Merge pull request #309 from topcoder-platform/dev

Prod-689 :  block user

Author: sachin-maheshwari

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ dev ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ dev ]
+  schedule:
+    - cron: '32 7 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

web-assets/auth0/dev-tenant/rules/blockUser.js

@@ -0,0 +1,81 @@
+function (user, context, callback) {
+  if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
+    console.log("rule:block-user:enter");
+
+    if (context.redirect) {
+      console.log("rule:block-user:exiting due to context being a redirect");
+      return callback(null, user, context);
+    }
+
+    const FORBIDDEN_COUNTRIES_CODES = [
+      "IRN",
+      "PRK",
+      "CUB",
+      "SDN",
+      "SSD", // (south sudan)
+      "SYR",
+      "BLR",
+      "RUS",
+    ];
+
+    const handle = context.idToken[global.AUTH0_CLAIM_NAMESPACE + "handle"];
+    if (!handle) {
+      console.log("rule:block-user: exiting due to handle being null.");
+      return callback(null, user, context);
+    }
+
+    global.AUTH0_CLAIM_NAMESPACE = "https://" + configuration.DOMAIN + "/";
+    const axios = require("[email protected]");
+    const options = {
+      method: "GET",
+      url: `https://api.${configuration.DOMAIN}/v5/members/${handle}`,
+    };
+
+    // Fetch v5 mmber Api.
+    axios(options)
+      .then((result) => {
+        try {
+          const data = result.data;
+
+          const { homeCountryCode, competitionCountryCode } = data;
+          console.log(
+            "rule:block-user: set block user ",
+            homeCountryCode,
+            competitionCountryCode
+          );
+          const blockIP =
+            FORBIDDEN_COUNTRIES_CODES.includes(homeCountryCode) ||
+            FORBIDDEN_COUNTRIES_CODES.includes(competitionCountryCode)
+              ? true
+              : false;
+          console.log(
+            "rule:block-user: blocking user IP ? ..............",
+            blockIP
+          );
+          context.idToken[global.AUTH0_CLAIM_NAMESPACE + "blockIP"] = blockIP;
+
+          if (blockIP) {
+            context.idToken[global.AUTH0_CLAIM_NAMESPACE + "tcsso"] =
+              "123|block";
+          }
+
+          return callback(null, user, context);
+        } catch (e) {
+          console.log(
+            "rule:block-user:error in member api response handling: ",
+            e
+          );
+          return callback(null, user, context);
+        }
+      })
+      .catch((requestError) => {
+        console.log(
+          "rule:block-user:failed to fetch member api, error: ",
+          requestError.response.status
+        );
+        return callback(null, user, context);
+      });
+  } else {
+    return callback(null, user, context);
+  }
+}

web-assets/auth0/prod-tenant/database/create.js

@@ -59,7 +59,6 @@
             "afterActivationURL": encodeURIComponent(afterActivationURL)
         }
     };
-    console.log("SignUp....", user, data);
     request.post({
         url: "https://api."+configuration.DOMAIN+"/v3/users",
         json: data
@@ -100,4 +99,4 @@
         callback(null);
     }); //end post request 
     //callback(null);
-}
+}

web-assets/auth0/prod-tenant/rules/blockUser.js

@@ -0,0 +1,81 @@
+function (user, context, callback) {
+  if (context.clientID === configuration.CLIENT_ACCOUNTS_LOGIN) {
+    console.log("rule:block-user:enter");
+
+    if (context.redirect) {
+      console.log("rule:block-user:exiting due to context being a redirect");
+      return callback(null, user, context);
+    }
+
+    const FORBIDDEN_COUNTRIES_CODES = [
+      "IRN",
+      "PRK",
+      "CUB",
+      "SDN",
+      "SSD", // (south sudan)
+      "SYR",
+      "BLR",
+      "RUS",
+    ];
+
+    const handle = context.idToken[global.AUTH0_CLAIM_NAMESPACE + "handle"];
+    if (!handle) {
+      console.log("rule:block-user: exiting due to handle being null.");
+      return callback(null, user, context);
+    }
+
+    global.AUTH0_CLAIM_NAMESPACE = "https://" + configuration.DOMAIN + "/";
+    const axios = require("[email protected]");
+    const options = {
+      method: "GET",
+      url: `https://api.${configuration.DOMAIN}/v5/members/${handle}`,
+    };
+
+    // Fetch v5 mmber Api.
+    axios(options)
+      .then((result) => {
+        try {
+          const data = result.data;
+
+          const { homeCountryCode, competitionCountryCode } = data;
+          console.log(
+            "rule:block-user: set block user ",
+            homeCountryCode,
+            competitionCountryCode
+          );
+          const blockIP =
+            FORBIDDEN_COUNTRIES_CODES.includes(homeCountryCode) ||
+            FORBIDDEN_COUNTRIES_CODES.includes(competitionCountryCode)
+              ? true
+              : false;
+          console.log(
+            "rule:block-user: blocking user IP ? ..............",
+            blockIP
+          );
+          context.idToken[global.AUTH0_CLAIM_NAMESPACE + "blockIP"] = blockIP;
+
+          if (blockIP) {
+            context.idToken[global.AUTH0_CLAIM_NAMESPACE + "tcsso"] =
+              "123|block";
+          }
+
+          return callback(null, user, context);
+        } catch (e) {
+          console.log(
+            "rule:block-user:error in member api response handling: ",
+            e
+          );
+          return callback(null, user, context);
+        }
+      })
+      .catch((requestError) => {
+        console.log(
+          "rule:block-user:failed to fetch member api, error: ",
+          requestError.response.status
+        );
+        return callback(null, user, context);
+      });
+  } else {
+    return callback(null, user, context);
+  }
+}