Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[IAMRISK-3539] Use signup classic endpoint for captcha #2587

Merged
merged 5 commits into from
Nov 7, 2024

Conversation

TSLarson
Copy link
Contributor

@TSLarson TSLarson commented Oct 31, 2024

Changes

  • Uses Signup Captcha enforcement Policy for Signup instead of Login/Default enforcement policy (new capability)
  • Uses reset_password enforcement Policy for reset_password (bug)
  • Isolates calls for passwordless and reset password enforcement policy to specific flows instead of on Lock load (bug)

References

https://auth0team.atlassian.net/browse/IAMRISK-4032
https://auth0team.atlassian.net/browse/IAMRISK-4161

Testing

https://oktawiki.atlassian.net/wiki/spaces/IAMCA/pages/3113844770/Bot+Detection+Signup+Classic+UL+Testing+Documentation

  • This change adds unit test coverage
  • This change adds integration test coverage
  • This change has been tested on the latest version of the platform/language

Checklist

@TSLarson TSLarson requested a review from a team as a code owner October 31, 2024 14:56
"auth0-password-policies": "^1.0.2",
"blueimp-md5": "^2.19.0",
"classnames": "^2.3.2",
"dompurify": "^2.3.12",
"dompurify": "^2.5.4",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upgrading due to snyk warnings

@@ -338,7 +338,7 @@ export function showResetPasswordActivity(id, fields = ['password']) {
if (captchaConfig && captchaConfig.get('provider') === 'arkose') {
swap(updateEntity, 'lock', id, setScreen, 'forgotPassword', fields);
} else {
swapCaptcha(id, 'login', false, () => {
swapCaptcha(id, Flow.PASSWORD_RESET, false, () => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug fix

@@ -60,24 +60,5 @@ export function syncRemoteData(m) {
successFn: setCaptcha
});

m = sync(m, 'passwordlessCaptcha', {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moving this due to bug with Simple CAPTCHA

done();
});
});
}, 1000);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1000 was the lowest number I was able to set the timeout to and have the tests reliably pass

@TSLarson TSLarson merged commit 0854d9a into master Nov 7, 2024
8 checks passed
@TSLarson TSLarson deleted the iamrisk-3539-4 branch November 7, 2024 15:36
gyaneshgouraw-okta added a commit that referenced this pull request Nov 12, 2024
**Added**
- [IAMRISK-3539] Use signup classic endpoint for captcha
[\#2587](#2587)
([TSLarson](https://github.com/TSLarson))

**Fixed**
- [IAMRISK-3554] hcaptcha bug fix
[\#2566](#2566)
([Treterten](https://github.com/Treterten))

**Security**
- ci: changed the trigger from pull_request_target to pull_request for
better security [\#2584](#2584)
([nandan-bhat](https://github.com/nandan-bhat))
- Update codeowner file with new GitHub team name
[\#2572](#2572)
([stevenwong-okta](https://github.com/stevenwong-okta))


[IAMRISK-3539]:
https://auth0team.atlassian.net/browse/IAMRISK-3539?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
[IAMRISK-3554]:
https://auth0team.atlassian.net/browse/IAMRISK-3554?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants