Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support captchas in reset password flow #2547

Merged
merged 11 commits into from
Apr 30, 2024

Conversation

srijonsaha
Copy link
Contributor

Changes

Adds support for captchas in the reset password flow for classic login.

References

https://auth0team.atlassian.net/browse/IAMRISK-3340

Testing

test.mov

Checklist

@srijonsaha
Copy link
Contributor Author

Will bump the auth0.js version after this PR is merged.

@srijonsaha srijonsaha force-pushed the reset-password-challenge branch from f84445c to 20a8ecb Compare April 25, 2024 08:36
@srijonsaha
Copy link
Contributor Author

Current build failures will also be fixed once auth0.js version is bumped

Copy link
Contributor

@stevehobbsdev stevehobbsdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just had a question about some parts of the code API.

Comment on lines 14 to 22
export function getCaptchaConfig(m, isPasswordless, isPasswordReset) {
if (isPasswordReset) {
return l.resetPasswordCaptcha(m);
} else if (isPasswordless) {
return l.passwordlessCaptcha(m);
} else {
return l.captcha(m);
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is a great API for this function. The two input booleans are actually mutually exclusive when looking at the implementation but someone calling this method would reasonably expect that they can provide any combination of true and false here and each combination would have its own result.

I can see this pattern used throughout the PR - why was this decision taken vs using something else, maybe a number value and some constants?

Copy link
Contributor Author

@srijonsaha srijonsaha Apr 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just tried to follow the existing pattern with the isPasswordless boolean but you're right it could be confusing to the caller. I'll try to change it to a single value.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated

@srijonsaha
Copy link
Contributor Author

@stevehobbsdev Any ideas why the build is failing on install dependencies? Seems to be the case after bumping auth0-js? Maybe I don't have permissions to bump packages?

@stevehobbsdev
Copy link
Contributor

@srijonsaha Yeah you'll need to make sure it's pulling the library from the NPM registry, as our customers won't be able to connect to our internal one.

https://github.com/srijonsaha/lock/blob/reset-password-challenge/package-lock.json#L5051

@stevehobbsdev stevehobbsdev merged commit 37bfbab into auth0:master Apr 30, 2024
5 checks passed
@stevehobbsdev stevehobbsdev mentioned this pull request Apr 30, 2024
stevehobbsdev added a commit that referenced this pull request Apr 30, 2024
**Added**

- Support captchas in reset password flow
[\#2547](#2547)
([srijonsaha](https://github.com/srijonsaha))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants