Merge branch 'IDAM-626-Bump-Client-app-dependencies-to-clear-dependabot-PRs' of https://github.com/nice-digital/identity-hostedpages into IDAM-626-Bump-Client-app-dependencies-to-clear-dependabot-PRs

Author: johnholland-nice

custom-pages/actions/MFA Options.json

@@ -0,0 +1,23 @@
+{
+  "name": "MFA Options",
+  "code": "actions\\MFA Options\\code.js",
+  "runtime": "node18-actions",
+  "status": "deployed",
+  "dependencies": [],
+  "staged_action_secrets": {
+    "mfa_exclusions_client_ids": ""
+  },
+  "secrets": [
+    {
+      "name": "mfa_exclusions_client_ids",
+      "value": ""
+    }
+  ],
+  "supported_triggers": [
+    {
+      "id": "post-login",
+      "version": "v3"
+    }
+  ],
+  "deployed": true
+}

custom-pages/actions/MFA Options/code.js

@@ -0,0 +1,46 @@
+/**
+ * Handler that will be called during the execution of a PostLogin flow.
+ *
+ * --- AUTH0 ACTIONS TEMPLATE https://github.com/auth0/opensource-marketplace/blob/main/templates/mfa-require-enrollment-POST_LOGIN ---
+ *
+ * @param {Event} event - Details about the user and the context in which they are logging in.
+ * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
+ */
+
+exports.onExecutePostLogin = async (event, api) => {
+  const mfa_exclusions = event.secrets.mfa_exclusions_client_ids
+    .replace(/\s+/g, '')
+    .split(',');
+  if (!mfa_exclusions.includes(event.client.client_id)) {
+    if (
+      event.connection.strategy !== 'waad' &&
+      event.connection.strategy !== 'google-oauth2'
+    ) {
+      const enrolledFactors = event.user.enrolledFactors.map((f) => ({
+        type: f.type,
+      }));
+      if (enrolledFactors.length < 2) {
+        api.authentication.enrollWith(
+          { type: 'otp' },
+          { additionalFactors: [{ type: 'recovery-code' }] }
+        );
+      } else {
+        api.authentication.challengeWith(
+          { type: 'email' },
+          { additionalFactors: enrolledFactors }
+        );
+      }
+      return;
+    }
+  }
+};
+
+/**
+ * Handler that will be invoked when this action is resuming after an external redirect. If your
+ * onExecutePostLogin function does not perform a redirect, this function can be safely ignored.
+ *
+ * @param {Event} event - Details about the user and the context in which they are logging in.
+ * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
+ */
+// exports.onContinuePostLogin = async (event, api) => {
+// };

custom-pages/clients/Comments.json

@@ -14,8 +14,8 @@
   "allowed_origins": [],
   "client_id": "",
   "client_secret": "",
-  "client_metadata": {	
-    "authorise_uri": ""	
+  "client_metadata": {
+    "authorise_uri": ""
   },
   "jwt_configuration": {
     "alg": "RS256",
@@ -24,11 +24,7 @@
   },
   "token_endpoint_auth_method": "client_secret_post",
   "app_type": "regular_web",
-  "grant_types": [
-    "authorization_code",
-    "refresh_token",
-    "client_credentials"
-  ],
+  "grant_types": ["authorization_code", "refresh_token", "client_credentials"],
   "web_origins": ["this will be deleted in the variable substitution"],
   "custom_login_page_on": false
 }

custom-pages/clients/ISS Monitoring.json

@@ -5,6 +5,7 @@
   "oidc_conformant": true,
   "sso_disabled": false,
   "cross_origin_auth": false,
+  "initiate_login_uri": "",
   "allowed_clients": [],
   "allowed_logout_urls": ["this will be deleted in the variable substitution"],
   "callbacks": ["this will be deleted in the variable substitution"],
@@ -28,10 +29,6 @@
   },
   "token_endpoint_auth_method": "client_secret_post",
   "app_type": "regular_web",
-  "grant_types": [
-    "authorization_code",
-    "refresh_token",
-    "client_credentials"
-  ],
+  "grant_types": ["authorization_code", "refresh_token", "client_credentials"],
   "custom_login_page_on": true
-}
+}

