auth0-deploy-cli 7.4.0 → 7.5.0

package/lib/tools/auth0/handlers/actions.js

@@ -1,262 +1,250 @@
 "use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
 });
-exports.default = exports.schema = undefined;
-
-var _dec, _class;
-
-var _lodash = require("lodash");
-
-var _lodash2 = _interopRequireDefault(_lodash);
-
-var _default = require("./default");
-
-var _default2 = _interopRequireDefault(_default);
-
-var _logger = require("../../logger");
-
-var _logger2 = _interopRequireDefault(_logger);
-
-var _utils = require("../../utils");
-
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-
-function _applyDecoratedDescriptor(target, property, decorators, descriptor, context) { var desc = {}; Object.keys(descriptor).forEach(function (key) { desc[key] = descriptor[key]; }); desc.enumerable = !!desc.enumerable; desc.configurable = !!desc.configurable; if ('value' in desc || desc.initializer) { desc.writable = true; } desc = decorators.slice().reverse().reduce(function (desc, decorator) { return decorator(target, property, desc) || desc; }, desc); if (context && desc.initializer !== void 0) { desc.value = desc.initializer ? desc.initializer.call(context) : void 0; desc.initializer = undefined; } if (desc.initializer === void 0) { Object.defineProperty(target, property, desc); desc = null; } return desc; }
-
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const lodash_1 = __importDefault(require("lodash"));
+const default_1 = __importStar(require("./default"));
+const logger_1 = __importDefault(require("../../logger"));
+const utils_1 = require("../../utils");
 const MAX_ACTION_DEPLOY_RETRY = 60;
-const schema = exports.schema = {
-  type: 'array',
-  items: {
-    type: 'object',
-    required: ['name', 'supported_triggers', 'code'],
-    additionalProperties: false,
-    properties: {
-      code: {
-        type: 'string',
-        default: ''
-      },
-      runtime: {
-        type: 'string'
-      },
-      dependencies: {
-        type: 'array',
-        items: {
-          type: 'object',
-          additionalProperties: false,
-          properties: {
-            name: {
-              type: 'string'
-            },
-            version: {
-              type: 'string'
-            },
-            registry_url: {
-              type: 'string'
-            }
-          }
-        }
-      },
-      secrets: {
-        type: 'array',
-        items: {
-          type: 'object',
-          properties: {
-            name: {
-              type: 'string'
+// With this schema, we can only validate property types but not valid properties on per type basis
+exports.schema = {
+    type: 'array',
+    items: {
+        type: 'object',
+        required: ['name', 'supported_triggers', 'code'],
+        additionalProperties: false,
+        properties: {
+            code: { type: 'string', default: '' },
+            runtime: { type: 'string' },
+            dependencies: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    additionalProperties: false,
+                    properties: {
+                        name: { type: 'string' },
+                        version: { type: 'string' },
+                        registry_url: { type: 'string' }
+                    }
+                }
             },
-            value: {
-              type: 'string'
-            },
-            updated_at: {
-              type: 'string',
-              format: 'date-time'
-            }
-          }
-        }
-      },
-      name: {
-        type: 'string',
-        default: ''
-      },
-      supported_triggers: {
-        type: 'array',
-        items: {
-          type: 'object',
-          properties: {
-            id: {
-              type: 'string',
-              default: ''
+            secrets: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    properties: {
+                        name: { type: 'string' },
+                        value: { type: 'string' },
+                        updated_at: { type: 'string', format: 'date-time' }
+                    }
+                }
             },
-            version: {
-              type: 'string'
+            name: { type: 'string', default: '' },
+            supported_triggers: {
+                type: 'array',
+                items: {
+                    type: 'object',
+                    properties: {
+                        id: { type: 'string', default: '' },
+                        version: { type: 'string' },
+                        url: { type: 'string' }
+                    }
+                }
             },
