auth0-lock 11.32.1 → 11.33.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.circleci/config.yml +3 -3
- package/.github/dependabot.yml +9 -0
- package/.github/workflows/semgrep.yml +25 -0
- package/CHANGELOG.md +54 -0
- package/README.md +3 -1
- package/lib/__tests__/connection/database/actions.js +69 -0
- package/lib/__tests__/connection/enterprise/actions.js +1 -1
- package/lib/__tests__/connection/enterprise/hrd_pane.js +55 -0
- package/lib/connection/database/actions.js +4 -5
- package/lib/connection/database/reset_password.js +45 -27
- package/lib/connection/enterprise/actions.js +4 -1
- package/lib/connection/enterprise/hrd_pane.js +12 -1
- package/lib/connection/passwordless/actions.js +10 -10
- package/lib/core/web_api/helper.js +1 -1
- package/lib/engine/classic/sign_up_pane.js +2 -2
- package/lib/i18n/de.js +1 -1
- package/lib/i18n.js +1 -1
- package/lib/lock.js +1 -1
- package/lib/passwordless.js +1 -1
- package/lib/ui/box.js +1 -1
- package/package.json +7 -7
package/.circleci/config.yml
CHANGED
|
@@ -4,7 +4,7 @@ orbs:
|
|
|
4
4
|
executors:
|
|
5
5
|
docker-executor:
|
|
6
6
|
docker:
|
|
7
|
-
- image:
|
|
7
|
+
- image: cimg/node:14.19-browsers
|
|
8
8
|
jobs:
|
|
9
9
|
build-and-test:
|
|
10
10
|
executor: docker-executor
|
|
@@ -14,7 +14,7 @@ jobs:
|
|
|
14
14
|
- checkout
|
|
15
15
|
- run:
|
|
16
16
|
name: Update Yarn
|
|
17
|
-
command: '
|
|
17
|
+
command: 'npm update -g yarn'
|
|
18
18
|
- restore_cache:
|
|
19
19
|
name: Restore Yarn Package Cache
|
|
20
20
|
key: yarn-packages-{{ checksum "yarn.lock" }}
|
|
@@ -49,7 +49,7 @@ jobs:
|
|
|
49
49
|
- checkout
|
|
50
50
|
- run:
|
|
51
51
|
name: Update Yarn
|
|
52
|
-
command: '
|
|
52
|
+
command: 'npm update -g yarn'
|
|
53
53
|
- restore_cache:
|
|
54
54
|
name: Restore Yarn Package Cache
|
|
55
55
|
key: yarn-packages-{{ checksum "yarn.lock" }}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
name: Semgrep
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request: {}
|
|
5
|
+
|
|
6
|
+
push:
|
|
7
|
+
branches: ["master", "main"]
|
|
8
|
+
|
|
9
|
+
schedule:
|
|
10
|
+
- cron: '30 0 1,15 * *'
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
semgrep:
|
|
14
|
+
name: Scan
|
|
15
|
+
runs-on: ubuntu-latest
|
|
16
|
+
container:
|
|
17
|
+
image: returntocorp/semgrep
|
|
18
|
+
# Skip any PR created by dependabot to avoid permission issues
|
|
19
|
+
if: (github.actor != 'dependabot[bot]')
|
|
20
|
+
steps:
|
|
21
|
+
- uses: actions/checkout@v3
|
|
22
|
+
|
|
23
|
+
- run: semgrep ci
|
|
24
|
+
env:
|
|
25
|
+
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
|
package/CHANGELOG.md
CHANGED
|
@@ -1,12 +1,64 @@
|
|
|
1
1
|
# Change Log
|
|
2
2
|
|
|
3
|
+
## [v11.33.1](https://github.com/auth0/lock/tree/v11.33.1) (2022-06-14)
|
|
4
|
+
[Full Changelog](https://github.com/auth0/lock/compare/v11.33.0...v11.33.1)
|
|
5
|
+
|
|
6
|
+
**Fixed**
|
|
7
|
+
- Move captcha pane below additional signup fields in UI [\#2135](https://github.com/auth0/lock/pull/2135) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
8
|
+
|
|
9
|
+
**Security**
|
|
10
|
+
- [Snyk] Upgrade dompurify from 2.3.6 to 2.3.7 [\#2132](https://github.com/auth0/lock/pull/2132) ([snyk-bot](https://github.com/snyk-bot))
|
|
11
|
+
|
|
12
|
+
## [v11.33.0](https://github.com/auth0/lock/tree/v11.33.0) (2022-05-05)
|
|
13
|
+
|
|
14
|
+
[Full Changelog](https://github.com/auth0/lock/compare/v11.32.2...v11.33.0)
|
|
15
|
+
|
|
16
|
+
**Important**
|
|
17
|
+
|
|
18
|
+
This release contains a change to how [custom signup fields](https://github.com/auth0/lock/#additional-sign-up-fields) are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.
