auth0-lock 11.31.0 → 11.32.2

package/CHANGELOG.md

@@ -1,12 +1,57 @@
 # Change Log
 
+## [v11.32.2](https://github.com/auth0/lock/tree/v11.32.2) (2022-02-08)
+[Full Changelog](https://github.com/auth0/lock/compare/v11.32.1...v11.32.2)
+
+**Changed**
+- align german loginWithLabel translation with Apple Guidelines [\#2097](https://github.com/auth0/lock/pull/2097) ([Steffen911](https://github.com/Steffen911))
+
+**Fixed**
+- [SDK-3087] Captcha for single enterprise AD connections [\#2096](https://github.com/auth0/lock/pull/2096) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+**Security**
+- [Snyk] Upgrade qs from 6.10.2 to 6.10.3 [\#2095](https://github.com/auth0/lock/pull/2095) ([snyk-bot](https://github.com/snyk-bot))
+- Bump cached-path-relative from 1.0.2 to 1.1.0 [\#2091](https://github.com/auth0/lock/pull/2091) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v11.32.1](https://github.com/auth0/lock/tree/v11.32.1) (2022-01-27)
+[Full Changelog](https://github.com/auth0/lock/compare/v11.32.0...v11.32.1)
+
+**Changed**
+- Update auth0-js and support legacySameSiteCookie option [\#2089](https://github.com/auth0/lock/pull/2089) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+**Security**
+- Bump log4js from 6.3.0 to 6.4.0 [\#2087](https://github.com/auth0/lock/pull/2087) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Security upgrade node-fetch to 2.6.7 [\#2085](https://github.com/auth0/lock/pull/2085) ([evansims](https://github.com/evansims))
+- [Snyk] Upgrade prop-types from 15.7.2 to 15.8.0 [\#2083](https://github.com/auth0/lock/pull/2083) ([snyk-bot](https://github.com/snyk-bot))
+- Bump engine.io from 4.1.1 to 4.1.2 [\#2082](https://github.com/auth0/lock/pull/2082) ([dependabot[bot]](https://github.com/apps/dependabot))
+- Bump follow-redirects from 1.14.4 to 1.14.7 [\#2081](https://github.com/auth0/lock/pull/2081) ([dependabot[bot]](https://github.com/apps/dependabot))
+
+## [v11.32.0](https://github.com/auth0/lock/tree/v11.32.0) (2022-01-07)
+[Full Changelog](https://github.com/auth0/lock/compare/v11.31.1...v11.32.0)
+
+**Fixed**
+- [SDK-2970] Remove captcha for enterprise SSO connections [\#2071](https://github.com/auth0/lock/pull/2071) ([stevehobbsdev](https://github.com/stevehobbsdev))
+- Add ID attributes to password field + submit button [\#2072](https://github.com/auth0/lock/pull/2072) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
+## [v11.31.1](https://github.com/auth0/lock/tree/v11.31.1) (2021-11-02)
+
+[Full Changelog](https://github.com/auth0/lock/compare/v11.31.0...v11.31.1)
+
+**Fixed**
+
+- Guard references to window on module load [\#2057](https://github.com/auth0/lock/pull/2057) ([stevehobbsdev](https://github.com/stevehobbsdev))
+- Ensure Captcha is completed before authenticating with enterprise SSO connection [\#2060](https://github.com/auth0/lock/pull/2060) ([stevehobbsdev](https://github.com/stevehobbsdev))
+
 ## [v11.31.0](https://github.com/auth0/lock/tree/v11.31.0) (2021-10-15)
+
 [Full Changelog](https://github.com/auth0/lock/compare/v11.30.6...v11.31.0)
 
 **Added**
+
 - [SDK-2295] Add forceAutoHeight property to UI config [\#2050](https://github.com/auth0/lock/pull/2050) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 **Fixed**
+
 - [SDK-2823] Fix password reset when using custom connection resolver [\#2048](https://github.com/auth0/lock/pull/2048) ([stevehobbsdev](https://github.com/stevehobbsdev))
 
 ## [v11.30.6](https://github.com/auth0/lock/tree/v11.30.6) (2021-09-27)

package/README.md

@@ -25,7 +25,7 @@ From CDN
 
 ```html
 <!-- Latest patch release (recommended for production) -->
-<script src="https://cdn.auth0.com/js/lock/11.31.0/lock.min.js"></script>
+<script src="https://cdn.auth0.com/js/lock/11.32.2/lock.min.js"></script>
 ```
 
 From [npm](https://npmjs.org)
@@ -415,14 +415,15 @@ Specify your hooks using a new `hooks` configuration item when setting up the li
 ```js
 new Auth0Lock('client ID', 'domain', {
   hooks: {
-    loggingIn: function(context, cb) {
+    loggingIn: function (context, cb) {
       console.log('Hello from the login hook!');
       cb();
     },
-    signingUp: function(context, cb) {
+    signingUp: function (context, cb) {
       console.log('Hello from the sign-up hook!');
       cb();
     }
+  }
 });
 ```
 
@@ -433,13 +434,14 @@ The developer can throw an error to block the login or sign-up process. The deve
 ```js
 new Auth0Lock('client ID', 'domain', {
   hooks: {
-    loggingIn: function(context, cb) {
+    loggingIn: function (context, cb) {
       // Throw an object with code: `hook_error` to display this on the Login screen
       throw { code: 'hook_error', description: 'There was an error in the login hook!' };
 
       // Throw something generic to show a fallback error message
-      throw "Some error happened";
-    },
+      throw 'Some error happened';
+    }
+  }
 });
 ```
 
@@ -451,6 +453,7 @@ new Auth0Lock('client ID', 'domain', {
 - **languageBaseUrl {String}**: Overrides the language source URL for Auth0's provided translations. By default it uses to Auth0's CDN URL `https://cdn.auth0.com`.