custom-pages/clients/InDev.json

@@ -5,6 +5,7 @@
   "oidc_conformant": true,
   "sso_disabled": false,
   "cross_origin_auth": false,
+  "initiate_login_uri": "",
   "allowed_clients": [],
   "allowed_logout_urls": ["this will be deleted in the variable substitution"],
   "callbacks": ["this will be deleted in the variable substitution"],
@@ -32,10 +33,6 @@
   "client_aliases": [],
   "token_endpoint_auth_method": "client_secret_post",
   "app_type": "regular_web",
-  "grant_types": [
-    "authorization_code",
-    "refresh_token",
-    "client_credentials"
-  ],
+  "grant_types": ["authorization_code", "refresh_token", "client_credentials"],
   "custom_login_page_on": true
-}
+}

custom-pages/clients/Publications.json

@@ -5,6 +5,7 @@
   "oidc_conformant": true,
   "sso_disabled": false,
   "cross_origin_auth": false,
+  "initiate_login_uri": "",
   "allowed_clients": [],
   "allowed_logout_urls": ["this will be deleted in the variable substitution"],
   "callbacks": ["this will be deleted in the variable substitution"],
@@ -28,10 +29,6 @@
   },
   "token_endpoint_auth_method": "client_secret_post",
   "app_type": "regular_web",
-  "grant_types": [
-    "authorization_code",
-    "refresh_token",
-    "client_credentials"
-  ],
+  "grant_types": ["authorization_code", "refresh_token", "client_credentials"],
   "custom_login_page_on": true
-}
+}

custom-pages/guardian/factors/email.json

@@ -0,0 +1,4 @@
+{
+  "name": "email",
+  "enabled": true
+}

custom-pages/guardian/factors/otp.json

@@ -0,0 +1,4 @@
+{
+  "name": "otp",
+  "enabled": true
+}

custom-pages/guardian/factors/recovery-code.json

@@ -0,0 +1,4 @@
+{
+  "name": "recovery-code",
+  "enabled": true
+}

custom-pages/pages/guardian_multifactor.html

@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>2nd Factor Authentication</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <style type="text/css">
+
+    html, body { padding: 0; margin: 0; }
+    .test {}
+    .table {
+      display: table;
+      position: absolute;
+      height: 100%;
+      width: 100%;
+      background-color: {{ pageBackgroundColor | default: '#2b2b33' }};
+    }
+
+    .cell {
+      display: table-cell;
+      vertical-align: middle;
+    }
+
+    .content {
+      padding: 25px 0px 25px 0px;
+      margin-left: auto;
+      margin-right: auto;
+      width: 280px; /* login widget width */
+    }
+
+  </style>
+</head>
+
+<body>
+
+  <div class="table">
+    <div class="cell">
+      <div class="content">
+        <!-- WIDGET -->
+        <div class="js-mfa-container mfa-container" id="container"></div>
+      </div>
+    </div>
+  </div>
+
+  <script src="//cdn.auth0.com/js/mfa-widget/mfa-widget-1.6.min.js"></script>
+
+  <script>
+    (function() {
+      return new Auth0MFAWidget({
+        container: "container",
+
+        theme: {
+          icon: "{{ iconUrl | default: 'https://indepth.nice.org.uk/logos/assets/yIOHC7Oexa/logo-landscape-800x281-800x281.png' }}",
+          primaryColor: "{{ primaryColor | default: '#228096' }}"
+        },
+
+        requesterErrors: [
+          {% for error in errors %}
+            { message: "{{ error.message }}", errorCode: "{{ error.code }}" }
+          {% endfor %}
+        ],
+
+        mfaServerUrl: "{{ mfaServerUrl }}",
+        {% if ticket %}
+        ticket: "{{ ticket }}",
+        {% else %}
+        requestToken: "{{ requestToken }}",
+        {% endif %}
+        postActionURL: "{{ postActionURL }}",
+
+        userData: {
+          userId: "{{ userData.userId }}",
+          email: "{{ userData.email }}",
+          friendlyUserId: "{{ userData.friendlyUserId }}",
+          tenant: "{{ userData.tenant }}",
+          {% if userData.tenantFriendlyName %}
+          tenantFriendlyName: "{{ userData.tenantFriendlyName }}"
+          {% endif %}
+        },
+        globalTrackingId: "{{ globalTrackingId }}",
+        {% if allowRememberBrowser %}allowRememberBrowser: {{ allowRememberBrowser }}, {% endif %}
+        {% if stateCheckingMechanism %}stateCheckingMechanism: "{{ stateCheckingMechanism }}", {% endif %}
+      });
+    })();
+  </script>
+</body>
+</html>