Update endpoint and add API to get password reset challenge

dist/cordova-auth0-plugin.js

@@ -1,7 +1,7 @@
 /**
  * auth0-js v9.25.0
  * Author: Auth0
- * Date: 2024-04-25
+ * Date: 2024-04-29
  * License: MIT
  */
 
@@ -504,46 +504,88 @@
   	return shams();
   };
 
+  var test = {
+  	foo: {}
+  };
+
+  var $Object = Object;
+
+  var hasProto = function hasProto() {
+  	return { __proto__: test }.foo === test.foo && !({ __proto__: null } instanceof $Object);
+  };
+
   /* eslint no-invalid-this: 1 */
 
   var ERROR_MESSAGE = 'Function.prototype.bind called on incompatible ';
-  var slice = Array.prototype.slice;
   var toStr = Object.prototype.toString;
+  var max = Math.max;
   var funcType = '[object Function]';
 
+  var concatty = function concatty(a, b) {
+      var arr = [];
+
+      for (var i = 0; i < a.length; i += 1) {
+          arr[i] = a[i];
+      }
+      for (var j = 0; j < b.length; j += 1) {
+          arr[j + a.length] = b[j];
+      }
+
+      return arr;
+  };
+
+  var slicy = function slicy(arrLike, offset) {
+      var arr = [];
+      for (var i = offset || 0, j = 0; i < arrLike.length; i += 1, j += 1) {
+          arr[j] = arrLike[i];
+      }
+      return arr;
+  };
+
+  var joiny = function (arr, joiner) {
+      var str = '';
+      for (var i = 0; i < arr.length; i += 1) {
+          str += arr[i];
+          if (i + 1 < arr.length) {
+              str += joiner;
+          }
+      }
+      return str;
+  };
+
   var implementation = function bind(that) {
       var target = this;
-      if (typeof target !== 'function' || toStr.call(target) !== funcType) {
+      if (typeof target !== 'function' || toStr.apply(target) !== funcType) {
           throw new TypeError(ERROR_MESSAGE + target);
       }
-      var args = slice.call(arguments, 1);
+      var args = slicy(arguments, 1);
 
       var bound;
       var binder = function () {
           if (this instanceof bound) {
               var result = target.apply(
                   this,
-                  args.concat(slice.call(arguments))
+                  concatty(args, arguments)
               );
               if (Object(result) === result) {
                   return result;
               }
               return this;
-          } else {
-              return target.apply(
-                  that,
-                  args.concat(slice.call(arguments))
-              );
           }
+          return target.apply(
+              that,
+              concatty(args, arguments)
+          );
+
       };
 
-      var boundLength = Math.max(0, target.length - args.length);
+      var boundLength = max(0, target.length - args.length);
       var boundArgs = [];
       for (var i = 0; i < boundLength; i++) {
-          boundArgs.push('$' + i);
+          boundArgs[i] = '$' + i;
       }
 
-      bound = Function('binder', 'return function (' + boundArgs.join(',') + '){ return binder.apply(this,arguments); }')(binder);
+      bound = Function('binder', 'return function (' + joiny(boundArgs, ',') + '){ return binder.apply(this,arguments); }')(binder);
 
       if (target.prototype) {
           var Empty = function Empty() {};
@@ -602,18 +644,23 @@
   	: throwTypeError;
 
   var hasSymbols$1 = hasSymbols();
+  var hasProto$1 = hasProto();
 
-  var getProto = Object.getPrototypeOf || function (x) { return x.__proto__; }; // eslint-disable-line no-proto
+  var getProto = Object.getPrototypeOf || (
+  	hasProto$1
+  		? function (x) { return x.__proto__; } // eslint-disable-line no-proto
+  		: null
+  );
 
   var needsEval = {};
 