 - **hashCleanup {Boolean}**: When enabled, it will remove the hash part of the callback URL after the user authentication. Defaults to `true`.
 - **connectionResolver {Function}**: When in use, provides an extensibility point to make it possible to choose which connection to use based on the username information. Has `username`, `context`, and `callback` as parameters. The callback expects an object like: `{type: 'database', name: 'connection name'}`. **This only works for database connections.** Keep in mind that this resolver will run in the form's `onSubmit` event, so keep it simple and fast. **This is a beta feature. If you find a bug, please open a GitHub [issue](https://github.com/auth0/lock/issues/new).**
+- **legacySameSiteCookie**: If `false`, no compatibility cookies will be created for those browsers that do not understand the `SameSite` attribute. Defaults to `true`
 
 ```js
 var options = {

package/karma.conf.js

@@ -1,4 +1,4 @@
-module.exports = function(config) {
+module.exports = function (config) {
   process.env.CHROME_BIN = require('puppeteer').executablePath();
 
   config.set({
@@ -52,9 +52,9 @@ module.exports = function(config) {
 
     browserNoActivityTimeout: 60000,
 
-    browserDisconnectTimeout: 20000,
+    browserDisconnectTimeout: 30000,
 
-    browserDisconnectTolerance: 3,
+    browserDisconnectTolerance: 10,
 
     // level of logging
     logLevel: config.LOG_INFO,
@@ -118,12 +118,6 @@ module.exports = function(config) {
       }
     },
 
-    browsers: [
-      'bs_chrome_windows',
-      'bs_firefox_windows',
-      'bs_safari',
-      'bs_ie11_windows',
-      'bs_edge_windows'
-    ]
+    browsers: ['bs_chrome_windows']
   });
 };

package/lib/__tests__/connection/database/login_pane.js

@@ -0,0 +1,93 @@
+'use strict';
+
+var _react = require('react');
+
+var _react2 = _interopRequireDefault(_react);
+
+var _immutable = require('immutable');
+
+var _immutable2 = _interopRequireDefault(_immutable);
+
+var _testUtils = require('testUtils');
+
+var _login_pane = require('../../../connection/database/login_pane');
+
+var _login_pane2 = _interopRequireDefault(_login_pane);
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+function _asyncToGenerator(fn) { return function () { var gen = fn.apply(this, arguments); return new Promise(function (resolve, reject) { function step(key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { return Promise.resolve(value).then(function (value) { step("next", value); }, function (err) { step("throw", err); }); } } return step("next"); }); }; }
+
+var lock = _immutable2.default.fromJS({ id: '__lock-id__' });
+
+jest.mock('core/index');
+
+jest.mock('engine/classic');
+jest.mock('connection/enterprise');
+
+describe('LoginPane', function () {
+  var defaultProps = {
+    emailInputPlaceholder: '',
+    forgotPasswordAction: '',
+    i18n: {},
+    passwordInputPlaceholder: '',
+    showForgotPasswordLink: true,
+    showPassword: true,
+    usernameInputPlaceholder: '',
+    lock: lock
+  };
+
+  beforeEach(function () {
+    jest.resetAllMocks();
+  });
+
+  it('renders correctly', _asyncToGenerator( /*#__PURE__*/regeneratorRuntime.mark(function _callee() {
+    return regeneratorRuntime.wrap(function _callee$(_context) {
+      while (1) {
+        switch (_context.prev = _context.next) {
+          case 0:
+            (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_login_pane2.default, defaultProps)).toMatchSnapshot();
+
+          case 1:
+          case 'end':
+            return _context.stop();
+        }
+      }
+    }, _callee, undefined);
+  })));
+
+  it('renders a captcha', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_login_pane2.default, defaultProps)).toMatchSnapshot();
+  });
+
+  it('hides the captcha for SSO connections', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    require('engine/classic').isSSOEnabled.mockReturnValue(true);
+
+    (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_login_pane2.default, defaultProps)).toMatchSnapshot();
+  });
+
+  it('shows the captcha for SSO (ADFS) connections', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    require('engine/classic').isSSOEnabled.mockReturnValue(true);
+    require('connection/enterprise').isHRDDomain.mockReturnValue(true);
+
+    (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_login_pane2.default, defaultProps)).toMatchSnapshot();
+  });
+});

package/lib/__tests__/connection/enterprise/actions.js

@@ -20,7 +20,8 @@ jest.mock('connection/database/index', function () {
   return {
     databaseLogInWithEmail: jest.fn(function () {
       return true;
-    })
+    }),
+    databaseUsernameValue: jest.fn()
   };
 });
 
@@ -39,7 +40,8 @@ jest.mock('connection/enterprise', function () {
   return {
     matchConnection: jest.fn(),
     enterpriseActiveFlowConnection: jest.fn(),
-    isHRDActive: jest.fn()
+    isHRDActive: jest.fn(),
+    isEnterpriseDomain: jest.fn()
   };
 });
 
@@ -87,6 +89,27 @@ describe('Login with connection scopes', function () {
         login_hint: 'test@test.com'
       });
     });
+
+    it('should not throw an error if the captcha was not completed', function () {
+      lock = l.setup('__lock__', 'client', 'domain', {});
+      lock = (0, _index2.setField)(lock, 'email', 'test@test.com');
+
+      // This will be specified in the response from the /challenge endpoint if the
+      // dashboard settings have Captcha as 'required', regardless of connection being used.