|
|
19
|
+
|
|
20
|
+
If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our [issue tracker](https://github.com/auth0/lock/issues).
|
|
21
|
+
|
|
22
|
+
**Changed**
|
|
23
|
+
|
|
24
|
+
- ui box - div replaced by main [\#2114](https://github.com/auth0/lock/pull/2114) ([piwysocki](https://github.com/piwysocki))
|
|
25
|
+
- More complete support for custom passwordless connections [\#2105](https://github.com/auth0/lock/pull/2105) ([peter-isgfunds](https://github.com/peter-isgfunds))
|
|
26
|
+
|
|
27
|
+
**Fixed**
|
|
28
|
+
|
|
29
|
+
- fix: initialize reset password inside componentDidMount [\#2111](https://github.com/auth0/lock/pull/2111) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
30
|
+
|
|
31
|
+
**Security**
|
|
32
|
+
|
|
33
|
+
- [Snyk] Upgrade dompurify from 2.3.4 to 2.3.5 [\#2101](https://github.com/auth0/lock/pull/2101) ([snyk-bot](https://github.com/snyk-bot))
|
|
34
|
+
|
|
35
|
+
## [v11.32.2](https://github.com/auth0/lock/tree/v11.32.2) (2022-02-08)
|
|
36
|
+
|
|
37
|
+
[Full Changelog](https://github.com/auth0/lock/compare/v11.32.1...v11.32.2)
|
|
38
|
+
|
|
39
|
+
**Changed**
|
|
40
|
+
|
|
41
|
+
- align german loginWithLabel translation with Apple Guidelines [\#2097](https://github.com/auth0/lock/pull/2097) ([Steffen911](https://github.com/Steffen911))
|
|
42
|
+
|
|
43
|
+
**Fixed**
|
|
44
|
+
|
|
45
|
+
- [SDK-3087] Captcha for single enterprise AD connections [\#2096](https://github.com/auth0/lock/pull/2096) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
46
|
+
|
|
47
|
+
**Security**
|
|
48
|
+
|
|
49
|
+
- [Snyk] Upgrade qs from 6.10.2 to 6.10.3 [\#2095](https://github.com/auth0/lock/pull/2095) ([snyk-bot](https://github.com/snyk-bot))
|
|
50
|
+
- Bump cached-path-relative from 1.0.2 to 1.1.0 [\#2091](https://github.com/auth0/lock/pull/2091) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
51
|
+
|
|
3
52
|
## [v11.32.1](https://github.com/auth0/lock/tree/v11.32.1) (2022-01-27)
|
|
53
|
+
|
|
4
54
|
[Full Changelog](https://github.com/auth0/lock/compare/v11.32.0...v11.32.1)
|
|
5
55
|
|
|
6
56
|
**Changed**
|
|
57
|
+
|
|
7
58
|
- Update auth0-js and support legacySameSiteCookie option [\#2089](https://github.com/auth0/lock/pull/2089) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
8
59
|
|
|
9
60
|
**Security**
|
|
61
|
+
|
|
10
62
|
- Bump log4js from 6.3.0 to 6.4.0 [\#2087](https://github.com/auth0/lock/pull/2087) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
11
63
|
- Security upgrade node-fetch to 2.6.7 [\#2085](https://github.com/auth0/lock/pull/2085) ([evansims](https://github.com/evansims))
|
|
12
64
|
- [Snyk] Upgrade prop-types from 15.7.2 to 15.8.0 [\#2083](https://github.com/auth0/lock/pull/2083) ([snyk-bot](https://github.com/snyk-bot))
|
|
@@ -14,9 +66,11 @@
|
|
|
14
66
|
- Bump follow-redirects from 1.14.4 to 1.14.7 [\#2081](https://github.com/auth0/lock/pull/2081) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
15
67
|
|
|
16
68
|
## [v11.32.0](https://github.com/auth0/lock/tree/v11.32.0) (2022-01-07)
|
|
69
|
+
|
|
17
70
|
[Full Changelog](https://github.com/auth0/lock/compare/v11.31.1...v11.32.0)
|
|
18
71
|
|
|
19
72
|
**Fixed**
|
|
73
|
+
|
|
20
74
|
- [SDK-2970] Remove captcha for enterprise SSO connections [\#2071](https://github.com/auth0/lock/pull/2071) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
21
75
|
- Add ID attributes to password field + submit button [\#2072](https://github.com/auth0/lock/pull/2072) ([stevehobbsdev](https://github.com/stevehobbsdev))
|
|
22
76
|
|
package/README.md
CHANGED
|
@@ -25,7 +25,7 @@ From CDN
|
|
|
25
25
|
|
|
26
26
|
```html
|
|
27
27
|
<!-- Latest patch release (recommended for production) -->
|
|
28
|
-
<script src="https://cdn.auth0.com/js/lock/11.