-            url: {
-              type: 'string'
-            }
-          }
+            deployed: { type: 'boolean' },
+            status: { type: 'string' }
         }
-      },
-      deployed: {
-        type: 'boolean'
-      },
-      status: {
-        type: 'string'
-      }
     }
-  }
 };
-
 function sleep(ms) {
-  return new Promise(resolve => setTimeout(resolve, ms));
+    return new Promise((resolve) => setTimeout(resolve, ms));
 }
-
 function isActionsDisabled(err) {
-  const errorBody = _lodash2.default.get(err, 'originalError.response.body') || {};
-  return err.statusCode === 403 && errorBody.errorCode === 'feature_not_enabled';
+    const errorBody = lodash_1.default.get(err, 'originalError.response.body') || {};
+    return (err.statusCode === 403 && errorBody.errorCode === 'feature_not_enabled');
 }
-
-let ActionHandler = (_dec = (0, _default.order)('60'), (_class = class ActionHandler extends _default2.default {
-  constructor(options) {
-    super({ ...options,
-      type: 'actions',
-      functions: {
-        create: action => this.createAction(action),
-        delete: action => this.deleteAction(action)
-      },
-      stripUpdateFields: ['deployed', 'status']
-    });
-  }
-
-  async createAction(action) {
-    const addAction = { ...action
-    };
-    delete addAction.deployed;
-    delete addAction.status;
-    const createdAction = await this.client.actions.create(addAction);
-    action.id = createdAction.id;
-    return createdAction;
-  }
-
-  async deleteAction(action) {
-    if (!this.client.actions || typeof this.client.actions.delete !== 'function') {
-      return [];
+class ActionHandler extends default_1.default {
+    constructor(options) {
+        super(Object.assign(Object.assign({}, options), { type: 'actions', functions: {
+                create: (action) => this.createAction(action),
+                delete: (action) => this.deleteAction(action)
+            }, stripUpdateFields: [
+                'deployed',
+                'status'
+            ] }));
     }
-
-    return this.client.actions.delete({
-      id: action.id,
-      force: true
-    });
-  }
-
-  objString(action) {
-    return super.objString({
-      id: action.id,
-      name: action.name
-    });
-  }
-
-  async deployActions(actions) {
-    await this.client.pool.addEachTask({
-      data: actions || [],
-      generator: action => this.deployAction(action).then(() => {
-        _logger2.default.info(`Deployed [${this.type}]: ${this.objString(action)}`);
-      }).catch(err => {
-        throw new Error(`Problem Deploying ${this.type} ${this.objString(action)}\n${err}`);
-      })
-    }).promise();
-  }
-
-  async deployAction(action) {
-    try {
-      await this.client.actions.deploy({
-        id: action.id
-      });
-    } catch (err) {
-      if (err.message && err.message.includes('must be in the \'built\' state')) {
-        if (!action.retry_count) {
-          _logger2.default.info(`[${this.type}]: Waiting for build to complete ${this.objString(action)}`);
-
-          action.retry_count = 1;
-        }
-
-        if (action.retry_count > MAX_ACTION_DEPLOY_RETRY) {
-          throw err;
-        }
-
-        await sleep(1000);
-        action.retry_count += 1;
-        await this.deployAction(action);
-      } else {
-        throw err;
-      }
+    createAction(action) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Strip the deployed flag
+            const addAction = Object.assign({}, action);
+            delete addAction.deployed;
+            delete addAction.status;
+            const createdAction = yield this.client.actions.create(addAction);
+            // Add the action id so we can deploy it later
+            action.id = createdAction.id;
+            return createdAction;
+        });
     }
-  }
-
-  async actionChanges(action, found) {
-    const actionChanges = {};
-
-    if (!action.deployed) {
-      if (action.code !== found.code) {
-        actionChanges.code = action.code;
-      }
-
-      if (action.runtime !== found.runtime) {
-        actionChanges.runtime = action.runtime;
-      }
-
-      if (!(0, _utils.areArraysEquals)(action.dependencies, found.dependencies)) {
-        actionChanges.dependencies = action.dependencies;
-      }
+    deleteAction(action) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.client.actions || typeof this.client.actions.delete !== 'function') {
+                return [];
+            }
+            return this.client.actions.delete({ id: action.id, force: true });
+        });