+      lock = l.setCaptcha(lock, {
+        required: true,
+        provider: 'recaptcha_v2'
+      });
+
+      require('store/index').read.mockReturnValue(lock);
+
+      require('connection/enterprise').matchConnection.mockReturnValue(_immutable2.default.fromJS({ name: 'sso-connection' }));
+
+      var coreActions = require('core/actions');
+
+      (0, _actions.logIn)('__lock__');
+      expect(coreActions.logIn).toHaveBeenCalled();
+    });
   });
 
   describe('for a non-SSO connection', function () {
@@ -116,7 +139,7 @@ describe('Login with connection scopes', function () {
         username: 'test',
         password: 'test',
         login_hint: 'test'
-      });
+      }, expect.any(Function));
     });
   });
 });

package/lib/__tests__/connection/enterprise/hrd_pane.js

@@ -0,0 +1,55 @@
+'use strict';
+
+var _react = require('react');
+
+var _react2 = _interopRequireDefault(_react);
+
+var _testUtils = require('testUtils');
+
+var _immutable = require('immutable');
+
+var _immutable2 = _interopRequireDefault(_immutable);
+
+var _i18n = require('../../../i18n');
+
+var i18n = _interopRequireWildcard(_i18n);
+
+var _hrd_pane = require('../../../connection/enterprise/hrd_pane');
+
+var _hrd_pane2 = _interopRequireDefault(_hrd_pane);
+
+function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+var lock = _immutable2.default.fromJS({ id: '__lock-id__' });
+
+jest.mock('core/index');
+
+describe('HRDPane', function () {
+  var defaultProps = {
+    model: lock,
+    header: _react2.default.createElement('header', null),
+    i18n: i18n,
+    passwordInputPlaceholder: 'password',
+    usernameInputPlaceholder: 'username'
+  };
+
+  beforeEach(function () {
+    jest.resetAllMocks();
+  });
+
+  it('renders correctly', function () {
+    (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_hrd_pane2.default, defaultProps)).toMatchSnapshot();
+  });
+
+  it('renders the captcha if required', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    (0, _testUtils.expectShallowComponent)(_react2.default.createElement(_hrd_pane2.default, defaultProps)).toMatchSnapshot();
+  });
+});

package/lib/__tests__/engine/classic/login.js

@@ -4,8 +4,6 @@ var _react = require('react');
 
 var _react2 = _interopRequireDefault(_react);
 
-var _enzyme = require('enzyme');
-
 var _testUtils = require('testUtils');
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

package/lib/__tests__/engine/classic/sign_up_pane.js

@@ -6,10 +6,10 @@ var _react = require('react');
 
 var _react2 = _interopRequireDefault(_react);
 
-var _enzyme = require('enzyme');
-
 var _testUtils = require('testUtils');
 
+var _testUtils2 = require('../../testUtils');
+
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 jest.mock('field/email/email_pane', function () {
@@ -25,6 +25,24 @@ jest.mock('field/custom_input', function () {
   return (0, _testUtils.mockComponent)('custom_input');
 });
 
+jest.mock('core/index', function () {
+  return {
+    captcha: jest.fn()
+  };
+});
+
+jest.mock('engine/classic', function () {
+  return {
+    isSSOEnabled: jest.fn()
+  };
+});
+
+jest.mock('connection/enterprise', function () {
+  return {
+    isHRDDomain: jest.fn()
+  };
+});
+
 var getComponent = function getComponent() {
   return require('engine/classic/sign_up_pane').default;
 };
@@ -46,6 +64,9 @@ describe('SignUpPane', function () {
         },
         signUpFieldsStrictValidation: function signUpFieldsStrictValidation() {
           return true;
+        },
+        databaseUsernameValue: function databaseUsernameValue() {
+          return null;
         }
       };
     });
@@ -85,6 +106,50 @@ describe('SignUpPane', function () {
 
     (0, _testUtils.expectComponent)(_react2.default.createElement(Component, _extends({}, defaultProps, { instructions: 'instructions' }))).toMatchSnapshot();
   });
+
+  it('shows the Captcha pane', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    require('engine/classic').isSSOEnabled.mockReturnValue(false);
+
+    var Component = getComponent();
+
+    (0, _testUtils2.expectShallowComponent)(_react2.default.createElement(Component, defaultProps)).toMatchSnapshot();
+  });
+
+  it('hides the Captcha pane for SSO connections', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    require('engine/classic').isSSOEnabled.mockReturnValue(true);
+
+    var Component = getComponent();
+
+    (0, _testUtils2.expectShallowComponent)(_react2.default.createElement(Component, defaultProps)).toMatchSnapshot();
+  });
+
+  it('shows the Captcha pane for SSO (ADFS) connections', function () {
+    require('core/index').captcha.mockReturnValue({
+      get: function get() {
+        return true;
+      }
+    });
+
+    require('engine/classic').isSSOEnabled.mockReturnValue(true);
+    require('connection/enterprise').isHRDDomain.mockReturnValue(true);
+
+    var Component = getComponent();
+
