[IAMRISK-3539] Use signup captcha enforcement endpoint for signup flow

auth0 · Sep 19, 2024 · b1d7df7 · b1d7df7
1 parent 1cf70cc
commit b1d7df7
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 10 deletions.
diff --git a/src/connection/captcha.js b/src/connection/captcha.js
@@ -6,13 +6,14 @@ import webApi from '../core/web_api';
 
 export const Flow = Object.freeze({
   DEFAULT: 'default',
+  SIGNUP: 'signup',
   PASSWORDLESS: 'passwordless',
   PASSWORD_RESET: 'password_reset',
 });
 
 /**
  * Return the captcha config object based on the type of flow.
- * 
+ *
  * @param {Object} m model
  * @param {Flow} flow Which flow the captcha is being rendered in
  */
@@ -21,6 +22,8 @@ export function getCaptchaConfig(m, flow) {
     return l.passwordResetCaptcha(m);
   } else if (flow === Flow.PASSWORDLESS) {
     return l.passwordlessCaptcha(m);
+  } else if (flow === Flow.SIGNUP) {
+    return l.signupCaptcha(m);
   } else {
     return l.captcha(m);
   }
@@ -42,7 +45,7 @@ export function showMissingCaptcha(m, id, flow = Flow.DEFAULT) {
     captchaConfig.get('provider') === 'hcaptcha' ||
     captchaConfig.get('provider') === 'auth0_v2' ||
     captchaConfig.get('provider') === 'friendly_captcha' ||
-    captchaConfig.get('provider') === 'arkose' 
+    captchaConfig.get('provider') === 'arkose'
   ) ? 'invalid_recaptcha' : 'invalid_captcha';
 
   const errorMessage = i18n.html(m, ['error', 'login', captchaError]);
@@ -110,6 +113,15 @@ export function swapCaptcha(id, flow, wasInvalid, next) {
         next();
       }
     });
+  } else if (flow === Flow.SIGNUP) {
+    return webApi.getSignupChallenge(id, (err, newCaptcha) => {
+      if (!err && newCaptcha) {
+        swap(updateEntity, 'lock', id, l.setSignupChallenge, newCaptcha, wasInvalid);
+      }
+      if (next) {
+        next();
+      }
+    });
   } else {
     return webApi.getChallenge(id, (err, newCaptcha) => {
       if (!err && newCaptcha) {

diff --git a/src/connection/database/actions.js b/src/connection/database/actions.js
@@ -290,7 +290,7 @@ export function resetPasswordSuccess(id) {
 function resetPasswordError(id, error) {
   const m = read(getEntity, 'lock', id);
   let key = error.code;
-  
+
   if (error.code === 'invalid_captcha') {
     const captchaConfig = l.passwordResetCaptcha(m);
     key = (
@@ -302,7 +302,7 @@ function resetPasswordError(id, error) {
   const errorMessage =
     i18n.html(m, ['error', 'forgotPassword', key]) ||
     i18n.html(m, ['error', 'forgotPassword', 'lock.fallback']);
-  
+
   swapCaptcha(id, Flow.PASSWORD_RESET, error.code === 'invalid_captcha', () => {
     swap(updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
   });
@@ -322,12 +322,12 @@ export function showLoginActivity(id, fields = ['password']) {
 
 export function showSignUpActivity(id, fields = ['password']) {
   const m = read(getEntity, 'lock', id);
-  const captchaConfig = l.captcha(m);
+  const captchaConfig = l.signupCaptcha(m);
   if (captchaConfig && captchaConfig.get('provider') === 'arkose') {
     swap(updateEntity, 'lock', id, setScreen, 'signUp', fields);
   } else {
-    swapCaptcha(id, 'login', false, () => {
-      swap(updateEntity, 'lock', id, setScreen, 'signUp', fields);
+    swapCaptcha(id, Flow.SIGNUP, false, () => {
+      swap(updateEntity, 'lock', id, setScreen, Flow.SIGNUP, fields);
     });
   }
 }

diff --git a/src/core/index.js b/src/core/index.js
@@ -421,6 +421,11 @@ export function setCaptcha(m, value, wasInvalid) {
   return set(m, 'captcha', Immutable.fromJS(value));
 }
 