     }
-
-    if (!(0, _utils.areArraysEquals)(action.supported_triggers, found.supported_triggers)) {
-      actionChanges.supported_triggers = action.supported_triggers;
+    objString(action) {
+        return super.objString({ id: action.id, name: action.name });
     }
-
-    return actionChanges;
-  }
-
-  async getType() {
-    if (this.existing) return this.existing;
-
-    if (!this.client.actions || typeof this.client.actions.getAll !== 'function') {
-      return [];
+    deployActions(actions) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.client.pool
+                .addEachTask({
+                data: actions || [],
+                generator: (action) => this.deployAction(action)
+                    .then(() => {
+                    logger_1.default.info(`Deployed [${this.type}]: ${this.objString(action)}`);
+                })
+                    .catch((err) => {
+                    throw new Error(`Problem Deploying ${this.type} ${this.objString(action)}\n${err}`);
+                })
+            })
+                .promise();
+        });
     }
-
-    try {
-      this.existing = await this.client.actions.getAll({
-        paginate: true
-      });
-      return this.existing;
-    } catch (err) {
-      if (err.statusCode === 403 || err.statusCode === 404 || err.statusCode === 501) {
-        return [];
-      }
-
-      if (isActionsDisabled(err)) {
-        _logger2.default.info('Skipping actions because it is not enabled.');
-
-        return [];
-      }
-
-      throw err;
+    deployAction(action) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                yield this.client.actions.deploy({ id: action.id });
+            }
+            catch (err) {
+                // Retry if pending build.
+                if (err.message && err.message.includes('must be in the \'built\' state')) {
+                    if (!action.retry_count) {
+                        logger_1.default.info(`[${this.type}]: Waiting for build to complete ${this.objString(action)}`);
+                        action.retry_count = 1;
+                    }
+                    if (action.retry_count > MAX_ACTION_DEPLOY_RETRY) {
+                        throw err;
+                    }
+                    yield sleep(1000);
+                    action.retry_count += 1;
+                    yield this.deployAction(action);
+                }
+                else {
+                    throw err;
+                }
+            }
+        });
     }
-  }
-
-  async processChanges(assets) {
-    const {
-      actions
-    } = assets;
-    if (!actions) return;
-    const changes = await this.calcChanges(assets);
-    await super.processChanges(assets, changes);
-    const deployActions = [];
-    deployActions.push(...changes.create.filter(action => action.deployed));
-    deployActions.push(...changes.update.filter(action => action.deployed));
-    await this.deployActions(deployActions);
-  }
-
-}, (_applyDecoratedDescriptor(_class.prototype, "processChanges", [_dec], Object.getOwnPropertyDescriptor(_class.prototype, "processChanges"), _class.prototype)), _class));
-exports.default = ActionHandler;
+    actionChanges(action, found) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const actionChanges = {};
+            // if action is deployed, should compare against curren_version - calcDeployedVersionChanges method
+            if (!action.deployed) {
+                // name or secrets modifications are not supported yet
+                if (action.code !== found.code) {
+                    actionChanges.code = action.code;
+                }
+                if (action.runtime !== found.runtime) {
+                    actionChanges.runtime = action.runtime;
+                }
+                if (!(0, utils_1.areArraysEquals)(action.dependencies, found.dependencies)) {
+                    actionChanges.dependencies = action.dependencies;
+                }
+            }
+            if (!(0, utils_1.areArraysEquals)(action.supported_triggers, found.supported_triggers)) {
+                actionChanges.supported_triggers = action.supported_triggers;
+            }
+            return actionChanges;
+        });
+    }
+    getType() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.existing)
+                return this.existing;
+            if (!this.client.actions || typeof this.client.actions.getAll !== 'function') {
+                return [];
+            }
+            // Actions API does not support include_totals param like the other paginate API's.