+    (0, _testUtils2.expectShallowComponent)(_react2.default.createElement(Component, defaultProps)).toMatchSnapshot();
+  });
+
   describe('onlyEmail is false', function () {
     it('shows PasswordPane', function () {
       var Component = getComponent();

package/lib/__tests__/testUtils.js

@@ -1,7 +1,7 @@
 'use strict';
 
 exports.__esModule = true;
-exports.expectMockToMatch = exports.setURL = exports.extractPropsFromWrapper = exports.mockComponent = exports.expectComponent = undefined;
+exports.expectMockToMatch = exports.setURL = exports.extractPropsFromWrapper = exports.mockComponent = exports.renderShallowComponent = exports.expectShallowComponent = exports.expectComponent = undefined;
 
 var _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; };
 
@@ -13,6 +13,10 @@ var _reactTestRenderer = require('react-test-renderer');
 
 var _reactTestRenderer2 = _interopRequireDefault(_reactTestRenderer);
 
+var _shallow = require('react-test-renderer/shallow');
+
+var _shallow2 = _interopRequireDefault(_shallow);
+
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
 function _objectWithoutProperties(obj, keys) { var target = {}; for (var i in obj) { if (keys.indexOf(i) >= 0) continue; if (!Object.prototype.hasOwnProperty.call(obj, i)) continue; target[i] = obj[i]; } return target; } // eslint-disable-line
@@ -23,6 +27,18 @@ var expectComponent = exports.expectComponent = function expectComponent(childre
   return expect(component);
 };
 
+var expectShallowComponent = exports.expectShallowComponent = function expectShallowComponent(children) {
+  var component = renderShallowComponent(children);
+  return expect(component);
+};
+
+var renderShallowComponent = exports.renderShallowComponent = function renderShallowComponent(children) {
+  var renderer = new _shallow2.default();
+
+  renderer.render(children);
+  return renderer.getRenderOutput();
+};
+
 var addDataToProps = function addDataToProps(props) {
   var returnedProps = {};
   Object.keys(props).forEach(function (k) {

package/lib/__tests__/ui/box/chrome.js

@@ -45,7 +45,10 @@ jest.mock('core/index', function () {
     }),
     ui: {
       forceAutoHeight: jest.fn().mockReturnValue(false)
-    }
+    },
+    id: jest.fn(function () {
+      return 'lock';
+    })
   };
 });
 

package/lib/__tests__/ui/input/password_input.js

@@ -29,7 +29,10 @@ jest.mock('core/index', function () {
       allowPasswordAutocomplete: function allowPasswordAutocomplete() {
         return false;
       }
-    }
+    },
+    id: jest.fn(function () {
+      return 'lock';
+    })
   };
 });
 

package/lib/browser.js

@@ -19,14 +19,16 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de
  * the package.json file points to index.js.
  */
 
-if (typeof window.define == 'function' && window.define.amd) {
-  window.define('auth0Lock', function () {
-    return _index2.default;
-  });
-  window.define('auth0LockPasswordless', function () {
-    return _passwordless2.default;
-  });
-} else if (window.window) {
-  window.Auth0Lock = _index2.default;
-  window.Auth0LockPasswordless = _passwordless2.default;
+if (typeof window !== 'undefined') {
+  if (typeof window.define == 'function' && window.define.amd) {
+    window.define('auth0Lock', function () {
+      return _index2.default;
+    });
+    window.define('auth0LockPasswordless', function () {
+      return _passwordless2.default;
+    });
+  } else if (window.window) {
+    window.Auth0Lock = _index2.default;
+    window.Auth0LockPasswordless = _passwordless2.default;
+  }
 }

package/lib/connection/captcha.js

@@ -0,0 +1,94 @@
+'use strict';
+
+exports.__esModule = true;
+exports.showMissingCaptcha = showMissingCaptcha;
+exports.setCaptchaParams = setCaptchaParams;
+exports.swapCaptcha = swapCaptcha;
+
+var _index = require('../core/index');
+
+var l = _interopRequireWildcard(_index);
+
+var _index2 = require('../field/index');
+
+var c = _interopRequireWildcard(_index2);
+
+var _i18n = require('../i18n');
+
+var i18n = _interopRequireWildcard(_i18n);
+
+var _index3 = require('../store/index');
+
+var _web_api = require('../core/web_api');
+
+var _web_api2 = _interopRequireDefault(_web_api);
+
+function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+
+function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
+
+/**
+ * Display the error message of missing captcha in the header of lock.
+ *
+ * @param {Object} m model
+ * @param {Number} id
+ */
+function showMissingCaptcha(m, id) {
+  var captchaConfig = l.captcha(m);
+
+  var captchaError = captchaConfig.get('provider') === 'recaptcha_v2' ? 'invalid_recaptcha' : 'invalid_captcha';
+
+  var errorMessage = i18n.html(m, ['error', 'login', captchaError]);
+
+  (0, _index3.swap)(_index3.updateEntity, 'lock', id, function (m) {
+    m = l.setSubmitting(m, false, errorMessage);
+    return c.showInvalidField(m, 'captcha');
+  });
+
+  return m;
+}
+
+/**
+ * Set the captcha value in the fields object before sending the request.
+ *
+ * @param {Object} m model
+ * @param {Object} params
+ * @param {Object} fields
+ *
+ * @returns {Boolean} returns true if is required and missing the response from the user
+ */
+function setCaptchaParams(m, params, fields) {
+  var captchaConfig = l.captcha(m);
+  var isCaptchaRequired = captchaConfig && l.captcha(m).get('required');
+
+  if (!isCaptchaRequired) {
+    return true;
+  }
+  var captcha = c.getFieldValue(m, 'captcha');
+  //captcha required and missing
+  if (!captcha) {
+    return false;
+  }
+
+  params['captcha'] = captcha;
+  fields.push('captcha');
+  return true;
+}
+
+/**
+ * Get a new challenge and display the new captcha image.
+ *
+ * @param {number} id The id of the Lock instance.
+ * @param {boolean} wasInvalid A boolean indicating if the previous captcha was invalid.
+ * @param {Function} [next] A callback.
+ */
+function swapCaptcha(id, wasInvalid, next) {
+  return _web_api2.default.getChallenge(id, function (err, newCaptcha) {
+    if (!err && newCaptcha) {
+      (0, _index3.swap)(_index3.updateEntity, 'lock', id, l.setCaptcha, newCaptcha, wasInvalid);
+    }
+    if (next) {
+      next();
+    }
+  });
+}

package/lib/connection/database/actions.js

@@ -12,7 +12,6 @@ exports.cancelResetPassword = cancelResetPassword;
 exports.cancelMFALogin = cancelMFALogin;
 exports.toggleTermsAcceptance = toggleTermsAcceptance;
 exports.showLoginMFAActivity = showLoginMFAActivity;
-exports.swapCaptcha = swapCaptcha;
 
 var _immutable = require('immutable');
 
@@ -40,6 +39,8 @@ var _i18n = require('../../i18n');
 
 var i18n = _interopRequireWildcard(_i18n);
 
+var _captcha = require('../captcha');
+
 function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
@@ -50,6 +51,7 @@ function logIn(id) {
   var m = (0, _index.read)(_index.getEntity, 'lock', id);
   var usernameField = (0, _index4.databaseLogInWithEmail)(m) ? 'email' : 'username';
   var username = c.getFieldValue(m, usernameField);
+
   var params = {
     connection: (0, _index4.databaseConnectionName)(m),
     username: username,
@@ -57,13 +59,14 @@ function logIn(id) {
   };
 
   var fields = [usernameField, 'password'];
+  var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
 
-  var isCaptchaValid = setCaptchaParams(m, params, fields);
   if (!isCaptchaValid) {
-    return showMissingCaptcha(m, id);
+    return (0, _captcha.showMissingCaptcha)(m, id);
   }
 
   var mfaCode = c.getFieldValue(m, 'mfa_code');
+
   if (needsMFA) {
     params['mfa_code'] = mfaCode;
     fields.push('mfa_code');
@@ -76,7 +79,7 @@ function logIn(id) {
 
     if (error) {
       var wasInvalid = error && error.code === 'invalid_captcha';
-      return swapCaptcha(id, wasInvalid, next);
+      return (0, _captcha.swapCaptcha)(id, wasInvalid, next);
     }
 
     next();
@@ -113,9 +116,9 @@ function signUp(id) {
       autoLogin: (0, _index4.shouldAutoLogin)(m)
     };
 
-    var isCaptchaValid = setCaptchaParams(m, params, fields);
+    var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
     if (!isCaptchaValid) {
-      return showMissingCaptcha(m, id);
+      return (0, _captcha.showMissingCaptcha)(m, id);
     }
 
     if ((0, _index4.databaseConnectionRequiresUsername)(m)) {
@@ -155,7 +158,7 @@ function signUp(id) {
 
       var wasInvalidCaptcha = error && error.code === 'invalid_captcha';
 
-      swapCaptcha(id, wasInvalidCaptcha, function () {
+      (0, _captcha.swapCaptcha)(id, wasInvalidCaptcha, function () {
         setTimeout(function () {
           return signUpError(id, error);
         }, 250);
@@ -255,7 +258,7 @@ function signUpError(id, error) {
 
   if (errorKey === 'invalid_captcha') {
     errorMessage = i18n.html(m, ['error', 'login', errorKey]);
-    return swapCaptcha(id, true, function () {
+    return (0, _captcha.swapCaptcha)(id, true, function () {
       (0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, false, errorMessage);
     });
   }
@@ -360,64 +363,3 @@ function showLoginMFAActivity(id) {
 
   (0, _index.swap)(_index.updateEntity, 'lock', id, _index4.setScreen, 'mfaLogin', fields);
 }
-
-/**
- * Get a new challenge and display the new captcha image.
- *
- * @param {number} id The id of the Lock instance.
- * @param {boolean} wasInvalid A boolean indicating if the previous captcha was invalid.
- * @param {Function} [next] A callback.
- */
-function swapCaptcha(id, wasInvalid, next) {
-  return _web_api2.default.getChallenge(id, function (err, newCaptcha) {
-    if (!err && newCaptcha) {
-      (0, _index.swap)(_index.updateEntity, 'lock', id, l.setCaptcha, newCaptcha, wasInvalid);
-    }
-    if (next) {
-      next();
-    }
-  });
-}
-
-/**
- * Display the error message of missing captcha in the header of lock.