+export function setSignupChallenge(m, value, wasInvalid) {
+  m = captchaField.reset(m, wasInvalid);
+  return set(m, 'signupCaptcha', Immutable.fromJS(value));
+}
+
 export function setPasswordlessCaptcha(m, value, wasInvalid) {
   m = captchaField.reset(m, wasInvalid);
   return set(m, 'passwordlessCaptcha', Immutable.fromJS(value));
@@ -435,6 +440,10 @@ export function captcha(m) {
   return get(m, 'captcha');
 }
 
+export function signupCaptcha(m) {
+  return get(m, 'signupCaptcha');
+}
+
 export function passwordlessCaptcha(m) {
   return get(m, 'passwordlessCaptcha');
 }

diff --git a/src/core/remote_data.js b/src/core/remote_data.js
@@ -7,6 +7,7 @@ import { isADEnabled } from '../connection/enterprise'; // shouldn't depend on t
 import sync, { isSuccess } from '../sync';
 import webApi from './web_api';
 import { setCaptcha, setPasswordlessCaptcha, setPasswordResetCaptcha } from '../core/index';
+import { setSignupChallenge } from './index';
 
 export function syncRemoteData(m) {
   if (l.useTenantInfo(m)) {
@@ -60,6 +61,15 @@ export function syncRemoteData(m) {
     successFn: setCaptcha
   });
 
+  m = sync(m, 'signupCaptcha', {
+    syncFn: (m, cb) => {
+      webApi.getSignupChallenge(m.get('id'), (err, r) => {
+        cb(null, r);
+      });
+    },
+    successFn: setSignupChallenge
+  });
+
   m = sync(m, 'passwordlessCaptcha', {
     syncFn: (m, cb) => {
       webApi.getPasswordlessChallenge(m.get('id'), (err, r) => {

diff --git a/src/core/web_api.js b/src/core/web_api.js
@@ -60,6 +60,10 @@ class Auth0WebAPI {
     return this.clients[lockID].getChallenge(callback);
   }
 
+  getSignupChallenge(lockID, callback) {
+    return this.clients[lockID].getSignupChallenge(callback);
+  }
+
   getPasswordlessChallenge(lockID, callback) {
     return this.clients[lockID].getPasswordlessChallenge(callback);
   }

diff --git a/src/core/web_api/p2_api.js b/src/core/web_api/p2_api.js
@@ -195,6 +195,10 @@ class Auth0APIClient {
     return this.client.client.getChallenge(...params);
   }
 
+  getSignupChallenge(...params) {
+    return this.client.client.dbConnection.getSignupChallenge(...params);
+  }
+
   getPasswordlessChallenge(...params) {
     return this.client.client.passwordless.getChallenge(...params);
   }

diff --git a/src/engine/classic/sign_up_pane.jsx b/src/engine/classic/sign_up_pane.jsx
@@ -64,12 +64,14 @@ export default class SignUpPane extends React.Component {
       ));
 
     const captchaPane =
-      l.captcha(model) &&
-      l.captcha(model).get('required') &&
+      l.signupCaptcha(model) &&
+      l.signupCaptcha(model).get('required') &&
       (isHRDDomain(model, databaseUsernameValue(model)) || !sso) ? (
-        <CaptchaPane i18n={i18n} lock={model} onReload={() => swapCaptcha(l.id(model), Flow.DEFAULT, false)} />
+        <CaptchaPane i18n={i18n} lock={model} onReload={() => swapCaptcha(l.id(model), Flow.SIGNUP, false)} />
       ) : null;
 
+    console.log('banana we should be here in signuppane', captchaPane);
+
     const passwordPane = !onlyEmail && (
       <PasswordPane
         i18n={i18n}

diff --git a/src/engine/classic/sign_up_screen.jsx b/src/engine/classic/sign_up_screen.jsx
@@ -51,6 +51,8 @@ const Component = ({ i18n, model }) => {
     ? 'databaseAlternativeSignUpInstructions'
     : 'databaseSignUpInstructions';
 
+  console.log('this is in signupscreen banana we should be here')
+
   const db = (l.hasSomeConnections(model, 'database') ||
     l.hasSomeConnections(model, 'enterprise')) && (
     <SignUpPane