[IAMRISK-2916] Added support for Auth0 v2 captcha provider (#1368)

Co-authored-by: Frederik Prijck <[email protected]>
auth0 · Dec 13, 2023 · f5e1f71 · f5e1f71
1 parent f54cf1b
commit f5e1f71
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 26 deletions.
diff --git a/src/web-auth/captcha.js b/src/web-auth/captcha.js
@@ -11,6 +11,7 @@ var HCAPTCHA_PROVIDER = 'hcaptcha';
 var FRIENDLY_CAPTCHA_PROVIDER = 'friendly_captcha';
 var ARKOSE_PROVIDER = 'arkose';
 var AUTH0_PROVIDER = 'auth0';
+var AUTH0_V2_CAPTCHA_PROVIDER = 'auth0_v2';
 var MAX_RETRY = 3;
 
 var defaults = {
@@ -50,6 +51,9 @@ var defaults = {
     arkose: function () {
       return '<div class="arkose" ></div><input type="hidden" name="captcha" />';
     },
+    auth0_v2: function () {
+      return '<div class="auth0_v2" ></div><input type="hidden" name="captcha" />';
+    },
     error: function () {
       return '<div class="error" style="color: red;">Error getting the bot detection challenge. Please contact the system administrator.</div>';
     }
@@ -78,6 +82,8 @@ function globalForCaptchaProvider(provider) {
       return window.friendlyChallenge;
     case ARKOSE_PROVIDER:
       return window.arkose;
+    case AUTH0_V2_CAPTCHA_PROVIDER:
+      return window.turnstile;
     /* istanbul ignore next */
     default:
       throw new Error('Unknown captcha provider');
@@ -120,6 +126,11 @@ function scriptForCaptchaProvider(
         siteKey +
         '/api.js'
       );
+    case AUTH0_V2_CAPTCHA_PROVIDER:
+      return (
+        'https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit&onload=' +
+        callback
+      );
     /* istanbul ignore next */
     default:
       throw new Error('Unknown captcha provider');
@@ -238,6 +249,9 @@ function handleCaptchaProvider(element, options, challenge) {
     case ARKOSE_PROVIDER:
       captchaClass = '.arkose';
       break;
+    case AUTH0_V2_CAPTCHA_PROVIDER:
+      captchaClass = '.auth0_v2';
+      break;
   }
   var captchaDiv = element.querySelector(captchaClass);
 
@@ -285,7 +299,7 @@ function handleCaptchaProvider(element, options, challenge) {
           }
         });
       } else {
-        widgetId = global.render(captchaDiv, {
+        var renderParams = {
           callback: setValue,
           'expired-callback': function () {
             setValue();
@@ -294,7 +308,12 @@ function handleCaptchaProvider(element, options, challenge) {
             setValue();
           },
           sitekey: challenge.siteKey
-        });
+        };
+        if (challenge.provider === AUTH0_V2_CAPTCHA_PROVIDER) {
+          renderParams.language = options.lang;
+          renderParams.theme = 'light';
+        }
+        widgetId = global.render(captchaDiv, renderParams);
         element.setAttribute('data-wid', widgetId);
       }
     },
@@ -316,6 +335,7 @@ function handleCaptchaProvider(element, options, challenge) {
  * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
  * @param {String} [options.lang=en] the ISO code of the language for recaptcha
  * @param {Function} [callback] An optional callback called after captcha is loaded
@@ -343,7 +363,8 @@ function render(auth0Client, element, options, callback) {
         challenge.provider === RECAPTCHA_ENTERPRISE_PROVIDER ||
         challenge.provider === HCAPTCHA_PROVIDER ||
         challenge.provider === FRIENDLY_CAPTCHA_PROVIDER ||
-        challenge.provider === ARKOSE_PROVIDER
+        challenge.provider === ARKOSE_PROVIDER ||
+        challenge.provider === AUTH0_V2_CAPTCHA_PROVIDER
       ) {
         handleCaptchaProvider(element, options, challenge);
       }
@@ -390,6 +411,7 @@ function render(auth0Client, element, options, callback) {
  * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
  * @param {String} [options.lang=en] the ISO code of the language for recaptcha
  * @param {Function} [callback] An optional callback called after captcha is loaded
@@ -417,7 +439,8 @@ function renderPasswordless(auth0Client, element, options, callback) {
         challenge.provider === RECAPTCHA_ENTERPRISE_PROVIDER ||
         challenge.provider === HCAPTCHA_PROVIDER ||
         challenge.provider === FRIENDLY_CAPTCHA_PROVIDER ||
-        challenge.provider === ARKOSE_PROVIDER
+        challenge.provider === ARKOSE_PROVIDER ||
+        challenge.provider === AUTH0_V2_CAPTCHA_PROVIDER
       ) {
         handleCaptchaProvider(element, options, challenge);
       }