-  var TypedArray = typeof Uint8Array === 'undefined' ? undefined$1 : getProto(Uint8Array);
+  var TypedArray = typeof Uint8Array === 'undefined' || !getProto ? undefined$1 : getProto(Uint8Array);
 
   var INTRINSICS = {
   	'%AggregateError%': typeof AggregateError === 'undefined' ? undefined$1 : AggregateError,
   	'%Array%': Array,
   	'%ArrayBuffer%': typeof ArrayBuffer === 'undefined' ? undefined$1 : ArrayBuffer,
-  	'%ArrayIteratorPrototype%': hasSymbols$1 ? getProto([][Symbol.iterator]()) : undefined$1,
+  	'%ArrayIteratorPrototype%': hasSymbols$1 && getProto ? getProto([][Symbol.iterator]()) : undefined$1,
   	'%AsyncFromSyncIteratorPrototype%': undefined$1,
   	'%AsyncFunction%': needsEval,
   	'%AsyncGenerator%': needsEval,
@@ -643,10 +690,10 @@
   	'%Int32Array%': typeof Int32Array === 'undefined' ? undefined$1 : Int32Array,
   	'%isFinite%': isFinite,
   	'%isNaN%': isNaN,
-  	'%IteratorPrototype%': hasSymbols$1 ? getProto(getProto([][Symbol.iterator]())) : undefined$1,
+  	'%IteratorPrototype%': hasSymbols$1 && getProto ? getProto(getProto([][Symbol.iterator]())) : undefined$1,
   	'%JSON%': typeof JSON === 'object' ? JSON : undefined$1,
   	'%Map%': typeof Map === 'undefined' ? undefined$1 : Map,
-  	'%MapIteratorPrototype%': typeof Map === 'undefined' || !hasSymbols$1 ? undefined$1 : getProto(new Map()[Symbol.iterator]()),
+  	'%MapIteratorPrototype%': typeof Map === 'undefined' || !hasSymbols$1 || !getProto ? undefined$1 : getProto(new Map()[Symbol.iterator]()),
   	'%Math%': Math,
   	'%Number%': Number,
   	'%Object%': Object,
@@ -659,10 +706,10 @@
   	'%Reflect%': typeof Reflect === 'undefined' ? undefined$1 : Reflect,
   	'%RegExp%': RegExp,
   	'%Set%': typeof Set === 'undefined' ? undefined$1 : Set,
-  	'%SetIteratorPrototype%': typeof Set === 'undefined' || !hasSymbols$1 ? undefined$1 : getProto(new Set()[Symbol.iterator]()),
+  	'%SetIteratorPrototype%': typeof Set === 'undefined' || !hasSymbols$1 || !getProto ? undefined$1 : getProto(new Set()[Symbol.iterator]()),
   	'%SharedArrayBuffer%': typeof SharedArrayBuffer === 'undefined' ? undefined$1 : SharedArrayBuffer,
   	'%String%': String,
-  	'%StringIteratorPrototype%': hasSymbols$1 ? getProto(''[Symbol.iterator]()) : undefined$1,
+  	'%StringIteratorPrototype%': hasSymbols$1 && getProto ? getProto(''[Symbol.iterator]()) : undefined$1,
   	'%Symbol%': hasSymbols$1 ? Symbol : undefined$1,
   	'%SyntaxError%': $SyntaxError,
   	'%ThrowTypeError%': ThrowTypeError,
@@ -678,12 +725,14 @@
   	'%WeakSet%': typeof WeakSet === 'undefined' ? undefined$1 : WeakSet
   };
 
-  try {
-  	null.error; // eslint-disable-line no-unused-expressions
-  } catch (e) {
-  	// https://github.com/tc39/proposal-shadowrealm/pull/384#issuecomment-1364264229
-  	var errorProto = getProto(getProto(e));
-  	INTRINSICS['%Error.prototype%'] = errorProto;
+  if (getProto) {
+  	try {
+  		null.error; // eslint-disable-line no-unused-expressions
+  	} catch (e) {
+  		// https://github.com/tc39/proposal-shadowrealm/pull/384#issuecomment-1364264229
+  		var errorProto = getProto(getProto(e));
+  		INTRINSICS['%Error.prototype%'] = errorProto;
+  	}
   }
 
   var doEval = function doEval(name) {
@@ -701,7 +750,7 @@
   		}
   	} else if (name === '%AsyncIteratorPrototype%') {
   		var gen = doEval('%AsyncGenerator%');
-  		if (gen) {
+  		if (gen && getProto) {
   			value = getProto(gen.prototype);
   		}
   	}
@@ -1894,7 +1943,6 @@
   };
 
