Fix and release EVA rule as v0.16.1 (#272)

* Update EVA rule header with listing URL and fix formatting

* fix: misleading line break warning in Rules editor

* 0.16.1

* Compiled Rules JSON

package.json

@@ -1,6 +1,6 @@
 {
   "name": "rules-templates",
-  "version": "0.16.0",
+  "version": "0.16.1",
   "description": "Auth0 Rules Repository",
   "main": "./rules",
   "scripts": {

rules.json

@@ -643,8 +643,8 @@
         "categories": [
           "marketplace"
         ],
-        "description": "<pre><code>all configuration items are optional:\nAURAYA_URL = optional. EVA endpoint, typically: https://eva-web.mydomain.com/server/oauth\nAURAYA_CLIENT_ID = optional. JWT client id on the EVA server (and this server)\nAURAYA_CLIENT_SECRET = optional. JWT client secret on the EVA server (and this server)\nAURAYA_ISSUER = optional. this app (or \"issuer\")\n\nAURAYA_RANDOM_DIGITS = optional. true|false whether to prompt for random digits\nAURAYA_COMMON_DIGITS = optional. true|false whether to prompt for common digits\nAURAYA_PERSONAL_DIGITS = optional. a user.user_metadata property that contains digits such as phone_number\nAURAYA_COMMON_DIGITS_PROMPT = optional. a digit string to prompt for common digits (e.g '987654321')\nAURAYA_PERSONAL_DIGITS_PROMPT = optional. a string to prompt for personal digits (e.g 'your cell number')\n\nAURAYA_DEBUG = optional. if set, controls detailed debug output\n</code></pre>",
-        "code": "function evaVoiceBiometric(user, context, callback) {\n  const debug = typeof configuration.AURAYA_DEBUG !== 'undefined';\n  if (debug) {\n    console.log(user);\n    console.log(context);\n    console.log(configuration);\n  }\n\n  const eva_url =\n    configuration.AURAYA_URL ||\n    'https://eval-eva-web.aurayasystems.com/server/oauth';\n  const clientSecret =\n    configuration.AURAYA_CLIENT_SECRET ||\n    'o4X0LFKi2caP5ipUwaF4B27cZmfOIh0JXnqmfiC4mHkVskSzbp72Emk3AB6';\n  const clientId = configuration.AURAYA_CLIENT_ID || 'auraya';\n  const issuer = configuration.AURAYA_ISSUER || 'issuer';\n\n  // Prepare user's enrolment status\n  user.user_metadata = user.user_metadata || {};\n  user.user_metadata.auraya_eva = user.user_metadata.auraya_eva || {};\n\n  // User has initiated a login and is prompted to use voice biometrics\n  // Send user's information and query params in a JWT to avoid tampering\n  function createToken(user) {\n    const options = {\n      expiresInMinutes: 2,\n      audience: clientId,\n      issuer: issuer\n    };\n\n    return jwt.sign(user, clientSecret, options);\n  }\n\n  if (context.protocol === 'redirect-callback') {\n    // user was redirected to the /continue endpoint with correct state parameter value\n\n    var options = {\n      //subject: user.user_id, // validating the subject is nice to have but not strictly necessary\n      jwtid: user.jti // unlike state, this value can't be spoofed by DNS hacking or inspecting the payload\n    };\n\n    const payload = jwt.verify(\n      context.request.body.token,\n      clientSecret,\n      options\n    );\n    if (debug) {\n      console.log(payload);\n    }\n\n    if (payload.reason === 'enrolment_succeeded') {\n      user.user_metadata.auraya_eva.status = 'enrolled';\n\n      console.log('Biometric user successfully enrolled');\n      // persist the user_metadata update\n      auth0.users\n        .updateUserMetadata(user.user_id, user.user_metadata)\n        .then(function () {\n          callback(null, user, context);\n        })\n        .catch(function (err) {\n          callback(err);\n        });\n\n      return;\n    }\n\n    if (payload.reason !