Merge pull request #29 from dasmeta/fix

Fix

auth0-auth-db.tf

@@ -2,10 +2,13 @@ module "auth0-auth-db" {
   source   = "./modules/auth0-auth-db"
   for_each = { for v in var.db_connections : v.name => v }
 
-  name                      = each.value.name
-  password_policy           = each.value.password_policy
-  password_history          = each.value.password_history
-  password_no_personal_info = each.value.password_no_personal_info
-  password_dictionary       = each.value.password_dictionary
-  brute_force_protection    = each.value.brute_force_protection
+  name                           = each.value.name
+  custom_scripts                 = each.value.custom_scripts
+  password_policy                = each.value.password_policy
+  password_history               = each.value.password_history
+  password_no_personal_info      = each.value.password_no_personal_info
+  password_dictionary            = each.value.password_dictionary
+  brute_force_protection         = each.value.brute_force_protection
+  enabled_database_customization = each.value.enabled_database_customization
+  custom_scripts_configuration   = each.value.custom_scripts_configuration
 }

auth0-client-grant.tf

@@ -3,5 +3,5 @@ resource "auth0_client_grant" "my_client_grant" {
 
   client_id = module.auth0_client[each.value.client_name].client_id
   audience  = each.value.audience
-  scope     = lookup(each.value, "scope", [])
+  scopes    = lookup(each.value, "scope", [])
 }

auth0-client.tf

@@ -9,7 +9,6 @@ module "auth0_client" {
   custom_login_page_on          = each.value.custom_login_page_on
   custom_login_page             = each.value.custom_login_page
   grant_types                   = each.value.grant_types
-  token_endpoint_auth_method    = each.value.token_endpoint_auth_method
   allowed_logout_urls           = each.value.allowed_logout_urls
   allowed_origins               = each.value.allowed_origins
   callbacks                     = each.value.callbacks

auth0-trigger-binding.tf

@@ -1,4 +1,4 @@
-resource "auth0_trigger_binding" "trigger_binding" {
+resource "auth0_trigger_actions" "trigger_binding" {
   for_each = { for v in var.actions : v.name => v if lookup(v, "deploy", false) }
   actions {
     id           = module.action[each.key].id

examples/README.md

@@ -0,0 +1,32 @@
+# examples
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_auth0"></a> [auth0](#requirement\_auth0) | ~> 1.0.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_auth0"></a> [auth0](#module\_auth0) | ../ | n/a |
+| <a name="module_auth0_configs"></a> [auth0\_configs](#module\_auth0\_configs) | Invicton-Labs/deepmerge/null | 0.1.5 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/config-defaults.tf

@@ -1,5 +1,33 @@
 locals {
   _defaults = {
+    db_connections = [
+      {
+        name                      = "Username-Password-Authentication"
+        password_policy           = "excellent"
+        password_history          = { enable = true, size = 3 }
+        password_no_personal_info = true
+        password_dictionary       = { enable = true, dictionary = [] }
+        brute_force_protection    = true
+        custom_scripts = {
+          get_user        = file("${path.module}/custom-db/aws-postgress-kms/get_user.js")
+          remove          = file("${path.module}/custom-db/aws-postgress-kms/delete_user.js")
+          create          = file("${path.module}/custom-db/aws-postgress-kms/create.js")
+          verify          = file("${path.module}/custom-db/aws-postgress-kms/verify.js")
+          login           = file("${path.module}/custom-db/aws-postgress-kms/login.js")
+          change_password = file("${path.module}/custom-db/aws-postgress-kms/change_password.js")
+        }
+
+        custom_scripts_configuration = {
+          accessKeyId      = ""
+          secretAccessKey  = ""
+          region           = "eu-central-1"
+          kmsKeyId         = ""
+          connectionString = "postgres://username:password@db_connection_url:5432/db_name"
+        }
+        enabled_database_customization = true
+      }
+    ]
+
     actions = {
       "test" = {
         code   = file("${path.module}/actions-code/test.js")

examples/custom-db/aws-postgress-kms/change_password.js

@@ -0,0 +1,51 @@
+function changePassword(email, newPassword, callback) {
+    const { Pool } = require('pg');
+    const aws = require('aws-sdk');
+
+    const pool = new Pool({
+      connectionString: configuration.conString
+    });
+
+    async function encrypt(buffer) {
+        const kms = new aws.KMS({
+            accessKeyId: configuration.accessKeyId,
+            secretAccessKey: configuration.secretAccessKey,
+            region: configuration.region
+        });
+        try {
+            const params = {
+                    KeyId: configuration.kmsKeyId,
+                    Plaintext: buffer// The data to encrypt.
+            };
+
+            const encryptResult = await kms.encrypt(params).promise();
+
+            if (encryptResult && encryptResult.CiphertextBlob) {
+                const encryptedData = encryptResult.CiphertextBlob.toString('base64');
+
+                pool.connect(function (err, client, done) {
+                    if (err) return callback(err);
+
+                    const query = 'UPDATE users SET password = $1 WHERE email = $2';
+                    client.query(query, [encryptedData, email], function (err, result) {
+                        done(); // Release the client back to the pool
+                        if (err) {
+                            return callback(err, false);
+                        }
+                        // Check if any rows were updated
+                        const rowsUpdated = result ? result.rowCount : 0;
+                        return callback(null, rowsUpdated > 0);
+                    });
+                  });
+                return encryptedData;
+            } else {
+                console.error('Encryption result is missing CiphertextBlob:', encryptResult);
+                throw new Error('Encryption result is missing CiphertextBlob');
+            }
+        } catch (error) {
+          console.error('Error encrypting data:', error);
+          throw error;
+        }
+    }
+    encrypt(newPassword);
+}