   var isArray$3 = Array.isArray;
-  var split = String.prototype.split;
   var push = Array.prototype.push;
   var pushToArray = function (arr, valueOrArray) {
       push.apply(arr, isArray$3(valueOrArray) ? valueOrArray : [valueOrArray]);
@@ -1996,14 +2044,6 @@
       if (isNonNullishPrimitive(obj) || utils.isBuffer(obj)) {
           if (encoder) {
               var keyValue = encodeValuesOnly ? prefix : encoder(prefix, defaults.encoder, charset, 'key', format);
-              if (generateArrayPrefix === 'comma' && encodeValuesOnly) {
-                  var valuesArray = split.call(String(obj), ',');
-                  var valuesJoined = '';
-                  for (var i = 0; i < valuesArray.length; ++i) {
-                      valuesJoined += (i === 0 ? '' : ',') + formatter(encoder(valuesArray[i], defaults.encoder, charset, 'value', format));
-                  }
-                  return [formatter(keyValue) + (commaRoundTrip && isArray$3(obj) && valuesArray.length === 1 ? '[]' : '') + '=' + valuesJoined];
-              }
               return [formatter(keyValue) + '=' + formatter(encoder(obj, defaults.encoder, charset, 'value', format))];
           }
           return [formatter(prefix) + '=' + formatter(String(obj))];
@@ -2018,6 +2058,9 @@
       var objKeys;
       if (generateArrayPrefix === 'comma' && isArray$3(obj)) {
           // we need to join elements in
+          if (encodeValuesOnly && encoder) {
+              obj = utils.maybeMap(obj, encoder);
+          }
           objKeys = [{ value: obj.length > 0 ? obj.join(',') || null : void undefined }];
       } else if (isArray$3(filter)) {
           objKeys = filter;
@@ -2050,7 +2093,7 @@
               commaRoundTrip,
               strictNullHandling,
               skipNulls,
-              encoder,
+              generateArrayPrefix === 'comma' && encodeValuesOnly && isArray$3(obj) ? null : encoder,
               filter,
               sort,
               allowDots,
@@ -2247,7 +2290,8 @@
   var charsetSentinel = 'utf8=%E2%9C%93'; // encodeURIComponent('✓')
 
   var parseValues = function parseQueryStringValues(str, options) {
-      var obj = {};
+      var obj = { __proto__: null };
+
       var cleanStr = options.ignoreQueryPrefix ? str.replace(/^\?/, '') : str;
       var limit = options.parameterLimit === Infinity ? undefined : options.parameterLimit;
       var parts = cleanStr.split(options.delimiter, limit);

src/authentication/db-connection.js

@@ -124,14 +124,14 @@ DBConnection.prototype.changePassword = function (options, cb) {
     .end(responseHandler(cb));
 };
 
-DBConnection.prototype.getChallenge = function (cb) {
+DBConnection.prototype.getChangePasswordChallenge = function (cb) {
   assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });
 
   if (!this.baseOptions.state) {
     return cb();
   }
 
-  var url = urljoin(this.baseOptions.rootUrl, 'dbconnections', 'challenge');
+  var url = urljoin(this.baseOptions.rootUrl, 'dbconnections', 'change_password', 'challenge');
 
   return this.request
     .post(url)

src/web-auth/captcha.js

@@ -2,9 +2,15 @@
 import Authentication from '../authentication';
 import object from '../helper/object';
 
-var noop = function () {};
+var noop = function () { };
 var captchaSolved = noop;
 
+var Flow = {
+  DEFAULT: 'default',
+  PASSWORDLESS: 'passwordless',
+  PASSWORD_RESET: 'password_reset'
+};
+
 var RECAPTCHA_V2_PROVIDER = 'recaptcha_v2';
 var RECAPTCHA_ENTERPRISE_PROVIDER = 'recaptcha_enterprise';
 var HCAPTCHA_PROVIDER = 'hcaptcha';
@@ -340,10 +346,11 @@ function handleCaptchaProvider(element, options, challenge) {
 
