auth0-deploy-cli 7.7.1 → 7.8.0

package/lib/index.d.ts

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+import importCMD from './commands/import';
+import exportCMD from './commands/export';
+declare const _default: {
+    deploy: typeof importCMD;
+    dump: typeof exportCMD;
+    import: typeof importCMD;
+    export: typeof exportCMD;
+    tools: {
+        constants: {
+            CONCURRENT_CALLS: number;
+            RULES_DIRECTORY: string;
+            RULES_STAGES: string[];
+            DEFAULT_RULE_STAGE: string;
+            HOOKS_HIDDEN_SECRET_VALUE: string;
+            OBFUSCATED_SECRET_VALUE: string;
+            HOOKS_DIRECTORY: string;
+            ACTIONS_DIRECTORY: string;
+            TRIGGERS_DIRECTORY: string;
+            RULES_CONFIGS_DIRECTORY: string;
+            PAGES_DIRECTORY: string;
+            PAGE_LOGIN: string;
+            PAGE_GUARDIAN_MULTIFACTOR: string;
+            PAGE_PASSWORD_RESET: string;
+            PAGE_ERROR: string;
+            DATABASE_CONNECTIONS_DIRECTORY: string;
+            DATABASE_SCRIPTS_CHANGE_EMAIL: string;
+            DATABASE_SCRIPTS_GET_USER: string;
+            EMAIL_TEMPLATES_TYPES: string[];
+            ACTIONS_TRIGGERS: string[];
+            EMAIL_TEMPLATES_DIRECTORY: string;
+            EMAIL_VERIFY: string;
+            EMAIL_VERIFY_BY_CODE: string;
+            EMAIL_RESET: string;
+            EMAIL_WELCOME: string;
+            EMAIL_BLOCKED: string;
+            EMAIL_STOLEN_CREDENTIALS: string;
+            EMAIL_ENROLLMENT: string;
+            EMAIL_CHANGE_PASSWORD: string;
+            EMAIL_PASSWORD_RESET: string;
+            EMAIL_MFA_OOB_CODE: string;
+            EMAIL_USER_INVITATION: string;
+            GUARDIAN_DIRECTORY: string;
+            GUARDIAN_FACTORS_DIRECTORY: string;
+            GUARDIAN_PROVIDERS_DIRECTORY: string;
+            GUARDIAN_TEMPLATES_DIRECTORY: string;
+            UNIVERSAL_LOGIN_TEMPLATE: string;
+            RESOURCE_SERVERS_DIRECTORY: string;
+            RESOURCE_SERVERS_CLIENT_NAME: string;
+            RESOURCE_SERVERS_MANAGEMENT_API_NAME: string;
+            RESOURCE_SERVERS_ID_NAME: string;
+            CLIENTS_DIRECTORY: string;
+            CLIENTS_GRANTS_DIRECTORY: string;
+            BRANDING_DIRECTORY: string;
+            BRANDING_TEMPLATES_DIRECTORY: string;
+            BRANDING_TEMPLATES_YAML_DIRECTORY: string;
+            CLIENTS_CLIENT_NAME: string;
+            CLIENTS_CLIENT_ID_NAME: string;
+            CONNECTIONS_DIRECTORY: string;
+            CONNECTIONS_CLIENT_NAME: string;
+            CONNECTIONS_ID_NAME: string;
+            ROLES_DIRECTORY: string;
+            ATTACK_PROTECTION_DIRECTORY: string;
+            GUARDIAN_FACTORS: string[];
+            GUARDIAN_POLICIES: string[];
+            GUARDIAN_PHONE_PROVIDERS: string[];
+            GUARDIAN_PHONE_MESSAGE_TYPES: string[];
+            GUARDIAN_FACTOR_TEMPLATES: string[];
+            GUARDIAN_FACTOR_PROVIDERS: {
+                sms: string[];
+                'push-notification': string[];
+            };
+            PAGE_NAMES: string[];
+            DATABASE_SCRIPTS: string[];
+            DATABASE_SCRIPTS_NO_IMPORT: string[];
+            DATABASE_SCRIPTS_IMPORT: string[];
+            EMAIL_TEMPLATES_NAMES: string[];
+            SUPPORTED_BRANDING_TEMPLATES: string[];
+        };
+        deploy: typeof import("./tools").deploy;
+        keywordReplace: typeof import("./tools").keywordReplace;
+        loadFileAndReplaceKeywords: typeof import("./tools").loadFileAndReplaceKeywords;
+        Auth0: typeof import("./tools").Auth0;
+    };
+};
+export default _default;
+export declare const dump: typeof exportCMD;
+export declare const deploy: typeof importCMD;