examples/custom-db/aws-postgress-kms/create.js

@@ -0,0 +1,46 @@
+function create(user, callback) {
+    const aws = require('aws-sdk');
+    const { Pool } = require('pg');
+
+    const pool = new Pool({
+      connectionString: configuration.conString
+    });
+
+    async function encrypt(buffer) {
+        const kms = new aws.KMS({
+          accessKeyId: configuration.accessKeyId,
+          secretAccessKey: configuration.secretAccessKey,
+          region: configuration.region
+        });
+        try {
+            const params = {
+              KeyId: configuration.kmsKeyId,
+              Plaintext: buffer// The data to encrypt.
+            };
+
+            const encryptResult = await kms.encrypt(params).promise();
+
+            if (encryptResult && encryptResult.CiphertextBlob) {
+                const encryptedData = encryptResult.CiphertextBlob.toString('base64');
+
+                pool.connect(function (err, client, done) {
+                    if (err) return callback(err);
+
+                    const query = 'INSERT INTO users(email, password) VALUES ($1, $2)';
+                    client.query(query, [user.email, encryptedData], function (err, result) {
+                      done(); // Release the client back to the pool
+                      return callback(err);
+                    });
+                  });
+                return encryptedData;
+            } else {
+                console.error('Encryption result is missing CiphertextBlob:', encryptResult);
+                throw new Error('Encryption result is missing CiphertextBlob');
+            }
+        } catch (error) {
+          console.error('Error encrypting data:', error);
+          throw error;
+        }
+    }
+    encrypt(user.password);
+  }

examples/custom-db/aws-postgress-kms/delete_user.js

@@ -0,0 +1,18 @@
+function remove(id, callback) {
+    const { Pool } = require('pg');
+
+    const pool = new Pool({
+      connectionString: configuration.conString
+    });
+
+    pool.connect(function (err, client, done) {
+      if (err) return callback(err);
+
+      const query = 'DELETE FROM users WHERE id = $1';
+      client.query(query, [id], function (err) {
+        done(); // Release the client back to the pool
+
+        return callback(err);
+      });
+    });
+  }

examples/custom-db/aws-postgress-kms/get_user.js

@@ -0,0 +1,22 @@
+function getByEmail(email, callback) {
+    const { Pool } = require('pg');
+
+    const pool = new Pool({
+      connectionString: configuration.conString
+    });
+
+    const query = 'SELECT id, nickname, email FROM users WHERE email = $1';
+
+    pool.query(query, [email], function (err, result) {
+      if (err || result.rows.length === 0) {
+        return callback(err || null);
+      }
+
+      const user = result.rows[0];
+      callback(null, {
+        user_id: user.id.toString(),
+        nickname: user.nickname,
+        email: user.email,
+      });
+    });
+  }

examples/custom-db/aws-postgress-kms/login.js

@@ -0,0 +1,53 @@
+function login(email, password, callback) {
+    const aws = require('aws-sdk');
+    const postgres = require('pg');
+
+    const pool = new Pool({
+      connectionString: configuration.conString
+    });
+
+    pool.connect(function (err, client, done) {
+      if (err) return callback(err);
+
+      const query = 'SELECT id, nickname, email, password FROM users WHERE email = $1';
+      client.query(query, [email], function (err, result) {
+        // Release the client back to the pool
+        done();
+
+        if (err || result.rows.length === 0) {
+          return callback(err || new WrongUsernameOrPasswordError(email));
+        }
+
+        const user = result.rows[0];
+        decrypt(user,password);
+      });
+    });
+
+    async function decrypt(user,i_password) {
+      const kms = new aws.KMS({
+        accessKeyId: configuration.accessKeyId,
+        secretAccessKey: configuration.secretAccessKey,
+        region: configuration.region
+      });
+      try {
+          const params = {
+            CiphertextBlob: Buffer.from(user.password, 'base64'),
+          };
+          const { Plaintext } = await kms.decrypt(params).promise();
+          openedData = Plaintext.toString();
+
+          if (openedData !== i_password) {
+            return callback(new WrongUsernameOrPasswordError(email));
+          } else {
+              return callback(null, {
+                user_id: user.id,
+                nickname: user.nickname,
+                email: user.email
+              });
+          }
+      } catch (error) {
+        console.error('Error decrypting data:', error);
+        throw error;
+      }
+    }
+}

examples/custom-db/aws-postgress-kms/verify.js

@@ -0,0 +1,24 @@
+function verify(email, callback) {
+  const { Pool } = require('pg');
+
+  const pool = new Pool({
+    connectionString: configuration.conString
+  });
+
+  pool.connect(function (err, client, done) {
+    if (err) return callback(err);
+
+    const query = 'UPDATE users SET email_verified = true WHERE email_verified = false AND email = $1';
+    client.query(query, [email], function (err, result) {
+      done(); // Release the client back to the pool
+
+      if (err) {
+        return callback(err, false);
+      }
+
+      // Check if any rows were updated
+      const rowsUpdated = result ? result.rowCount : 0;
+      return callback(null, rowsUpdated > 0);
+    });
+  });
+}

examples/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     auth0 = {
       source  = "auth0/auth0"
-      version = "~> 0.40.0" # Refer to docs for latest version
+      version = "~> 1.0.0" # Refer to docs for latest version
     }
   }
   # cloud {