|
|
28
|
+
<script src="https://cdn.auth0.com/js/lock/11.33.1/lock.min.js"></script>
|
|
29
29
|
```
|
|
30
30
|
|
|
31
31
|
From [npm](https://npmjs.org)
|
|
@@ -490,6 +490,8 @@ Extra input fields can be added to the sign up screen with the `additionalSignUp
|
|
|
490
490
|
|
|
491
491
|
Additional sign up fields are rendered below the default fields in the order they are provided.
|
|
492
492
|
|
|
493
|
+
:warning: **Note**: From `11.33.1` onwards, all HTML tags are stripped from user input into custom signup fields.
|
|
494
|
+
|
|
493
495
|
##### Text field
|
|
494
496
|
|
|
495
497
|
A `validator` function can also be provided.
|
|
@@ -158,4 +158,73 @@ describe('database/actions.js', function () {
|
|
|
158
158
|
expect(signUpMock.calls.length).toBe(1);
|
|
159
159
|
expect(signUpMock.calls[0][0]).toBe(id);
|
|
160
160
|
});
|
|
161
|
+
|
|
162
|
+
it('sanitizes additionalSignUp fields using dompurify', function () {
|
|
163
|
+
var id = 1;
|
|
164
|
+
var hookRunner = jest.fn(function (str, m, context, fn) {
|
|
165
|
+
return fn();
|
|
166
|
+
});
|
|
167
|
+
|
|
168
|
+
require('connection/database/index').databaseConnectionName = function () {
|
|
169
|
+
return 'test-connection';
|
|
170
|
+
};
|
|
171
|
+
require('connection/database/index').shouldAutoLogin = function () {
|
|
172
|
+
return true;
|
|
173
|
+
};
|
|
174
|
+
|
|
175
|
+
// Test different fields using some examples from DOMPurify
|
|
176
|
+
// https://github.com/cure53/DOMPurify#some-purification-samples-please
|
|
177
|
+
var m = _immutable2.default.fromJS({
|
|
178
|
+
field: {
|
|
179
|
+
email: {
|
|
180
|
+
value: 'test@email.com'
|
|
181
|
+
},
|
|
182
|
+
password: {
|
|
183
|
+
value: 'testpass'
|
|
184
|
+
},
|
|
185
|
+
family_name: {
|
|
186
|
+
value: 'Test <a href="https://www.google.co.uk">Fake link</a>' // HTML but not malicious
|
|
187
|
+
},
|
|
188
|
+
given_name: {
|
|
189
|
+
value: '<img src=x onerror=alert(1)//>'
|
|
190
|
+
},
|
|
191
|
+
name: {
|
|
192
|
+
value: '<p>abc<iframe//src=jAva	script:alert(3)>def</p>'
|
|
193
|
+
},
|
|
194
|
+
other_name: {
|
|
195
|
+
value: '<div onclick=alert(0)><form onsubmit=alert(1)><input onfocus=alert(2) name=parentNode>123</form></div>'
|
|
196
|
+
}
|
|
197
|
+
},
|
|
198
|
+
database: {
|
|
199
|
+
additionalSignUpFields: [{ name: 'family_name', storage: 'root' }, { name: 'given_name', storage: 'root' }, { name: 'name', storage: 'root' }, { name: 'other_name' }]
|
|
200
|
+
},
|
|
201
|
+
core: {
|
|
202
|
+
hookRunner: hookRunner
|
|
203
|
+
}
|
|
204
|
+
});
|
|
205
|
+
|
|
206
|
+
(0, _store.swap)(_store.setEntity, 'lock', id, m);
|
|
207
|
+
(0, _actions.signUp)(id);
|
|
208
|
+
|
|
209
|
+
var _coreActionsMock3 = coreActionsMock(),
|
|
210
|
+
validateAndSubmitMock = _coreActionsMock3.validateAndSubmit.mock;
|
|
211
|
+
|
|
212
|
+
validateAndSubmitMock.calls[0][2](m);
|
|
213
|
+
|
|
214
|
+
var _webApiMock3 = webApiMock(),
|
|
215
|
+
signUpMock = _webApiMock3.signUp.mock;
|
|
216
|
+
|
|
217
|
+
expect(signUpMock.calls[0][1]).toMatchObject({