package/lib/index.js

@@ -13,6 +13,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.deploy = exports.dump = void 0;
 const global_agent_1 = require("global-agent");
 const args_1 = require("./args");
 const logger_1 = __importDefault(require("./logger"));
@@ -49,7 +50,7 @@ if (require.main === module) {
     const params = (0, args_1.getParams)();
     logger_1.default.debug('Starting Auth0 Deploy CLI Tool');
     if (params.debug) {
-        logger_1.default.transports.console.level = 'debug';
+        logger_1.default.level = 'debug';
         // Set for tools
         process.env.AUTH0_DEBUG = 'true';
         process.env.AUTH0_LOG = 'debug';
@@ -76,10 +77,12 @@ if (require.main === module) {
     });
 }
 // Export commands to be used programmatically
-module.exports = {
+exports.default = {
     deploy: import_1.default,
     dump: export_1.default,
     import: import_1.default,
     export: export_1.default,
     tools: tools_1.default,
 };
+exports.dump = export_1.default;
+exports.deploy = import_1.default;

package/lib/logger.d.ts

@@ -0,0 +1,2 @@
+declare const logger: import("winston").Logger;
+export default logger;

package/lib/logger.js

@@ -1,21 +1,11 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const winston_1 = __importDefault(require("winston"));
-//@ts-ignore because used version of Winston still supports emitErrs property
-winston_1.default.emitErrs = true;
-const log = new winston_1.default.Logger({
-    transports: [
-        new winston_1.default.transports.Console({
-            timestamp: true,
-            level: process.env.AUTH0_LOG || 'info',
-            handleExceptions: true,
-            json: false,
-            colorize: true,
-        }),
-    ],
+const winston_1 = require("winston");
+const { combine, timestamp, colorize } = winston_1.format;
+const logger = (0, winston_1.createLogger)({
+    level: process.env.AUTH0_LOG || 'info',
+    format: combine(colorize(), timestamp(), winston_1.format.printf((info) => `${info.timestamp} - ${info.level}: ${info.message}`)),
+    transports: [new winston_1.transports.Console()],
     exitOnError: false,
 });
-exports.default = log;
+exports.default = logger;

package/lib/readonly.d.ts

@@ -0,0 +1,2 @@
+import { Assets, Config } from './types';
+export default function cleanAssets(assets: Assets, config: Config): Assets;

package/lib/sessionDurationsToMinutes.d.ts

@@ -0,0 +1,7 @@
+export declare const sessionDurationsToMinutes: ({ session_lifetime, idle_session_lifetime, }: {
+    session_lifetime?: number | undefined;
+    idle_session_lifetime?: number | undefined;
+}) => {
+    session_lifetime_in_minutes?: number;
+    idle_session_lifetime_in_minutes?: number;
+};

package/lib/tools/auth0/client.d.ts

@@ -0,0 +1,2 @@
+import { Auth0APIClient, BaseAuth0APIClient } from '../../types';
+export default function pagedClient(client: BaseAuth0APIClient): Auth0APIClient;