 /**
  *
- * Renders the captcha challenge in the provided element.
+ * Renders the captcha challenge in the provided element based on the flow.
  *
  * @param {Authentication} auth0Client The challenge response from the authentication server
  * @param {HTMLElement} element The element where the captcha needs to be rendered
+ * @param {Flow} flow The flow for which the captcha needs to be rendered
  * @param {Object} options The configuration options for the captcha
  * @param {Object} [options.templates] An object containing templates for each captcha provider
  * @param {Function} [options.templates.auth0] template function receiving the challenge and returning a string
@@ -358,87 +365,19 @@ function handleCaptchaProvider(element, options, challenge) {
  * @param {Function} [callback] An optional callback called after captcha is loaded
  * @ignore
  */
-function render(auth0Client, element, options, callback) {
-  options = object.merge(defaults).with(options || {});
-  function load(done) {
-    done = done || noop;
-    auth0Client.getChallenge(function (err, challenge) {
-      if (err) {
-        element.innerHTML = options.templates.error(err);
-        return done(err);
-      }
-      if (!challenge.required) {
-        element.style.display = 'none';
-        element.innerHTML = '';
-        return;
-      }
-      element.style.display = '';
-      if (challenge.provider === AUTH0_PROVIDER) {
-        handleAuth0Provider(element, options, challenge, load);
-      } else if (
-        challenge.provider === RECAPTCHA_V2_PROVIDER ||
-        challenge.provider === RECAPTCHA_ENTERPRISE_PROVIDER ||
-        challenge.provider === HCAPTCHA_PROVIDER ||
-        challenge.provider === FRIENDLY_CAPTCHA_PROVIDER ||
-        challenge.provider === ARKOSE_PROVIDER ||
-        challenge.provider === AUTH0_V2_CAPTCHA_PROVIDER
-      ) {
-        handleCaptchaProvider(element, options, challenge);
-      }
-      if (challenge.provider === ARKOSE_PROVIDER) {
-        done(null, {
-          triggerCaptcha: function (solvedCallback) {
-            globalForCaptchaProvider(challenge.provider).run();
-            captchaSolved = solvedCallback;
-          }
-        });
-      } else {
-        done();
-      }
-    });
-  }
-
-  function getValue() {
-    var captchaInput = element.querySelector('input[name="captcha"]');
-    if (!captchaInput) {
-      return;
-    }
-    return captchaInput.value;
+function render(auth0Client, flow, element, options, callback) {
+  var getChallengeFunc;
+  if (flow === Flow.PASSWORDLESS) {
+    getChallengeFunc = auth0Client.passwordless.getChallenge;
+  } else if (flow === Flow.PASSWORD_RESET) {
+    getChallengeFunc = auth0Client.dbConnection.getChangePasswordChallenge;
+  } else {
+    getChallengeFunc = auth0Client.getChallenge;
   }
-
-  load(callback);
-
-  return {
-    reload: load,
-    getValue: getValue
-  };
-}
-
-/**
- *
- * Renders the passwordless captcha challenge in the provided element.
- *
- * @param {Authentication} auth0Client The challenge response from the authentication server
- * @param {HTMLElement} element The element where the captcha needs to be rendered
- * @param {Object} options The configuration options for the captcha
- * @param {Object} [options.templates] An object containing templates for each captcha provider
- * @param {Function} [options.templates.auth0] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.recaptcha_v2] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.recaptcha_enterprise] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.hcaptcha] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.friendly_captcha] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.arkose] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.auth0_v2] template function receiving the challenge and returning a string
- * @param {Function} [options.templates.error] template function returning a custom error message when the challenge could not be fetched, receives the error as first argument
- * @param {String} [options.lang=en] the ISO code of the language for recaptcha
- * @param {Function} [callback] An optional callback called after captcha is loaded
- * @ignore
- */
-function renderPasswordless(auth0Client, element, options, callback) {
   options = object.merge(defaults).with(options || {});
   function load(done) {
     done = done || noop;
-    auth0Client.passwordless.getChallenge(function (err, challenge) {
+    getChallengeFunc(function (err, challenge) {
       if (err) {
         element.innerHTML = options.templates.error(err);
         return done(err);
@@ -490,4 +429,5 @@ function renderPasswordless(auth0Client, element, options, callback) {
   };
 }
 
-export default { render: render, renderPasswordless: renderPasswordless };
+
+export default { render, Flow };