diff --git a/src/web-auth/index.js b/src/web-auth/index.js
@@ -1151,6 +1151,7 @@ WebAuth.prototype.passwordlessVerify = function (options, cb) {
  * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
  * @param {String} [options.lang=en] the ISO code of the language for the captcha provider
  * @param {captchaLoadedCallback} [callback] An optional callback called after captcha is loaded
@@ -1175,6 +1176,7 @@ WebAuth.prototype.renderCaptcha = function (element, options, callback) {
  * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
+ * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
  * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
  * @param {String} [options.lang=en] the ISO code of the language for the captcha provider
  * @param {captchaLoadedCallback} [callback] An optional callback called after captcha is loaded

diff --git a/test/web-auth/captcha.test.js b/test/web-auth/captcha.test.js
@@ -192,12 +192,14 @@ describe('captcha rendering', function () {
   const HCAPTCHA_PROVIDER = 'hcaptcha';
   const FRIENDLY_CAPTCHA_PROVIDER = 'friendly_captcha';
   const ARKOSE_PROVIDER = 'arkose';
+  const AUTH0_V2_CAPTCHA_PROVIDER = 'auth0_v2';
 
   [
     RECAPTCHA_V2_PROVIDER,
     RECAPTCHA_ENTERPRISE_PROVIDER,
     HCAPTCHA_PROVIDER,
-    FRIENDLY_CAPTCHA_PROVIDER
+    FRIENDLY_CAPTCHA_PROVIDER,
+    AUTH0_V2_CAPTCHA_PROVIDER
   ].forEach(provider => {
     const getScript = () => {
       switch (provider) {
@@ -209,19 +211,19 @@ describe('captcha rendering', function () {
           return 'enterprise.js';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'widget.min.js';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'api.js';
       }
     };
     const getHostname = () => {
-      switch (provider) {
-        case RECAPTCHA_V2_PROVIDER:
-          return 'recaptcha.net';
-        case RECAPTCHA_ENTERPRISE_PROVIDER:
-          return 'recaptcha.net';
-        case HCAPTCHA_PROVIDER:
-          return 'hcaptcha.com';
-        case FRIENDLY_CAPTCHA_PROVIDER:
-          return 'jsdelivr.net';
+      const hosts = {
+        [RECAPTCHA_V2_PROVIDER]: 'recaptcha.net',
+        [RECAPTCHA_ENTERPRISE_PROVIDER]: 'recaptcha.net',
+        [HCAPTCHA_PROVIDER]: 'hcaptcha.com',
+        [FRIENDLY_CAPTCHA_PROVIDER]: 'jsdelivr.net',
+        [AUTH0_V2_CAPTCHA_PROVIDER]: 'cloudflare.com'
       }
+      return hosts[provider];
     };
     const getSubdomain = () => {
       switch (provider) {
@@ -233,6 +235,8 @@ describe('captcha rendering', function () {
           return 'js';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'cdn';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'challenges';
       }
     };
     const getPath = () => {
@@ -245,6 +249,8 @@ describe('captcha rendering', function () {
           return '1';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'npm/[email protected]';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'turnstile/v0';
       }
     };
     const setMockGlobal = mock => {
@@ -261,6 +267,9 @@ describe('captcha rendering', function () {
         case FRIENDLY_CAPTCHA_PROVIDER:
           window.friendlyChallenge = mock;
           break;
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          window.turnstile = mock;
+          break;
       }
     };
     describe(`when challenge is required and provider is ${provider}`, function () {
@@ -303,8 +312,13 @@ describe('captcha rendering', function () {
           `${getSubdomain()}.${getHostname()}`
         );
         expect(scriptUrl.pathname).to.equal(`/${getPath()}/${getScript()}`);
-        if (provider !== FRIENDLY_CAPTCHA_PROVIDER) {
+        if (
+          provider !== FRIENDLY_CAPTCHA_PROVIDER &&
+          provider !== AUTH0_V2_CAPTCHA_PROVIDER
+        ) {
           expect(scriptUrl.query.hl).to.equal('en');
+        }
+        if (provider !== FRIENDLY_CAPTCHA_PROVIDER) {
           expect(scriptUrl.query).to.have.property('onload');
         }
       });
@@ -748,12 +762,14 @@ describe('passwordless captcha rendering', function () {
   const HCAPTCHA_PROVIDER = 'hcaptcha';
   const FRIENDLY_CAPTCHA_PROVIDER = 'friendly_captcha';
   const ARKOSE_PROVIDER = 'arkose';
+  const AUTH0_V2_CAPTCHA_PROVIDER = 'auth0_v2';
 