package/lib/tools/auth0/handlers/actions.d.ts

@@ -0,0 +1,95 @@
+import DefaultAPIHandler from './default';
+import { Asset } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        required: string[];
+        additionalProperties: boolean;
+        properties: {
+            code: {
+                type: string;
+                default: string;
+            };
+            runtime: {
+                type: string;
+            };
+            dependencies: {
+                type: string;
+                items: {
+                    type: string;
+                    additionalProperties: boolean;
+                    properties: {
+                        name: {
+                            type: string;
+                        };
+                        version: {
+                            type: string;
+                        };
+                        registry_url: {
+                            type: string;
+                        };
+                    };
+                };
+            };
+            secrets: {
+                type: string;
+                items: {
+                    type: string;
+                    properties: {
+                        name: {
+                            type: string;
+                        };
+                        value: {
+                            type: string;
+                        };
+                        updated_at: {
+                            type: string;
+                            format: string;
+                        };
+                    };
+                };
+            };
+            name: {
+                type: string;
+                default: string;
+            };
+            supported_triggers: {
+                type: string;
+                items: {
+                    type: string;
+                    properties: {
+                        id: {
+                            type: string;
+                            default: string;
+                        };
+                        version: {
+                            type: string;
+                        };
+                        url: {
+                            type: string;
+                        };
+                    };
+                };
+            };
+            deployed: {
+                type: string;
+            };
+            status: {
+                type: string;
+            };
+        };
+    };
+};
+export default class ActionHandler extends DefaultAPIHandler {
+    existing: Asset[] | null;
+    constructor(options: any);
+    createAction(action: any): Promise<Asset>;
+    deleteAction(action: any): Promise<void | never[]>;
+    objString(action: any): string;
+    deployActions(actions: any): Promise<void>;
+    deployAction(action: any): Promise<void>;
+    actionChanges(action: any, found: any): Promise<Asset>;
+    getType(): Promise<Asset[] | null>;
+    processChanges(assets: any): Promise<void>;
+}

package/lib/tools/auth0/handlers/actions.js

@@ -44,7 +44,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
 const lodash_1 = __importDefault(require("lodash"));
 const default_1 = __importStar(require("./default"));
-const logger_1 = __importDefault(require("../../logger"));
+const logger_1 = __importDefault(require("../../../logger"));
 const utils_1 = require("../../utils");
 const MAX_ACTION_DEPLOY_RETRY = 60;
 // With this schema, we can only validate property types but not valid properties on per type basis

package/lib/tools/auth0/handlers/attackProtection.d.ts

@@ -0,0 +1,28 @@
+import DefaultAPIHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        breachedPasswordDetection: {
+            type: string;
+        };
+        bruteForceProtection: {
+            type: string;
+        };
+        suspiciousIpThrottling: {
+            type: string;
+        };
+    };
+    additionalProperties: boolean;
+};
+export default class AttackProtectionHandler extends DefaultAPIHandler {
+    existing: {
+        breachedPasswordDetection: any;
+        bruteForceProtection: any;
+        suspiciousIpThrottling: any;
+    } | null;
+    constructor(config: DefaultAPIHandler);
+    objString(item: Asset): string;
+    getType(): Promise<Asset>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/branding.d.ts

@@ -0,0 +1,27 @@
+import DefaultHandler from './default';
+import { Asset } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        templates: {
+            type: string;
+            items: {
+                type: string;
+                properties: {
+                    template: {
+                        type: string;
+                    };
+                    body: {
+                        type: string;
+                    };
+                };
+            };
+        };
+    };
+};
+export default class BrandingHandler extends DefaultHandler {
+    existing: Asset;
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset>;
+    processChanges(assets: any): Promise<void>;
+}

package/lib/tools/auth0/handlers/clientGrants.d.ts

@@ -0,0 +1,32 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+import DefaultAPIHandler from './default';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            client_id: {
+                type: string;
+            };
+            audience: {
+                type: string;
+            };
+            scope: {
+                type: string;
+                items: {
+                    type: string;
+                };
+                uniqueItems: boolean;
+            };
+        };
+        required: string[];
+    };
+};
+export default class ClientGrantsHandler extends DefaultHandler {
+    existing: Asset[] | null;
+    constructor(config: DefaultAPIHandler);
+    objString(item: any): string;
+    getType(): Promise<Asset>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/clients.d.ts

@@ -0,0 +1,23 @@
+import { Asset, Assets } from '../../../types';
+import DefaultAPIHandler from './default';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+                minLength: number;
+                pattern: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class ClientHandler extends DefaultAPIHandler {
+    existing: Asset[] | null;
+    constructor(config: DefaultAPIHandler);
+    objString(item: any): string;
+    processChanges(assets: Assets): Promise<void>;
+    getType(): Promise<Asset[]>;
+}