== 'verification_accepted') {\n      // logic to detect repeatedly rejected attempts could go here\n      // and update the eva.status accordingly (perhaps with 'blocked')\n      console.log(`Biometric rejection reason: ${payload.reason}`);\n      return callback(new UnauthorizedError(payload.reason), user, context);\n    }\n\n    // verification accepted\n    console.log('Biometric verification accepted');\n    return callback(null, user, context);\n  }\n\n  const url = require('[email protected]');\n  user.jti = uuid.v4();\n  user.user_metadata.auraya_eva.status =\n    user.user_metadata.auraya_eva.status || 'initial';\n  const mode =\n    user.user_metadata.auraya_eva.status === 'initial' ? 'enrol' : 'verify';\n\n  // returns property of the user.user_metadata object, typically \"phone_number\"\n  // default is '', (server skips this prompt)\n  const personalDigits =\n    typeof configuration.AURAYA_PERSONAL_DIGITS === 'undefined'\n      ? ''\n      : user.user_metadata[configuration.AURAYA_PERSONAL_DIGITS];\n\n  // default value for these is 'true'\n  const commonDigits = configuration.AURAYA_COMMON_DIGITS || 'true';\n  const randomDigits = configuration.AURAYA_RANDOM_DIGITS || 'true';\n\n  // default value for these is '' (the server default)\n  const commonDigitsPrompt = configuration.AURAYA_COMMON_DIGITS_PROMPT || ''; // 123456789\n  const personalDigitsPrompt =\n    configuration.AURAYA_PERSONAL_DIGITS_PROMPT || ''; // 'your phone number'\n\n  const token = createToken({\n    sub: user.user_id,\n    jti: user.jti,\n    oauth: {\n      state: '', // not used in token, only in the GET request\n      callbackURL: url.format({\n        protocol: 'https',\n        hostname: context.request.hostname,\n        pathname: '/continue'\n      }),\n      nonce: user.jti // performs same function as jti\n    },\n    biometric: {\n      id: user.user_id, // email - can be used for identities that cross IdP boundaries\n      mode: mode,\n      personalDigits: personalDigits,\n      personalDigitsPrompt: personalDigitsPrompt,\n      commonDigits: commonDigits,\n      commonDigitsPrompt: commonDigitsPrompt,\n      randomDigits: randomDigits\n    }\n  });\n\n  context.redirect = {\n    url: `${eva_url}?token=${token}`\n  };\n\n  return callback(null, user, context);\n}"
+        "description": "<p>Please see the <a href=\"https://marketplace.auth0.com/integrations/eva-voice-biometrics\">EVA Voice Biometrics integration</a> for more information and detailed installation instructions.</p>\n<p><strong>Optional configuration:</strong></p>\n<ul>\n<li><code>AURAYA_URL</code> EVA endpoint, typically: https://eva-web.mydomain.com/server/oauth</li>\n<li><code>AURAYA_CLIENT_ID</code> JWT client id on the EVA server (and this server)</li>\n<li><code>AURAYA_CLIENT_SECRET</code> JWT client secret on the EVA server (and this server)</li>\n<li><code>AURAYA_ISSUER</code> This app (or \"issuer\")</li>\n<li><code>AURAYA_RANDOM_DIGITS</code>Set to \"true\" to prompt for random digits or \"false\" not to</li>\n<li><code>AURAYA_COMMON_DIGITS</code> Set to \"true\" to prompt for common digits or \"false\" not to</li>\n<li><code>AURAYA_PERSONAL_DIGITS</code> A user.user<em>metadata property that contains digits such as phone</em>number</li>\n<li><code>AURAYA_COMMON_DIGITS_PROMPT</code> A digit string to prompt for common digits (e.g '987654321')</li>\n<li><code>AURAYA_PERSONAL_DIGITS_PROMPT</code> A string to prompt for personal digits (e.g 'your cell number')</li>\n<li><code>AURAYA_DEBUG</code> Set to \"true\" to log errors in the console</li>\n</ul>",
+        "code": "function evaVoiceBiometric(user, context, callback) {\n  const debug = typeof configuration.AURAYA_DEBUG !