   [
     RECAPTCHA_V2_PROVIDER,
     RECAPTCHA_ENTERPRISE_PROVIDER,
     HCAPTCHA_PROVIDER,
-    FRIENDLY_CAPTCHA_PROVIDER
+    FRIENDLY_CAPTCHA_PROVIDER,
+    AUTH0_V2_CAPTCHA_PROVIDER
   ].forEach(provider => {
     const getScript = () => {
       switch (provider) {
@@ -765,19 +781,19 @@ describe('passwordless captcha rendering', function () {
           return 'enterprise.js';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'widget.min.js';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'api.js';
       }
     };
     const getHostname = () => {
-      switch (provider) {
-        case RECAPTCHA_V2_PROVIDER:
-          return 'recaptcha.net';
-        case RECAPTCHA_ENTERPRISE_PROVIDER:
-          return 'recaptcha.net';
-        case HCAPTCHA_PROVIDER:
-          return 'hcaptcha.com';
-        case FRIENDLY_CAPTCHA_PROVIDER:
-          return 'jsdelivr.net';
+      const hosts = {
+        [RECAPTCHA_V2_PROVIDER]: 'recaptcha.net',
+        [RECAPTCHA_ENTERPRISE_PROVIDER]: 'recaptcha.net',
+        [HCAPTCHA_PROVIDER]: 'hcaptcha.com',
+        [FRIENDLY_CAPTCHA_PROVIDER]: 'jsdelivr.net',
+        [AUTH0_V2_CAPTCHA_PROVIDER]: 'cloudflare.com'
       }
+      return hosts[provider];
     };
     const getSubdomain = () => {
       switch (provider) {
@@ -789,6 +805,8 @@ describe('passwordless captcha rendering', function () {
           return 'js';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'cdn';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'challenges';
       }
     };
     const getPath = () => {
@@ -801,6 +819,8 @@ describe('passwordless captcha rendering', function () {
           return '1';
         case FRIENDLY_CAPTCHA_PROVIDER:
           return 'npm/[email protected]';
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          return 'turnstile/v0';
       }
     };
     const setMockGlobal = mock => {
@@ -817,6 +837,9 @@ describe('passwordless captcha rendering', function () {
         case FRIENDLY_CAPTCHA_PROVIDER:
           window.friendlyChallenge = mock;
           break;
+        case AUTH0_V2_CAPTCHA_PROVIDER:
+          window.turnstile = mock;
+          break;
       }
     };
     describe(`when challenge is required and provider is ${provider}`, function () {
@@ -861,8 +884,13 @@ describe('passwordless captcha rendering', function () {
           `${getSubdomain()}.${getHostname()}`
         );
         expect(scriptUrl.pathname).to.equal(`/${getPath()}/${getScript()}`);
-        if (provider !== FRIENDLY_CAPTCHA_PROVIDER) {
+        if (
+          provider !== FRIENDLY_CAPTCHA_PROVIDER &&
+          provider !== AUTH0_V2_CAPTCHA_PROVIDER
+        ) {
           expect(scriptUrl.query.hl).to.equal('en');
+        }
+        if (provider !== FRIENDLY_CAPTCHA_PROVIDER) {
           expect(scriptUrl.query).to.have.property('onload');
         }
       });