package/lib/tools/auth0/handlers/connections.d.ts

@@ -0,0 +1,54 @@
+import DefaultAPIHandler from './default';
+import { CalculatedChanges, Asset, Assets } from '../../../types';
+import { ConfigFunction } from '../../../configFactory';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            name: {
+                type: string;
+            };
+            strategy: {
+                type: string;
+            };
+            options: {
+                type: string;
+            };
+            enabled_clients: {
+                type: string;
+                items: {
+                    type: string;
+                };
+            };
+            realms: {
+                type: string;
+                items: {
+                    type: string;
+                };
+            };
+            metadata: {
+                type: string;
+            };
+        };
+        required: string[];
+    };
+};
+export declare const addExcludedConnectionPropertiesToChanges: ({ proposedChanges, existingConnections, config, }: {
+    proposedChanges: CalculatedChanges;
+    existingConnections: Asset[];
+    config: ConfigFunction;
+}) => CalculatedChanges;
+export default class ConnectionsHandler extends DefaultAPIHandler {
+    existing: Asset[] | null;
+    constructor(config: DefaultAPIHandler);
+    objString(connection: any): string;
+    getFormattedOptions(connection: any, clients: any): {
+        options: any;
+    } | {
+        options?: undefined;
+    };
+    getType(): Promise<Asset[] | null>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/databases.d.ts

@@ -0,0 +1,36 @@
+import DefaultAPIHandler from './default';
+import { CalculatedChanges, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            strategy: {
+                type: string;
+                enum: string[];
+                default: string;
+            };
+            name: {
+                type: string;
+            };
+            options: {
+                type: string;
+                properties: {
+                    customScripts: {
+                        type: string;
+                        properties: {};
+                    };
+                };
+            };
+        };
+        required: string[];
+    };
+};
+export default class DatabaseHandler extends DefaultAPIHandler {
+    constructor(config: DefaultAPIHandler);
+    objString(db: any): string;
+    getClientFN(fn: 'create' | 'delete' | 'getAll' | 'update'): Function;
+    getType(): Promise<import("../../../types").Asset>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/default.d.ts

@@ -0,0 +1,54 @@
+import { Asset, Assets, Auth0APIClient, CalculatedChanges } from '../../../types';
+import { ConfigFunction } from '../../../configFactory';
+export declare function order(value: any): (t: any, n: any, descriptor: any) => any;
+export default class APIHandler {
+    config: ConfigFunction;
+    id: string;
+    type: string;
+    updated: number;
+    created: number;
+    deleted: number;
+    existing: null | Asset | Asset[];
+    client: Auth0APIClient;
+    identifiers: string[];
+    objectFields: string[];
+    sensitiveFieldsToObfuscate: string[];
+    stripUpdateFields: string[];
+    stripCreateFields: string[];
+    name?: string;
+    functions: {
+        getAll: string;
+        update: string;
+        create: string;
+        delete: string;
+    };
+    constructor(options: {
+        id?: APIHandler['id'];
+        config: ConfigFunction;
+        type: APIHandler['type'];
+        client: Auth0APIClient;
+        objectFields?: APIHandler['objectFields'];
+        identifiers?: APIHandler['identifiers'];
+        stripUpdateFields?: APIHandler['stripUpdateFields'];
+        sensitiveFieldsToObfuscate?: APIHandler['sensitiveFieldsToObfuscate'];
+        stripCreateFields?: APIHandler['stripCreateFields'];
+        functions: {
+            getAll?: string;
+            update?: string;
+            create?: string;
+            delete?: string;
+        };
+    });
+    getClientFN(fn: string | Function): Function;
+    didDelete(item: Asset): void;
+    didCreate(item: Asset): void;
+    didUpdate(item: Asset): void;
+    objString(item: Asset): string;
+    getType(): Promise<Asset | Asset[] | null>;
+    load(): Promise<{
+        [key: string]: Asset | Asset[] | null;
+    }>;
+    calcChanges(assets: Assets): Promise<CalculatedChanges>;
+    validate(assets: Assets): Promise<void>;
+    processChanges(assets: Assets, changes: CalculatedChanges): Promise<void>;
+}