== 'undefined';\n  if (debug) {\n    console.log(user);\n    console.log(context);\n    console.log(configuration);\n  }\n\n  const eva_url =\n    configuration.AURAYA_URL ||\n    'https://eval-eva-web.aurayasystems.com/server/oauth';\n  const clientSecret =\n    configuration.AURAYA_CLIENT_SECRET ||\n    'o4X0LFKi2caP5ipUwaF4B27cZmfOIh0JXnqmfiC4mHkVskSzbp72Emk3AB6';\n  const clientId = configuration.AURAYA_CLIENT_ID || 'auraya';\n  const issuer = configuration.AURAYA_ISSUER || 'issuer';\n\n  // Prepare user's enrolment status\n  user.user_metadata = user.user_metadata || {};\n  user.user_metadata.auraya_eva = user.user_metadata.auraya_eva || {};\n\n  // User has initiated a login and is prompted to use voice biometrics\n  // Send user's information and query params in a JWT to avoid tampering\n  function createToken(user) {\n    const options = {\n      expiresInMinutes: 2,\n      audience: clientId,\n      issuer: issuer\n    };\n\n    return jwt.sign(user, clientSecret, options);\n  }\n\n  if (context.protocol === 'redirect-callback') {\n    // user was redirected to the /continue endpoint with correct state parameter value\n\n    var options = {\n      //subject: user.user_id, // validating the subject is nice to have but not strictly necessary\n      jwtid: user.jti // unlike state, this value can't be spoofed by DNS hacking or inspecting the payload\n    };\n\n    const payload = jwt.verify(\n      context.request.body.token,\n      clientSecret,\n      options\n    );\n    if (debug) {\n      console.log(payload);\n    }\n\n    if (payload.reason === 'enrolment_succeeded') {\n      user.user_metadata.auraya_eva.status = 'enrolled';\n\n      console.log('Biometric user successfully enrolled');\n      // persist the user_metadata update\n      auth0.users\n        .updateUserMetadata(user.user_id, user.user_metadata)\n        .then(function () {\n          callback(null, user, context);\n        })\n        .catch(function (err) {\n          callback(err);\n        });\n\n      return;\n    }\n\n    if (payload.reason !== 'verification_accepted') {\n      // logic to detect repeatedly rejected attempts could go here\n      // and update the eva.status accordingly (perhaps with 'blocked')\n      console.log(`Biometric rejection reason: ${payload.reason}`);\n      return callback(new UnauthorizedError(payload.reason), user, context);\n    }\n\n    // verification accepted\n    console.log('Biometric verification accepted');\n    return callback(null, user, context);\n  }\n\n  const url = require('[email protected]');\n  user.jti = uuid.v4();\n  user.user_metadata.auraya_eva.status =\n    user.user_metadata.auraya_eva.status || 'initial';\n  const mode =\n    user.user_metadata.auraya_eva.status === 'initial' ? 'enrol' : 'verify';\n\n  // returns property of the user.user_metadata object, typically \"phone_number\"\n  // default is '', (server skips this prompt)\n\n  let personalDigits = '';\n  if (typeof configuration.AURAYA_PERSONAL_DIGITS !== 'undefined') {\n    personalDigits = user.user_metadata[configuration.AURAYA_PERSONAL_DIGITS];\n  }\n\n  // default value for these is 'true'\n  const commonDigits = configuration.AURAYA_COMMON_DIGITS || 'true';\n  const randomDigits = configuration.AURAYA_RANDOM_DIGITS || 'true';\n\n  // default value for these is '' (the server default)\n  const commonDigitsPrompt = configuration.AURAYA_COMMON_DIGITS_PROMPT || ''; // 123456789\n  const personalDigitsPrompt =\n    configuration.AURAYA_PERSONAL_DIGITS_PROMPT || ''; // 'your phone number'\n\n  const token = createToken({\n    sub: user.user_id,\n    jti: user.jti,\n    oauth: {\n      state: '', // not used in token, only in the GET request\n      callbackURL: url.format({\n        protocol: 'https',\n        hostname: context.request.hostname,\n        pathname: '/continue'\n      }),\n      nonce: user.jti // performs same function as jti\n    },\n    biometric: {\n      id: user.user_id, // email - can be used for identities that cross IdP boundaries\n      mode: mode,\n      personalDigits: personalDigits,\n      personalDigitsPrompt: personalDigitsPrompt,\n      commonDigits: commonDigits,\n      commonDigitsPrompt: commonDigitsPrompt,\n      randomDigits: randomDigits\n    }\n  });\n\n  context.redirect = {\n    url: `${eva_url}?token=${token}`\n  };\n\n  return callback(null, user, context);\n}"
       },
       {
         "id": "iddataweb-verification-workflow",