|
|
218
|
+
connection: 'test-connection',
|
|
219
|
+
email: 'test@email.com',
|
|
220
|
+
password: 'testpass',
|
|
221
|
+
autoLogin: true,
|
|
222
|
+
family_name: 'Test Fake link',
|
|
223
|
+
given_name: '',
|
|
224
|
+
name: 'abc',
|
|
225
|
+
user_metadata: {
|
|
226
|
+
other_name: '123'
|
|
227
|
+
}
|
|
228
|
+
});
|
|
229
|
+
});
|
|
161
230
|
});
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
var _react = require('react');
|
|
4
|
+
|
|
5
|
+
var _react2 = _interopRequireDefault(_react);
|
|
6
|
+
|
|
7
|
+
var _testUtils = require('testUtils');
|
|
8
|
+
|
|
9
|
+
var _immutable = require('immutable');
|
|
10
|
+
|
|
11
|
+
var _immutable2 = _interopRequireDefault(_immutable);
|
|
12
|
+
|
|
13
|
+
var _i18n = require('../../../i18n');
|
|
14
|
+
|
|
15
|
+
var i18n = _interopRequireWildcard(_i18n);
|
|
16
|
+
|
|
17
|
+
var _hrd_pane = require('../../../connection/enterprise/hrd_pane');
|
|
18
|
+
|
|
19
|
+
var _hrd_pane2 = _interopRequireDefault(_hrd_pane);
|
|
20
|
+
|
|
21
|
+
function _interopRequireWildcard(obj) { if (obj && obj.__esModule) { return obj; } else { var newObj = {}; if (obj != null) { for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) newObj[key] = obj[key]; } } newObj.default = obj; return newObj; } }
|
|
22
|
+
|
|
23
|
+
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
|
|
24
|
+
|
|
25
|
+
var lock = _immutable2.default.fromJS({ id: '__lock-id__' });
|
|
26
|
+
|
|
27
|
+
jest.mock('core/index');
|
|
28
|
+
|
|
29
|
+
describe('HRDPane', function () {
|
|
30
|
+
var defaultProps = {
|
|
31
|
+
model: lock,
|
|
32
|
+
header: _react2.default.createElement('header', null),
|
|
33
|
+
i18n: i18n,
|
|
34
|
+
passwordInputPlaceholder: 'password',
|
|
35
|
+
usernameInputPlaceholder: 'username'
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
beforeEach(function () {
|
|
39
|
+
jest.resetAllMocks();
|
|
40
|
+
});
|
|
41
|
+
|
|
42
|
+
it('renders correctly', function () {
|
|
43
|
+
(0, _testUtils.expectShallowComponent)(_react2.default.createElement(_hrd_pane2.default, defaultProps)).toMatchSnapshot();
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
it('renders the captcha if required', function () {
|
|
47
|
+
require('core/index').captcha.mockReturnValue({
|
|
48
|
+
get: function get() {
|
|
49
|
+
return true;
|
|
50
|
+
}
|
|
51
|
+
});
|
|
52
|
+
|
|
53
|
+
(0, _testUtils.expectShallowComponent)(_react2.default.createElement(_hrd_pane2.default, defaultProps)).toMatchSnapshot();
|
|
54
|
+
});
|
|
55
|
+
});
|
|
@@ -13,10 +13,6 @@ exports.cancelMFALogin = cancelMFALogin;
|
|
|
13
13
|
exports.toggleTermsAcceptance = toggleTermsAcceptance;
|
|
14
14
|
exports.showLoginMFAActivity = showLoginMFAActivity;
|
|
15
15
|
|
|
16
|
-
var _immutable = require('immutable');
|
|
17
|
-
|
|
18
|
-
var _immutable2 = _interopRequireDefault(_immutable);
|
|
19
|
-
|
|
20
16
|
var _index = require('../../store/index');
|
|
21
17
|
|
|
22
18
|
var _web_api = require('../../core/web_api');
|
|
@@ -33,6 +29,8 @@ var _index3 = require('../../field/index');