- *
- * @param {Object} m model
- * @param {Number} id
- */
-function showMissingCaptcha(m, id) {
-  var captchaConfig = l.captcha(m);
-  var captchaError = captchaConfig.get('provider') === 'recaptcha_v2' ? 'invalid_recaptcha' : 'invalid_captcha';
-  var errorMessage = i18n.html(m, ['error', 'login', captchaError]);
-  (0, _index.swap)(_index.updateEntity, 'lock', id, function (m) {
-    m = l.setSubmitting(m, false, errorMessage);
-    return c.showInvalidField(m, 'captcha');
-  });
-  return m;
-}
-
-/**
- * Set the captcha value in the fields object before sending the request.
- *
- * @param {Object} m model
- * @param {Object} params
- * @param {Object} fields
- *
- * @returns {Boolean} returns true if is required and missing the response from the user
- */
-function setCaptchaParams(m, params, fields) {
-  var captchaConfig = l.captcha(m);
-  var isCaptchaRequired = captchaConfig && l.captcha(m).get('required');
-  if (!isCaptchaRequired) {
-    return true;
-  }
-  var captcha = c.getFieldValue(m, 'captcha');
-  //captcha required and missing
-  if (!captcha) {
-    return false;
-  }
-
-  params['captcha'] = captcha;
-  fields.push('captcha');
-  return true;
-}

package/lib/connection/database/login_pane.js

@@ -24,6 +24,8 @@ var _password_pane2 = _interopRequireDefault(_password_pane);
 
 var _actions = require('./actions');
 
+var _captcha = require('../captcha');
+
 var _index = require('./index');
 
 var _index2 = require('../../core/index');
@@ -34,6 +36,12 @@ var _captcha_pane = require('../../field/captcha/captcha_pane');
 
 var _captcha_pane2 = _interopRequireDefault(_captcha_pane);
 
+var _classic = require('../../engine/classic');
+
+var _enterprise = require('../enterprise');
+
+var _database = require('../database');
+
 function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
@@ -83,6 +91,7 @@ var LoginPane = function (_React$Component) {
       headerText
     );
     var resolver = l.connectionResolver(lock);
+    var sso = (0, _classic.isSSOEnabled)(lock);
 
     // Should never validate format on login because of custom db connection and import mode.
     // If a custom resolver is in use, always use UsernamePane without validating format,
@@ -102,8 +111,8 @@ var LoginPane = function (_React$Component) {
       strictValidation: false
     });
 
-    var captchaPane = l.captcha(lock) && l.captcha(lock).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: lock, onReload: function onReload() {
-        return (0, _actions.swapCaptcha)(l.id(lock), false);
+    var captchaPane = l.captcha(lock) && l.captcha(lock).get('required') && ((0, _enterprise.isHRDDomain)(lock, (0, _database.databaseUsernameValue)(lock)) || !sso) ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: lock, onReload: function onReload() {
+        return (0, _captcha.swapCaptcha)(l.id(lock), false);
       } }) : null;
 
     var dontRememberPassword = showForgotPasswordLink && (0, _index.hasScreen)(lock, 'forgotPassword') ? _react2.default.createElement(

package/lib/connection/enterprise/actions.js

@@ -30,6 +30,8 @@ var _index3 = require('../../core/index');
 
 var l = _interopRequireWildcard(_index3);
 
+var _captcha = require('../captcha');
+
 var _index4 = require('../database/index');
 
 function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
@@ -57,6 +59,8 @@ function logIn(id) {
   var ssoConnection = (0, _enterprise.matchConnection)(m, email);
   var enterpriseConnection = (0, _enterprise.enterpriseActiveFlowConnection)(m);
   var connectionScopes = getConnectionScopesFrom(m, ssoConnection || enterpriseConnection);
+  var usernameField = (0, _index4.databaseLogInWithEmail)(m) ? 'email' : 'username';
+  var fields = [usernameField, 'password'];
 
   var params = {
     connection_scope: connectionScopes ? connectionScopes.toJS() : undefined
@@ -66,6 +70,12 @@ function logIn(id) {
     return logInSSO(id, ssoConnection, params);
   }
 
+  var isCaptchaValid = (0, _captcha.setCaptchaParams)(m, params, fields);
+
+  if (!isCaptchaValid && !ssoConnection) {
+    return (0, _captcha.showMissingCaptcha)(m, id);
+  }
+
   logInActiveFlow(id, params);
 }
 
@@ -83,7 +93,10 @@ function logInActiveFlow(id, params) {
     username: username,
     password: (0, _index2.getFieldValue)(m, 'password'),
     login_hint: username
-  }));
+  }), function (id, error, fields, next) {
+    var wasCaptchaInvalid = error && error.code === 'invalid captcha';
+    (0, _captcha.swapCaptcha)(id, wasCaptchaInvalid, next);
+  });
 }
 
 function logInSSO(id, connection, params) {

package/lib/connection/enterprise/hrd_pane.js

@@ -18,6 +18,12 @@ var _password_pane = require('../../field/password/password_pane');
 
 var _password_pane2 = _interopRequireDefault(_password_pane);
 
+var _captcha_pane = require('../../field/captcha/captcha_pane');
+
+var _captcha_pane2 = _interopRequireDefault(_captcha_pane);
+
+var _captcha = require('../captcha');
+
 var _index = require('../../core/index');
 
 var l = _interopRequireWildcard(_index);
@@ -50,6 +56,10 @@ var HRDPane = function (_React$Component) {
         usernameInputPlaceholder = _props.usernameInputPlaceholder;
 
 