+            // So we set it to false otherwise it will fail with "Additional properties not allowed: include_totals"
+            try {
+                this.existing = yield this.client.actions.getAll({ paginate: true });
+                return this.existing;
+            }
+            catch (err) {
+                if (err.statusCode === 403 || err.statusCode === 404 || err.statusCode === 501) {
+                    return [];
+                }
+                if (isActionsDisabled(err)) {
+                    logger_1.default.info('Skipping actions because it is not enabled.');
+                    return [];
+                }
+                throw err;
+            }
+        });
+    }
+    processChanges(assets) {
+        const _super = Object.create(null, {
+            processChanges: { get: () => super.processChanges }
+        });
+        return __awaiter(this, void 0, void 0, function* () {
+            const { actions } = assets;
+            // Do nothing if not set
+            if (!actions)
+                return;
+            const changes = yield this.calcChanges(assets);
+            yield _super.processChanges.call(this, assets, changes);
+            // Deploy actions
+            const deployActions = [];
+            deployActions.push(...changes.create.filter((action) => action.deployed));
+            deployActions.push(...changes.update.filter((action) => action.deployed));
+            yield this.deployActions(deployActions);
+        });
+    }
+}
+__decorate([
+    (0, default_1.order)('60')
+], ActionHandler.prototype, "processChanges", null);
+exports.default = ActionHandler;

package/lib/tools/auth0/handlers/attackProtection.js

@@ -0,0 +1,86 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const default_1 = __importDefault(require("./default"));
+exports.schema = {
+    type: 'object',
+    properties: {
+        breachedPasswordDetection: {
+            type: 'object'
+        },
+        bruteForceProtection: {
+            type: 'object'
+        },
+        suspiciousIpThrottling: {
+            type: 'object'
+        }
+    },
+    additionalProperties: false
+};
+class AttackProtectionHandler extends default_1.default {
+    constructor(config) {
+        super(Object.assign(Object.assign({}, config), { type: 'attackProtection' }));
+    }
+    objString(item) {
+        return super.objString({
+            'breached-password-protection': {
+                enabled: item.breachedPasswordDetection.enabled
+            },
+            'brute-force-protection': {
+                enabled: item.bruteForceProtection.enabled
+            },
+            'suspicious-ip-throttling': {
+                enabled: item.suspiciousIpThrottling.enabled
+            }
+        });
+    }
+    getType() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.existing) {
+                return this.existing;
+            }
+            const [breachedPasswordDetection, bruteForceProtection, suspiciousIpThrottling] = yield Promise.all([
+                this.client.attackProtection.getBreachedPasswordDetectionConfig(),
+                this.client.attackProtection.getBruteForceConfig(),
+                this.client.attackProtection.getSuspiciousIpThrottlingConfig()
+            ]);
+            this.existing = {
+                breachedPasswordDetection,
+                bruteForceProtection,
+                suspiciousIpThrottling
+            };
+            return this.existing;
+        });
+    }
+    processChanges(assets) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { attackProtection } = assets;
+            if (!attackProtection || !Object.keys(attackProtection).length) {
+                return;
+            }
+            Promise.all([
+                this.client.attackProtection
+                    .updateBreachedPasswordDetectionConfig({}, attackProtection.breachedPasswordDetection),
+                this.client.attackProtection
+                    .updateSuspiciousIpThrottlingConfig({}, attackProtection.suspiciousIpThrottling),
+                this.client.attackProtection
+                    .updateBruteForceConfig({}, attackProtection.bruteForceProtection)
+            ]);
+            this.updated += 1;
+            this.didUpdate(attackProtection);
+        });
+    }
+}
+exports.default = AttackProtectionHandler;