|
|
|
33
29
|
|
|
34
30
|
var c = _interopRequireWildcard(_index3);
|
|
35
31
|
|
|
32
|
+
var _dompurify = require('dompurify');
|
|
33
|
+
|
|
36
34
|
var _index4 = require('./index');
|
|
37
35
|
|
|
38
36
|
var _i18n = require('../../i18n');
|
|
@@ -136,7 +134,8 @@ function signUp(id) {
|
|
|
136
134
|
(0, _index4.additionalSignUpFields)(m).forEach(function (x) {
|
|
137
135
|
var storage = x.get('storage');
|
|
138
136
|
var fieldName = x.get('name');
|
|
139
|
-
var fieldValue = c.getFieldValue(m, x.get('name'));
|
|
137
|
+
var fieldValue = (0, _dompurify.sanitize)(c.getFieldValue(m, x.get('name')), { ALLOWED_TAGS: [] });
|
|
138
|
+
|
|
140
139
|
switch (storage) {
|
|
141
140
|
case 'root':
|
|
142
141
|
params[fieldName] = fieldValue;
|
|
@@ -48,35 +48,53 @@ function _possibleConstructorReturn(self, call) { if (!self) { throw new Referen
|
|
|
48
48
|
|
|
49
49
|
function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function, not " + typeof superClass); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, enumerable: false, writable: true, configurable: true } }); if (superClass) Object.setPrototypeOf ? Object.setPrototypeOf(subClass, superClass) : subClass.__proto__ = superClass; }
|
|
50
50
|
|
|
51
|
-
var Component = function Component
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
null,
|
|
59
|
-
headerText
|
|
60
|
-
);
|
|
61
|
-
var connectionResolver = l.connectionResolver(model);
|
|
62
|
-
|
|
63
|
-
// When using a custom connection resolver, `usernameStyle` is always 'username' (as opposed to 'email').
|
|
64
|
-
// If the user has entered an email address as the username, and a custom resolver is being used, copy the
|
|
65
|
-
// value from the 'username' field to the 'email' field so that `EmailPane` can render it.
|
|
66
|
-
if (connectionResolver) {
|
|
67
|
-
var field = (0, _field.getField)(model, 'username');
|
|
68
|
-
var value = field.get('value', '');
|
|
69
|
-
|
|
70
|
-
(0, _index4.swap)(_index4.updateEntity, 'lock', l.id(model), _email.setEmail, (0, _email.isEmail)(value, false) ? value : '', false);
|
|
51
|
+
var Component = function (_React$Component) {
|
|
52
|
+
_inherits(Component, _React$Component);
|
|
53
|
+
|
|
54
|
+
function Component() {
|
|
55
|
+
_classCallCheck(this, Component);
|
|
56
|
+
|
|
57
|
+
return _possibleConstructorReturn(this, _React$Component.apply(this, arguments));
|
|
71
58
|
}
|
|
72
59
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
60
|
+
Component.prototype.componentDidMount = function componentDidMount() {
|
|
61
|
+
var model = this.props.model;
|
|
62
|
+
|
|
63
|
+
var connectionResolver = l.connectionResolver(model);
|
|
64
|
+
|
|
65
|
+
// When using a custom connection resolver, `usernameStyle` is always 'username' (as opposed to 'email').
|
|
66
|
+
// If the user has entered an email address as the username, and a custom resolver is being used, copy the
|
|
67
|
+
// value from the 'username' field to the 'email' field so that `EmailPane` can render it.