+    var captchaPane = l.captcha(model) && l.captcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
+        return (0, _captcha.swapCaptcha)(l.id(model), false);
+      } }) : null;
+
     return _react2.default.createElement(
       'div',
       null,
@@ -61,7 +71,8 @@ var HRDPane = function (_React$Component) {
         validateFormat: false,
         strictValidation: false
       }),
-      _react2.default.createElement(_password_pane2.default, { i18n: i18n, lock: model, placeholder: passwordInputPlaceholder })
+      _react2.default.createElement(_password_pane2.default, { i18n: i18n, lock: model, placeholder: passwordInputPlaceholder }),
+      captchaPane
     );
   };
 

package/lib/core/web_api/helper.js

@@ -176,5 +176,5 @@ function trimAuthParams() {
 }
 
 function getVersion() {
-  return '11.31.0';
+  return '11.32.2';
 }

package/lib/core/web_api/p2_api.js

@@ -60,7 +60,8 @@ var Auth0APIClient = function () {
       _telemetryInfo: telemetry,
       state: state,
       nonce: nonce,
-      scope: scope
+      scope: scope,
+      legacySameSiteCookie: opts.legacySameSiteCookie
     });
 
     this.authOpt = {

package/lib/engine/classic/login.js

@@ -66,7 +66,7 @@ function shouldRenderTabs(m) {
   if (l.hasSomeConnections(m, 'social') && (0, _index.hasInitialScreen)(m, 'signUp')) return (0, _index.hasScreen)(m, 'signUp');
 }
 
-var Component = function Component(_ref) {
+var LoginComponent = function LoginComponent(_ref) {
   var i18n = _ref.i18n,
       model = _ref.model;
 
@@ -182,7 +182,7 @@ var Login = function (_Screen) {
   };
 
   Login.prototype.render = function render() {
-    return Component;
+    return LoginComponent;
   };
 
   return Login;

package/lib/engine/classic/sign_up_pane.js

@@ -32,7 +32,11 @@ var _index2 = require('../../core/index');
 
 var l = _interopRequireWildcard(_index2);
 
-var _actions = require('../../connection/database/actions');
+var _captcha = require('../../connection/captcha');
+
+var _enterprise = require('../../connection/enterprise');
+
+var _classic = require('../classic');
 
 function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
 
@@ -71,6 +75,7 @@ var SignUpPane = function (_React$Component) {
       null,
       headerText
     );
+    var sso = (0, _classic.isSSOEnabled)(model);
 
     var usernamePane = !onlyEmail && (0, _index.databaseConnectionRequiresUsername)(model) && !(0, _index.signUpHideUsernameField)(model) ? _react2.default.createElement(_username_pane2.default, {
       i18n: i18n,
@@ -96,8 +101,8 @@ var SignUpPane = function (_React$Component) {
       });
     });
 
-    var captchaPane = l.captcha(model) && l.captcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
-        return (0, _actions.swapCaptcha)(l.id(model), false);
+    var captchaPane = l.captcha(model) && l.captcha(model).get('required') && ((0, _enterprise.isHRDDomain)(model, (0, _index.databaseUsernameValue)(model)) || !sso) ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
+        return (0, _captcha.swapCaptcha)(l.id(model), false);
       } }) : null;
 
     var passwordPane = !onlyEmail && _react2.default.createElement(_password_pane2.default, {

package/lib/field/captcha/captcha_pane.js

@@ -53,14 +53,10 @@ var CaptchaPane = function (_React$Component) {
         lock = _props.lock,
         onReload = _props.onReload;
 
-
     var lockId = l.id(lock);
-
     var captcha = l.captcha(lock);
-
     var value = (0, _index3.getFieldValue)(lock, 'captcha');
     var isValid = !(0, _index3.isFieldVisiblyInvalid)(lock, 'captcha');
-
     var provider = captcha.get('provider');
 
     if ((0, _recaptcha.isRecaptcha)(provider)) {

package/lib/i18n/de.js

@@ -77,7 +77,7 @@ exports.default = {
   loginAtLabel: 'Anmelden bei %s',
   loginLabel: 'Anmelden',
   loginSubmitLabel: 'Anmelden',
-  loginWithLabel: 'Anmelden mit %s',
+  loginWithLabel: 'Mit %s anmelden',
   notYourAccountAction: 'Falsches Konto?',
   passwordInputPlaceholder: 'Ihr Passwort',
   passwordStrength: {

package/lib/i18n.js

@@ -125,7 +125,7 @@ function assertLanguage(m, language, base) {
 function syncLang(m, language, _cb) {
   (0, _cdn_utils.load)({
     method: 'registerLanguageDictionary',
-    url: l.languageBaseUrl(m) + '/js/lock/' + '11.31.0' + '/' + language + '.js',
+    url: l.languageBaseUrl(m) + '/js/lock/' + '11.32.2' + '/' + language + '.js',
     check: function check(str) {
       return str && str === language;
     },
@@ -141,7 +141,9 @@ function registerLanguageDictionary(language, dictionary) {
   languageDictionaries[language] = _immutable2.default.fromJS(dictionary);
 }
 
-(0, _cdn_utils.preload)({
-  method: 'registerLanguageDictionary',
-  cb: registerLanguageDictionary
-});
+if (typeof window !== 'undefined') {
+  (0, _cdn_utils.preload)({
+    method: 'registerLanguageDictionary',
+    cb: registerLanguageDictionary
+  });
+}

package/lib/lock.js

@@ -42,7 +42,7 @@ var Auth0Lock = function (_Core) {
 
 
 exports.default = Auth0Lock;
-Auth0Lock.version = '11.31.0';
+Auth0Lock.version = '11.32.2';
 
 // TODO: should we have different telemetry for classic/passwordless?
