder. All Rights Reserved"
});
</script>
</body>

</html>
</html>
9 changes: 9 additions & 0 deletions web-assets/static-pages/otp.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ <h1 id="page-title-heading" class="page-title-heading">
<span class="clip-me">Close</span>
</span>
</div>
<div role="alert" class="message notify">
<div id="notify" class="message-content"></div>
<span class="close-error" tabindex="0">
<span class="clip-me">Close</span>
</span>
</div>
</div>
<form method="GET" id="verifyOtp" action="#">
<input id="state" name="state" value="" type="hidden" />
Expand All @@ -51,6 +57,9 @@ <h1 id="page-title-heading" class="page-title-heading">
</button>
</div>
</form>
<div id="resend" style="text-align:left;">
<a>resend code</a>
</div>
</main>
</div>
<footer class="footer">
Expand Down