[IAMRISK-3539] Add challenge endpoint for signup (#1467)

auth0 · Sep 26, 2024 · 35105eb · 35105eb
1 parent 231307b
commit 35105eb
Show file tree

Hide file tree

Showing 12 changed files with 951 additions and 297 deletions.
diff --git a/dist/auth0.js b/dist/auth0.js
diff --git a/dist/auth0.min.esm.js b/dist/auth0.min.esm.js
diff --git a/dist/auth0.min.esm.js.map b/dist/auth0.min.esm.js.map
diff --git a/dist/auth0.min.js b/dist/auth0.min.js
diff --git a/dist/auth0.min.js.map b/dist/auth0.min.js.map
diff --git a/dist/cordova-auth0-plugin.js b/dist/cordova-auth0-plugin.js
diff --git a/dist/cordova-auth0-plugin.min.js b/dist/cordova-auth0-plugin.min.js
diff --git a/dist/cordova-auth0-plugin.min.js.map b/dist/cordova-auth0-plugin.min.js.map
diff --git a/src/authentication/db-connection.js b/src/authentication/db-connection.js
@@ -139,4 +139,20 @@ DBConnection.prototype.getPasswordResetChallenge = function (cb) {
     .end(responseHandler(cb, { ignoreCasing: true }));
 };
 
+
+DBConnection.prototype.getSignupChallenge = function (cb) {
+  assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });
+
+  if (!this.baseOptions.state) {
+    return cb();
+  }
+
+  var url = urljoin(this.baseOptions.rootUrl, 'dbconnections', 'signup', 'challenge');
+
+  return this.request
+    .post(url)
+    .send({ state: this.baseOptions.state })
+    .end(responseHandler(cb, { ignoreCasing: true }));
+};
+
 export default DBConnection;
diff --git a/src/web-auth/captcha.js b/src/web-auth/captcha.js
@@ -7,6 +7,7 @@ var captchaSolved = noop;
 
 var Flow = {
   DEFAULT: 'default',
+  SIGNUP: 'signup',
   PASSWORDLESS: 'passwordless',
   PASSWORD_RESET: 'password_reset'
 };
@@ -417,6 +418,8 @@ function render(auth0Client, flow, element, options, callback) {
       auth0Client.passwordless.getChallenge(challengeCallback);
     } else if (flow === Flow.PASSWORD_RESET) {
       auth0Client.dbConnection.getPasswordResetChallenge(challengeCallback);
+    } else if (flow === Flow.SIGNUP) {
+      auth0Client.dbConnection.getSignupChallenge(challengeCallback);
     } else {
       auth0Client.getChallenge(challengeCallback);
     }

diff --git a/src/web-auth/index.js b/src/web-auth/index.js
@@ -642,15 +642,15 @@ WebAuth.prototype.renewAuth = function (options, cb) {
  * Renews an existing session on Auth0's servers using `response_mode=web_message`
  *
  * Allows you to acquire a new token from Auth0 for a user who already
- * has an SSO session established against Auth0 for your domain. 
- * If the user is not authenticated, the authentication result will be empty 
+ * has an SSO session established against Auth0 for your domain.
+ * If the user is not authenticated, the authentication result will be empty
  * and you'll receive an error like this: `{error: 'login_required'}`.
  * The method accepts any valid OAuth2 parameters that would normally be sent to `/authorize`.
- * 
+ *
  * Everything happens inside an iframe, so it will not reload your application or redirect away from it.
- * 
- * **Important:** If you're not using the hosted login page to do social logins, 
- * you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social). 
+ *
+ * **Important:** If you're not using the hosted login page to do social logins,
+ * you have to use your own [social connection keys](https://manage.auth0.com/#/connections/social).
  * If you use Auth0's dev keys, you'll always get `login_required` as an error when calling `checkSession`.
  *
  * **Important:** Because there is no redirect in this method, `responseType: 'code'` is not supported and will throw an error.
@@ -664,7 +664,7 @@ WebAuth.prototype.renewAuth = function (options, cb) {
  * function(err, authResult) {
  *   // Authentication tokens or error
  * });
- * 
+ *
  * @method checkSession
  * @param {Object} [options]
  * @param {String} [options.clientID] the Client ID found on your Application settings page
@@ -1138,7 +1138,7 @@ WebAuth.prototype.passwordlessVerify = function (options, cb) {
 