 // TODO: should we set telemetry info before each request?

package/lib/passwordless.js

@@ -41,4 +41,4 @@ var Auth0LockPasswordless = function (_Core) {
 exports.default = Auth0LockPasswordless;
 
 
-Auth0LockPasswordless.version = '11.31.0';
+Auth0LockPasswordless.version = '11.32.2';

package/lib/ui/box/chrome.js

@@ -176,7 +176,10 @@ var SubmitButton = function (_React$Component) {
         color = _props2.color,
         disabled = _props2.disabled,
         label = _props2.label,
-        display = _props2.display;
+        display = _props2.display,
+        contentProps = _props2.contentProps;
+    var model = contentProps.model;
+
 
     var content = label ? _react2.default.createElement(
       'span',
@@ -188,6 +191,7 @@ var SubmitButton = function (_React$Component) {
     return _react2.default.createElement(
       'button',
       {
+        id: l.id(model) + '-submit',
         className: 'auth0-lock-submit',
         disabled: disabled,
         style: { backgroundColor: color, display: display },

package/lib/ui/box/container.js

@@ -112,7 +112,7 @@ var EscKeyDownHandler = function () {
   return EscKeyDownHandler;
 }();
 
-var IPHONE = window.navigator && !!window.navigator.userAgent.match(/iPhone/i);
+var IPHONE = typeof window !== 'undefined' && window.navigator && !!window.navigator.userAgent.match(/iPhone/i);
 
 var Container = function (_React$Component) {
   _inherits(Container, _React$Component);
@@ -384,7 +384,7 @@ Container.propTypes = {
 };
 
 // NOTE: detecting the file protocol is important for things like electron.
-var isFileProtocol = window.window && window.location && window.location.protocol === 'file:';
+var isFileProtocol = typeof window !== 'undefined' && window.window && window.location && window.location.protocol === 'file:';
 
 var defaultProps = exports.defaultProps = Container.defaultProps = {
   autofocus: false,

package/lib/ui/box/header.js

@@ -155,12 +155,17 @@ WelcomeMessage.propTypes = {
 };
 
 var cssBlurSupport = function () {
+  if (typeof window === 'undefined') {
+    return;
+  }
+
   // Check stolen from Modernizr, see https://github.com/Modernizr/Modernizr/blob/29eab707f7a2fb261c8a9c538370e97eb1f86e25/feature-detects/css/filters.js
   var isEdge = window.navigator && !!window.navigator.userAgent.match(/Edge/i);
   if (typeof window.document === 'undefined' || isEdge) return false;
 
   var el = window.document.createElement('div');
   el.style.cssText = 'filter: blur(2px); -webkit-filter: blur(2px)';
+
   return !!el.style.length && (window.document.documentMode === undefined || window.document.documentMode > 9);
 }();
 

package/lib/ui/input/password_input.js

@@ -116,6 +116,7 @@ var PasswordInput = function (_React$Component) {
       _react2.default.createElement('input', _extends({
         ref: 'input',
         type: showPassword ? 'text' : 'password',
+        id: l.id(lock) + '-password',
         name: 'password',
         className: 'auth0-lock-input',
         autoComplete: allowPasswordAutocomplete ? 'on' : 'off',

package/lib/utils/cdn_utils.js

@@ -10,7 +10,7 @@ var _auth0Js2 = _interopRequireDefault(_auth0Js);
 
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 
-if (!window.Auth0) {
+if (typeof window !== 'undefined' && !window.Auth0) {
   window.Auth0 = {};
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-lock",
-  "version": "11.31.0",
+  "version": "11.32.2",
   "description": "Auth0 Lock",
   "author": "Auth0 <support@auth0.com> (http://auth0.com)",
   "license": "MIT",
@@ -105,17 +105,17 @@
     "webpack-dev-server": "^2.3.0"
   },
   "dependencies": {
-    "auth0-js": "^9.16.4",
+    "auth0-js": "^9.19.0",
     "auth0-password-policies": "^1.0.2",
-    "blueimp-md5": "^2.18.0",
+    "blueimp-md5": "^2.19.0",
     "classnames": "^2.3.1",
-    "dompurify": "^2.2.8",
+    "dompurify": "^2.3.4",
     "immutable": "^3.7.3",
     "jsonp": "^0.2.1",
-    "node-fetch": "^2.6.1",
+    "node-fetch": "^2.6.7",
     "password-sheriff": "^1.1.1",
-    "prop-types": "^15.6.0",
-    "qs": "^6.7.0",
+    "prop-types": "^15.8.0",
+    "qs": "^6.10.3",
     "react": "^15.6.2",
     "react-dom": "^15.6.2",
     "react-transition-group": "^2.2.1",