Merge pull request #325 from topcoder-platform/dev

Dev

Author: eisbilir

build.sh

@@ -12,13 +12,26 @@ SIGNUPFILENAME="./web-assets/js/signup.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $SIGNUPFILENAME
 perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $SIGNUPFILENAME
 
-CHECKEMAIL="./web-assets/static-pages/check_email.html"
+CHECKEMAIL="./web-assets/js/check_email.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $CHECKEMAIL
+perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $CHECKEMAIL
 
 OTPFILENAME="./web-assets/js/otp.js"
 perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $OTPFILENAME
 perl -pi -e "s/\{\{AUTH0DOMAIN\}\}/$AUTH0DOMAIN/g" $OTPFILENAME
 
+OTPPAGEFILE="./web-assets/static-pages/otp.html"
+perl -pi -e "s/\{\{GTM\}\}/$GTM/g" $OTPPAGEFILE
+
+DICECALLBACK="./web-assets/static-pages/dice-verify-callback.html"
+perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $DICECALLBACK
+perl -pi -e "s/\{\{DICE_AUTH\}\}/$DICE_AUTH/g" $DICECALLBACK
+perl -pi -e "s/\{\{CA_SUB_1\}\}/$CA_SUB_1/g" $DICECALLBACK
+
+DICEVERIFIER="./web-assets/static-pages/dice-verifier.html"
+perl -pi -e "s/\{\{DOMAIN\}\}/$DOMAIN/g" $DICEVERIFIER
+perl -pi -e "s/\{\{DICE_AUTH\}\}/$DICE_AUTH/g" $DICEVERIFIER
+
 mkdir dist
 cp -rv ./web-assets/css/* ./dist/
 cp -rv ./web-assets/js/* ./dist/

web-assets/auth0/dev-tenant/rules/DICE DID.js

@@ -1,4 +1,4 @@
-function (user, context, callback) {
+function DICE(user, context, callback) {
     if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
         console.log("rule:DICE DID:enter");
 
@@ -22,27 +22,13 @@ function (user, context, callback) {
                 console.log("rule:DICE DID:User was redirected to the /continue endpoint");
                 if (context.request.query.diceVerificationStatus === 'false') {
                     return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:[email protected]">[email protected]</a>.<br> Back to application ', user, context);
-                } else if (context.request.query.otp) {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId,
-                                "otp": context.request.query.otp
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        if (body.result.content.verified === true) {
-                            return callback(null, user, context);
-                        } else {
-                            return callback('Login Error: wrong OTP', user, context);
-                        }
-                    });
-                } else {
+                } else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
+                } else if (context.request.query.code) {
                     const jwt_decode = require('jwt-decode');
                     request.post({
                         url: 'https://tc-vcauth-uat.diceid.com/vc/connect/token',
@@ -65,44 +51,24 @@ function (user, context, callback) {
                         console.log("rule:DICE DID:credentials approved");
                         return callback(null, user, context);
                     });
+                } else {
+                    return callback('Login Error: Whoops! Something went wrong.', user, context);
                 }
             } else {
                 const maxRetry = 2;
-                const useOtp = function () {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        console.log("rule:DICE DID: redirecting to OTP page");
-                        const hostName = _.get(context, "request.hostname", null);
-                        const otpCompletetUrl = "https://" + hostName + "/continue";
-                        const retUrl = _.get(context, "request.query.returnUrl", null);
-                        const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
-                            "/otp.html?formAction=" + otpCompletetUrl +
-                            "&returnUrl=" + retUrl;
-                        context.redirect = {
-                            url: otpRedirectUrl
-                        };
-                        return callback(null, user, context);
-                    });
-                };
                 const checkDiceHealth = function (attempt) {
                     console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
                     request.get({
                         url: 'https://tc-vcauth-uat.diceid.com/.well-known/openid-configuration'
                     }, function (error, response, body) {
                         if (error || response.statusCode !== 200) {
                             if (attempt >= maxRetry) {
-                                console.log("rule:DICE DID:dice services down, using otp flow...");
-                                useOtp();
+                                console.log("rule:DICE DID:dice services down, using other factors...");
+                                context.multifactor = {
+                                    provider: 'any',
+                                    allowRememberBrowser: false
+                                };
+                                return callback(null, user, context);
                             } else {
                                 checkDiceHealth(attempt + 1);
                             }
@@ -116,8 +82,12 @@ function (user, context, callback) {
                     });
                 };
                 if (!global.ENABLE_2FA) {
-                    console.log("rule:DICE DID:dice switch disabled, using otp flow...");
-                    useOtp();
+                    console.log("rule:DICE DID:dice switch disabled, using other factors...");
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
                 } else {
                     checkDiceHealth(1);
                 }