|
|
68
|
+
if (connectionResolver) {
|
|
69
|
+
var field = (0, _field.getField)(model, 'username');
|
|
70
|
+
var value = field.get('value', '');
|
|
71
|
+
|
|
72
|
+
(0, _index4.swap)(_index4.updateEntity, 'lock', l.id(model), _email.setEmail, (0, _email.isEmail)(value, false) ? value : '', false);
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
|
|
76
|
+
Component.prototype.render = function render() {
|
|
77
|
+
var _props = this.props,
|
|
78
|
+
i18n = _props.i18n,
|
|
79
|
+
model = _props.model;
|
|
80
|
+
|
|
81
|
+
var headerText = i18n.html('forgotPasswordInstructions') || null;
|
|
82
|
+
var header = headerText && _react2.default.createElement(
|
|
83
|
+
'p',
|
|
84
|
+
null,
|
|
85
|
+
headerText
|
|
86
|
+
);
|
|
87
|
+
|
|
88
|
+
return _react2.default.createElement(_reset_password_pane2.default, {
|
|
89
|
+
emailInputPlaceholder: i18n.str('emailInputPlaceholder'),
|
|
90
|
+
header: header,
|
|
91
|
+
i18n: i18n,
|
|
92
|
+
lock: model
|
|
93
|
+
});
|
|
94
|
+
};
|
|
95
|
+
|
|
96
|
+
return Component;
|
|
97
|
+
}(_react2.default.Component);
|
|
80
98
|
|
|
81
99
|
var ResetPassword = function (_Screen) {
|
|
82
100
|
_inherits(ResetPassword, _Screen);
|
|
@@ -93,7 +93,10 @@ function logInActiveFlow(id, params) {
|
|
|
93
93
|
username: username,
|
|
94
94
|
password: (0, _index2.getFieldValue)(m, 'password'),
|
|
95
95
|
login_hint: username
|
|
96
|
-
}))
|
|
96
|
+
}), function (id, error, fields, next) {
|
|
97
|
+
var wasCaptchaInvalid = error && error.code === 'invalid captcha';
|
|
98
|
+
(0, _captcha.swapCaptcha)(id, wasCaptchaInvalid, next);
|
|
99
|
+
});
|
|
97
100
|
}
|
|
98
101
|
|
|
99
102
|
function logInSSO(id, connection, params) {
|
|
@@ -18,6 +18,12 @@ var _password_pane = require('../../field/password/password_pane');
|
|
|
18
18
|
|
|
19
19
|
var _password_pane2 = _interopRequireDefault(_password_pane);
|
|
20
20
|
|
|
21
|
+
var _captcha_pane = require('../../field/captcha/captcha_pane');
|
|
22
|
+
|
|
23
|
+
var _captcha_pane2 = _interopRequireDefault(_captcha_pane);
|
|
24
|
+
|
|
25
|
+
var _captcha = require('../captcha');
|
|
26
|
+
|
|
21
27
|
var _index = require('../../core/index');
|
|
22
28
|
|
|
23
29
|
var l = _interopRequireWildcard(_index);
|
|
@@ -50,6 +56,10 @@ var HRDPane = function (_React$Component) {
|
|
|
50
56
|
usernameInputPlaceholder = _props.usernameInputPlaceholder;
|
|
51
57
|
|
|
52
58
|
|
|
59
|
+
var captchaPane = l.captcha(model) && l.captcha(model).get('required') ? _react2.default.createElement(_captcha_pane2.default, { i18n: i18n, lock: model, onReload: function onReload() {
|
|
60
|
+
return (0, _captcha.swapCaptcha)(l.id(model), false);
|
|
61
|
+
} }) : null;
|
|
62
|
+
|
|
53
63
|
return _react2.default.createElement(
|
|
54
64
|
'div',
|
|
55
65
|
null,
|
|
@@ -61,7 +71,8 @@ var HRDPane = function (_React$Component) {
|
|
|
61
71
|
validateFormat: false,
|
|
62
72
|
strictValidation: false
|
|
63
73
|
}),
|
|
64
|
-
_react2.default.createElement(_password_pane2.default, { i18n: i18n, lock: model, placeholder: passwordInputPlaceholder })
|
|
74
|
+