src/rules/eva-voice-biometric.js

@@ -4,21 +4,22 @@
  *	@gallery true
  *	@category marketplace
  *
+ * Please see the [EVA Voice Biometrics integration](https://marketplace.auth0.com/integrations/eva-voice-biometrics) for more information and detailed installation instructions.
  *
- *	all configuration items are optional:
- *	AURAYA_URL = optional. EVA endpoint, typically: https://eva-web.mydomain.com/server/oauth
- *	AURAYA_CLIENT_ID = optional. JWT client id on the EVA server (and this server)
- *	AURAYA_CLIENT_SECRET = optional. JWT client secret on the EVA server (and this server)
- *	AURAYA_ISSUER = optional. this app (or "issuer")
+ * **Optional configuration:**
  *
- *	AURAYA_RANDOM_DIGITS = optional. true|false whether to prompt for random digits
- *	AURAYA_COMMON_DIGITS = optional. true|false whether to prompt for common digits
- *	AURAYA_PERSONAL_DIGITS = optional. a user.user_metadata property that contains digits such as phone_number
- *	AURAYA_COMMON_DIGITS_PROMPT = optional. a digit string to prompt for common digits (e.g '987654321')
- *	AURAYA_PERSONAL_DIGITS_PROMPT = optional. a string to prompt for personal digits (e.g 'your cell number')
- *
- *	AURAYA_DEBUG = optional. if set, controls detailed debug output
+ *    - `AURAYA_URL` EVA endpoint, typically: https://eva-web.mydomain.com/server/oauth
+ *    - `AURAYA_CLIENT_ID` JWT client id on the EVA server (and this server)
+ *    - `AURAYA_CLIENT_SECRET` JWT client secret on the EVA server (and this server)
+ *    - `AURAYA_ISSUER` This app (or "issuer")
+ *    - `AURAYA_RANDOM_DIGITS`Set to "true" to prompt for random digits or "false" not to
+ *    - `AURAYA_COMMON_DIGITS` Set to "true" to prompt for common digits or "false" not to
+ *    - `AURAYA_PERSONAL_DIGITS` A user.user_metadata property that contains digits such as phone_number
+ *    - `AURAYA_COMMON_DIGITS_PROMPT` A digit string to prompt for common digits (e.g '987654321')
+ *    - `AURAYA_PERSONAL_DIGITS_PROMPT` A string to prompt for personal digits (e.g 'your cell number')
+ *    - `AURAYA_DEBUG` Set to "true" to log errors in the console
  */
+
 function evaVoiceBiometric(user, context, callback) {
   const debug = typeof configuration.AURAYA_DEBUG !== 'undefined';
   if (debug) {
@@ -107,10 +108,11 @@ function evaVoiceBiometric(user, context, callback) {
 
   // returns property of the user.user_metadata object, typically "phone_number"
   // default is '', (server skips this prompt)
-  const personalDigits =
-    typeof configuration.AURAYA_PERSONAL_DIGITS === 'undefined'
-      ? ''
-      : user.user_metadata[configuration.AURAYA_PERSONAL_DIGITS];
+
+  let personalDigits = '';
+  if (typeof configuration.AURAYA_PERSONAL_DIGITS !== 'undefined') {
+    personalDigits = user.user_metadata[configuration.AURAYA_PERSONAL_DIGITS];
+  }
 
   // default value for these is 'true'
   const commonDigits = configuration.AURAYA_COMMON_DIGITS || 'true';