 /**
  *
- * Renders the captcha challenge in the provided element.
+ * Renders the login captcha challenge in the provided element.
  * This function can only be used in the context of a Classic Universal Login Page.
  *
  * @method renderCaptcha
@@ -1161,6 +1161,35 @@ WebAuth.prototype.renderCaptcha = function (element, options, callback) {
   return captcha.render(this.client, captcha.Flow.DEFAULT, element, options, callback);
 };
 
+/**
+ *
+ * Renders the signup captcha challenge in the provided element.
+ * This function can only be used in the context of a Classic Universal Login Page.
+ *
+ * @method renderSignupCaptcha
+ * @param {HTMLElement} element The element where the captcha needs to be rendered
+ * @param {Object} options The configuration options for the captcha
+ * @param {Object} [options.templates] An object containing templates for each captcha provider
+ * @param {Function} [options.templates.auth0] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.recaptcha_v2] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.recaptcha_enterprise] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
+ * @param {String} [options.lang=en] the ISO code of the language for the captcha provider
+ * @param {captchaLoadedCallback} [callback] An optional callback called after captcha is loaded
+ * @memberof WebAuth.prototype
+ */
+WebAuth.prototype.renderSignupCaptcha = function (
+  element,
+  options,
+  callback
+) {
+  return captcha.render(this.client, captcha.Flow.SIGNUP, element, options, callback);
+};
+
 /**
  *
  * Renders the passwordless captcha challenge in the provided element.

diff --git a/test/authentication/db-connection.test.js b/test/authentication/db-connection.test.js
@@ -319,4 +319,94 @@ describe('auth0.authentication', function () {
       });
     });
   });
+
+  context('dbConnection getSignupChallenge', function () {
+    context('when the client does not have state', function () {
+      before(function () {
+        this.auth0 = new Authentication(this.webAuthSpy, {
+          domain: 'me.auth0.com',
+          clientID: '...',
+          redirectUri: 'http://page.com/callback',
+          responseType: 'code',
+          _sendTelemetry: false
+        });
+      });
+
+      it('should return nothing', function (done) {
+        this.auth0.dbConnection.getSignupChallenge((err, challenge) => {
+          expect(err).to.not.be.ok();
+          expect(challenge).to.not.be.ok();
+          done();
+        });
+      });
+    });
+
+    context('when the client has state', function () {
+      before(function () {
+        this.auth0 = new Authentication(this.webAuthSpy, {
+          domain: 'me.auth0.com',
+          clientID: '...',
+          redirectUri: 'http://page.com/callback',
+          responseType: 'code',
+          _sendTelemetry: false,
+          state: '123abc'
+        });
+      });
+
+      afterEach(function () {
+        request.post.restore();
+      });
+
+      it('should post state and returns the image/type', function (done) {
+        sinon.stub(request, 'post').callsFake(function (url) {
+          expect(url).to.be('https://me.auth0.com/dbconnections/signup/challenge');
+          return new RequestMock({
+            body: {
+              state: '123abc'
+            },
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            cb: function (cb) {
+              cb(null, {
+                body: {
+                  image: 'svg+yadayada',
+                  type: 'code'
+                }
+              });
+            }
+          });
+        });
+
+        this.auth0.dbConnection.getSignupChallenge((err, challenge) => {
+          expect(err).to.not.be.ok();
+          expect(challenge.image).to.be('svg+yadayada');
+          expect(challenge.type).to.be('code');
+          done();
+        });
+      });
+
+      it('should return the error if network fails', function (done) {
+        sinon.stub(request, 'post').callsFake(function (url) {
+          expect(url).to.be('https://me.auth0.com/dbconnections/signup/challenge');
+          return new RequestMock({
+            body: {
+              state: '123abc'
+            },
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            cb: function (cb) {
+              cb(new Error('error error error'));
+            }
+          });
+        });
+
+        this.auth0.dbConnection.getSignupChallenge((err, challenge) => {
+          expect(err.original.message).to.equal('error error error');
+          done();
+        });
+      });
+    });
+  });
 });