_react2.default.createElement(_password_pane2.default, { i18n: i18n, lock: model, placeholder: passwordInputPlaceholder }),
|
|
75
|
+
captchaPane
|
|
65
76
|
);
|
|
66
77
|
};
|
|
67
78
|
|
|
@@ -86,12 +86,15 @@ function resendEmailError(id, error) {
|
|
|
86
86
|
(0, _index.swap)(_index.updateEntity, 'lock', id, _index4.setResendFailed);
|
|
87
87
|
}
|
|
88
88
|
|
|
89
|
-
function
|
|
90
|
-
var connections = l.connections(m, 'passwordless',
|
|
91
|
-
|
|
89
|
+
function getPasswordlessConnectionName(m, defaultPasswordlessConnection) {
|
|
90
|
+
var connections = l.connections(m, 'passwordless', defaultPasswordlessConnection);
|
|
91
|
+
|
|
92
|
+
return connections.size > 0 && l.useCustomPasswordlessConnection(m) ? connections.first().get('name') : defaultPasswordlessConnection;
|
|
93
|
+
}
|
|
92
94
|
|
|
95
|
+
function sendEmail(m, successFn, errorFn) {
|
|
93
96
|
var params = {
|
|
94
|
-
connection:
|
|
97
|
+
connection: getPasswordlessConnectionName(m, 'email'),
|
|
95
98
|
email: c.getFieldValue(m, 'email'),
|
|
96
99
|
send: (0, _index4.send)(m)
|
|
97
100
|
};
|
|
@@ -113,11 +116,8 @@ function sendEmail(m, successFn, errorFn) {
|
|
|
113
116
|
|
|
114
117
|
function sendSMS(id) {
|
|
115
118
|
(0, _actions.validateAndSubmit)(id, ['phoneNumber'], function (m) {
|
|
116
|
-
var connections = l.connections(m, 'passwordless', 'sms');
|
|
117
|
-
var connectionName = connections.size > 0 && l.useCustomPasswordlessConnection(m) ? connections.first().get('name') : 'sms';
|
|
118
|
-
|
|
119
119
|
var params = {
|
|
120
|
-
connection:
|
|
120
|
+
connection: getPasswordlessConnectionName(m, 'sms'),
|
|
121
121
|
phoneNumber: (0, _phone_number.phoneNumberWithDiallingCode)(m),
|
|
122
122
|
send: (0, _index4.send)(m)
|
|
123
123
|
};
|
|
@@ -155,10 +155,10 @@ function logIn(id) {
|
|
|
155
155
|
verificationCode: c.getFieldValue(m, 'vcode')
|
|
156
156
|
}, authParams);
|
|
157
157
|
if ((0, _index4.isEmail)(m)) {
|
|
158
|
-
params.connection = 'email';
|
|
158
|
+
params.connection = getPasswordlessConnectionName(m, 'email');
|
|
159
159
|
params.email = c.getFieldValue(m, 'email');
|
|
160
160
|
} else {
|
|
161
|
-
params.connection = 'sms';
|
|
161
|
+
params.connection = getPasswordlessConnectionName(m, 'sms');
|
|
162
162
|
params.phoneNumber = (0, _phone_number.phoneNumberWithDiallingCode)(m);
|
|
163
163
|
}
|
|
164
164
|
(0, _index.swap)(_index.updateEntity, 'lock', id, l.setSubmitting, true);
|
package/lib/i18n/de.js
CHANGED
|
@@ -77,7 +77,7 @@ exports.default = {
|
|
|
77
77
|
loginAtLabel: 'Anmelden bei %s',
|
|
78
78
|
loginLabel: 'Anmelden',
|
|
79
79
|
loginSubmitLabel: 'Anmelden',
|
|
80
|
-
loginWithLabel: '
|
|
80
|
+
loginWithLabel: 'Mit %s anmelden',
|
|
81
81
|
notYourAccountAction: 'Falsches Konto?',
|
|
82
82
|
passwordInputPlaceholder: 'Ihr Passwort',
|
|
83
83
|
passwordStrength: {
|
package/lib/i18n.js
CHANGED
|
@@ -125,7 +125,7 @@ function assertLanguage(m, language, base) {
|
|
|
125
125
|
function syncLang(m, language, _cb) {
|
|
126
126
|
(0, _cdn_utils.load)({
|
|
127
127
|
method: 'registerLanguageDictionary',
|
|
128
|
-
url: l.languageBaseUrl(m) + '/js/lock/' + '11.