package/lib/tools/auth0/handlers/default.js

@@ -14,8 +14,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.order = void 0;
 const validationError_1 = __importDefault(require("../../validationError"));
-const logger_1 = __importDefault(require("../../logger"));
 const utils_1 = require("../../utils");
+const logger_1 = __importDefault(require("../../../logger"));
 const calculateChanges_1 = require("../../calculateChanges");
 function order(value) {
     return function decorator(t, n, descriptor) {
@@ -34,6 +34,8 @@ class APIHandler {
         this.identifiers = options.identifiers || ['id', 'name'];
         this.objectFields = options.objectFields || [];
         this.stripUpdateFields = [...(options.stripUpdateFields || []), this.id];
+        this.sensitiveFieldsToObfuscate = options.sensitiveFieldsToObfuscate || [];
+        this.stripCreateFields = options.stripCreateFields || [];
         this.functions = Object.assign({ getAll: 'getAll', create: 'create', delete: 'delete', update: 'update' }, (options.functions || {}));
         this.updated = 0;
         this.created = 0;
@@ -68,7 +70,8 @@ class APIHandler {
         return __awaiter(this, void 0, void 0, function* () {
             // Load Asset from Tenant
             logger_1.default.info(`Retrieving ${this.type} data from Auth0`);
-            this.existing = yield this.getType();
+            const data = yield this.getType();
+            this.existing = (0, utils_1.obfuscateSensitiveValues)(data, this.sensitiveFieldsToObfuscate);
             return { [this.type]: this.existing };
         });
     }
@@ -76,13 +79,14 @@ class APIHandler {
         return __awaiter(this, void 0, void 0, function* () {
             const typeAssets = assets[this.type];
             // Do nothing if not set
-            if (!typeAssets)
+            if (!typeAssets) {
                 return {
                     del: [],
                     create: [],
                     conflicts: [],
                     update: [],
                 };
+            }
             const existing = yield this.getType();
             // Figure out what needs to be updated vs created
             return (0, calculateChanges_1.calculateChanges)({
@@ -166,8 +170,11 @@ class APIHandler {
                 generator: (updateItem) => {
                     const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
-                    const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                    return updateFN(params, payload)
+                    const updatePayload = (() => {
+                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return updateFN(params, updatePayload)
                         .then((data) => this.didUpdate(data))
                         .catch((err) => {
                         throw new Error(`Problem updating ${this.type} ${this.objString(updateItem)}\n${err}`);
@@ -181,7 +188,11 @@ class APIHandler {
                 data: create || [],
                 generator: (createItem) => {
                     const createFunction = this.getClientFN(this.functions.create);
-                    return createFunction(createItem)
+                    const createPayload = (() => {
+                        const strippedPayload = (0, utils_1.stripFields)(createItem, this.stripCreateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(strippedPayload, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return createFunction(createPayload)
                         .then((data) => {
                         this.didCreate(data);
                         this.created += 1;
@@ -199,8 +210,11 @@ class APIHandler {
                 generator: (updateItem) => {
                     const updateFN = this.getClientFN(this.functions.update);
                     const params = { [this.id]: updateItem[this.id] };
-                    const payload = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
-                    return updateFN(params, payload)
+                    const updatePayload = (() => {
+                        let data = (0, utils_1.stripFields)(Object.assign({}, updateItem), this.stripUpdateFields);
+                        return (0, utils_1.stripObfuscatedFieldsFromPayload)(data, this.sensitiveFieldsToObfuscate);
+                    })();
+                    return updateFN(params, updatePayload)
                         .then((data) => {
                         this.didUpdate(data);
                         this.updated += 1;

package/lib/tools/auth0/handlers/emailProvider.d.ts

@@ -0,0 +1,11 @@
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+};
+export default class EmailProviderHandler extends DefaultHandler {
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset>;
+    objString(provider: any): string;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/emailTemplates.d.ts

@@ -0,0 +1,26 @@
+import DefaultHandler from './default';
+import { Assets, Asset } from '../../../types';
+export declare const supportedTemplates: string[];
+export declare const schema: {
+    type: string;
+    items: {
+        type: string;
+        properties: {
+            template: {
+                type: string;
+                enum: string[];
+            };
+            body: {
+                type: string;
+                default: string;
+            };
+        };
+        required: string[];
+    };
+};
+export default class EmailTemplateHandler extends DefaultHandler {
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset>;
+    updateOrCreate(emailTemplate: any): Promise<void>;
+    processChanges(assets: Assets): Promise<void>;
+}