web-assets/auth0/dev-tenant/rules/custom.js

@@ -39,7 +39,6 @@ function (user, context, callback) {
               user.mfa_verified = res.result.content.mfaVerified;
               // TODO need to double sure about multiple result or no result 
               let userId = res.result.content.id;
-              user.userId = userId;
               let handle = res.result.content.handle;
               let roles = res.result.content.roles.map(function (role) {
                   return role.roleName;

web-assets/auth0/prod-tenant/rules/DICE DID.js

@@ -1,4 +1,4 @@
-function (user, context, callback) {
+function DICE(user, context, callback) {
     if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
         console.log("rule:DICE DID:enter");
         if (context.redirect) {
@@ -20,27 +20,13 @@ function (user, context, callback) {
                 console.log("rule:DICE DID:User was redirected to the /continue endpoint");
                 if (context.request.query.diceVerificationStatus === 'false') {
                     return callback('Login Error: Credentials verification is failed.<br>Please contact with support <a href="mailto:[email protected]">[email protected]</a>.<br> Back to application ', user, context);
-                } else if (context.request.query.otp) {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/checkOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId,
-                                "otp": context.request.query.otp
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        if (body.result.content.verified === true) {
-                            return callback(null, user, context);
-                        } else {
-                            return callback('Login Error: wrong OTP', user, context);
-                        }
-                    });
-                } else {
+                } else if (context.request.query.otherMethods || _.isEmpty(user.multifactor)) {
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
+                } else if (context.request.query.code) {
                     const jwt_decode = require('jwt-decode');
                     request.post({
                         url: 'https://tc-vcauth.diceid.com/vc/connect/token',
@@ -63,44 +49,24 @@ function (user, context, callback) {
                         console.log("rule:DICE DID:credentials approved");
                         return callback(null, user, context);
                     });
+                } else {
+                    return callback('Login Error: Whoops! Something went wrong.', user, context);
                 }
             } else {
                 const maxRetry = 2;
-                const useOtp = function () {
-                    request.post({
-                        url: 'https://api.' + configuration.DOMAIN + '/v3/users/sendOtp',
-                        json: {
-                            "param": {
-                                "userId": user.userId
-                            }
-                        }
-                    }, function (error, response, body) {
-                        if (error) return callback(error, user, context);
-                        if (response.statusCode !== 200) {
-                            return callback('Login Error: Whoops! Something went wrong.', user, context);
-                        }
-                        console.log("rule:DICE DID: redirecting to OTP page");
-                        const hostName = _.get(context, "request.hostname", null);
-                        const otpCompletetUrl = "https://" + hostName + "/continue";
-                        const retUrl = _.get(context, "request.query.returnUrl", null);
-                        const otpRedirectUrl = configuration.CUSTOM_PAGES_BASE_URL +
-                            "/otp.html?formAction=" + otpCompletetUrl +
-                            "&returnUrl=" + retUrl;
-                        context.redirect = {
-                            url: otpRedirectUrl
-                        };
-                        return callback(null, user, context);
-                    });
-                };
                 const checkDiceHealth = function (attempt) {
                     console.log("rule:DICE DID:checking dice health, attempt:" + attempt);
                     request.get({
                         url: 'https://tc-vcauth.diceid.com/.well-known/openid-configuration'
                     }, function (error, response, body) {
                         if (error || response.statusCode !== 200) {
                             if (attempt >= maxRetry) {
-                                console.log("rule:DICE DID:dice services down, using otp flow...");
-                                useOtp();
+                                console.log("rule:DICE DID:dice services down, using other factors...");
+                                context.multifactor = {
+                                    provider: 'any',
+                                    allowRememberBrowser: false
+                                };
+                                return callback(null, user, context);
                             } else {
                                 checkDiceHealth(attempt + 1);
                             }
@@ -114,8 +80,12 @@ function (user, context, callback) {
                     });
                 };
                 if (!global.ENABLE_2FA) {
-                    console.log("rule:DICE DID:dice switch disabled, using otp flow...");
-                    useOtp();
+                    console.log("rule:DICE DID:dice switch disabled, using other factors...");
+                    context.multifactor = {
+                        provider: 'any',
+                        allowRememberBrowser: false
+                    };
+                    return callback(null, user, context);
                 } else {
                     checkDiceHealth(1);
                 }

web-assets/auth0/prod-tenant/rules/New-Account-App-Custom-Claims.js

@@ -36,7 +36,6 @@ function (user, context, callback) {
                 user.mfa_verified = res.result.content.mfaVerified;
                 // TODO need to double sure about multiple result or no result 
                 let userId = res.result.content.id;
-                user.userId = userId;
                 let handle = res.result.content.handle;
                 let roles = res.result.content.roles.map(function (role) {
                     return role.roleName;