|
|
128
|
+
url: l.languageBaseUrl(m) + '/js/lock/' + '11.33.1' + '/' + language + '.js',
|
|
129
129
|
check: function check(str) {
|
|
130
130
|
return str && str === language;
|
|
131
131
|
},
|
package/lib/lock.js
CHANGED
|
@@ -42,7 +42,7 @@ var Auth0Lock = function (_Core) {
|
|
|
42
42
|
|
|
43
43
|
|
|
44
44
|
exports.default = Auth0Lock;
|
|
45
|
-
Auth0Lock.version = '11.
|
|
45
|
+
Auth0Lock.version = '11.33.1';
|
|
46
46
|
|
|
47
47
|
// TODO: should we have different telemetry for classic/passwordless?
|
|
48
48
|
// TODO: should we set telemetry info before each request?
|
package/lib/passwordless.js
CHANGED
package/lib/ui/box.js
CHANGED
|
@@ -32,7 +32,7 @@ var ContainerManager = function () {
|
|
|
32
32
|
var container = window.document.getElementById(id);
|
|
33
33
|
|
|
34
34
|
if (!container && shouldAppend) {
|
|
35
|
-
container = window.document.createElement('
|
|
35
|
+
container = window.document.createElement('main');
|
|
36
36
|
container.id = id;
|
|
37
37
|
container.className = 'auth0-lock-container';
|
|
38
38
|
window.document.body.appendChild(container);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "auth0-lock",
|
|
3
|
-
"version": "11.
|
|
3
|
+
"version": "11.33.1",
|
|
4
4
|
"description": "Auth0 Lock",
|
|
5
5
|
"author": "Auth0 <support@auth0.com> (http://auth0.com)",
|
|
6
6
|
"license": "MIT",
|
|
@@ -56,7 +56,7 @@
|
|
|
56
56
|
"bump-version": "^0.5.0",
|
|
57
57
|
"chalk": "^4.1.2",
|
|
58
58
|
"cross-env": "^7.0.3",
|
|
59
|
-
"css-loader": "^0.
|
|
59
|
+
"css-loader": "^0.28.11",
|
|
60
60
|
"emojic": "^1.1.15",
|
|
61
61
|
"enzyme": "^3.1.0",
|
|
62
62
|
"enzyme-adapter-react-15": "^1.0.1",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"grunt-babel": "^6.0.0",
|
|
73
73
|
"grunt-cli": "^0.1.13",
|
|
74
74
|
"grunt-concurrent": "^2.3.1",
|
|
75
|
-
"grunt-contrib-clean": "^0.
|
|
75
|
+
"grunt-contrib-clean": "^0.7.0",
|
|
76
76
|
"grunt-env": "^0.4.4",
|
|
77
77
|
"grunt-exec": "^0.4.6",
|
|
78
78
|
"grunt-webpack": "^2.0.1",
|
|
@@ -93,9 +93,9 @@
|
|
|
93
93
|
"puppeteer": "^10.1.0",
|
|
94
94
|
"react-test-renderer": "^15.6.2",
|
|
95
95
|
"sinon": "^1.15.4",
|
|
96
|
-
"stylus": "^0.
|
|
96
|
+
"stylus": "^0.58.1",
|
|
97
97
|
"stylus-loader": "^2.3.1",
|
|
98
|
-
"tmp": "^0.1
|
|
98
|
+
"tmp": "^0.2.1",
|
|
99
99
|
"uglify-js": "^2.7.4",
|
|
100
100
|
"unminified-webpack-plugin": "^1.1.1",
|
|
101
101
|
"unreleased": "^0.1.0",
|
|
@@ -109,13 +109,13 @@
|
|
|
109
109
|
"auth0-password-policies": "^1.0.2",
|
|
110
110
|
"blueimp-md5": "^2.19.0",
|
|
111
111
|
"classnames": "^2.3.1",
|
|
112
|
-
"dompurify": "^2.3.
|
|
112
|
+
"dompurify": "^2.3.7",
|
|
113
113
|
"immutable": "^3.7.3",
|
|
114
114
|
"jsonp": "^0.2.1",
|
|
115
115
|
"node-fetch": "^2.6.7",
|
|
116
116
|
"password-sheriff": "^1.1.1",
|
|
117
117
|
"prop-types": "^15.8.0",
|
|
118
|
-
"qs": "^6.10.
|
|
118
|
+
"qs": "^6.10.3",
|
|
119
119
|
"react": "^15.6.2",
|
|
120
120
|
"react-dom": "^15.6.2",
|
|
121
121
|
"react-transition-group": "^2.2.1",
|