Merge pull request #39 from ioet/TT-153-new-user-flow-for-sign-up-sign-in

feat: TT-153 Sign Up Validation Function

Author: israteneda

SignUpValidation/README.md

@@ -0,0 +1,17 @@
+# Sign up Validation with Azure Function
+
+## Description
+
+This function restricts external users through email validation to allow only @ioet emails.
+
+## Installation
+
+The function doesn't require the installation of any external package. 
+
+## Usage
+
+Tha function is called by the Azure Connector API, so you need to configure in the Connector API.
+
+## Credits
+
+[Sign up Validation with Azure Function](https://github.com/ioet/time-tracker-ui/wiki/Sign-up-Validation-with-Azure-Function)

SignUpValidation/function.json

@@ -0,0 +1,19 @@
+{
+  "bindings": [
+    {
+      "authLevel": "function",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": [
+        "get",
+        "post"
+      ]
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ]
+}

SignUpValidation/index.js

@@ -0,0 +1,70 @@
+module.exports = async function (context, req) {
+  context.log("JavaScript HTTP trigger function processed a request v1.");
+  const API_VERSION = "1.0.0";
+
+  // Parse Basic Auth username and password
+  var header = req.headers["authorization"] || "", // get the header
+    token = header.split(/\s+/).pop() || "", // and the encoded auth token
+    auth = new Buffer.from(token, "base64").toString(), // convert from base64
+    parts = auth.split(/:/), // split on colon
+    username = parts[0],
+    password = parts[1];
+
+  // Check for HTTP Basic Authentication, return HTTP 401 error if invalid credentials.
+  if (
+    username !== process.env["BASIC_AUTH_USERNAME"] ||
+    password !== process.env["BASIC_AUTH_PASSWORD"]
+  ) {
+    context.res = {
+      status: 401,
+    };
+    context.log("Invalid Authentication");
+    return;
+  }
+
+  // If input data is null, return error.
+  const INVALID_REQUEST = {
+    status: 400,
+    body: {
+      version: API_VERSION,
+      code: "INVALID_REQUEST",
+    },
+  };
+
+  if (!(req.body && req.body.email)) {
+    context.res = INVALID_REQUEST;
+    context.log("Invalid Request");
+    return;
+  }
+
+  // Log the request body
+  context.log(`Request body: ${JSON.stringify(req.body)}`);
+
+  // Get domain of email address
+  const domain = req.body.email.split("@")[1];
+  const allowedDomains = ["ioet.com"];
+
+  context.log("Validation: ", allowedDomains.includes(domain.toLowerCase()));
+  // Check that the domain of the email is from a specific other tenant
+  if (!allowedDomains.includes(domain.toLowerCase())) {
+    context.res = {
+      body: {
+        version: API_VERSION,
+        action: "ShowBlockPage",
+        userMessage:
+          "You must have an account from a valid domain to register as an user for ioet Inc.",
+        code: "SignUp-BlockByEmailDomain-0",
+      },
+    };
+    context.log(context.res);
+    return;
+  }
+
+  // Email domain and user collected attribute are valid, return continuation response.
+  context.res = {
+    body: { version: API_VERSION, action: "Continue" },
+  };
+
+  context.log(context.res);
+  return;
+};

SignUpValidation/sample.dat

@@ -0,0 +1,14 @@
+{
+  "ui_locales": "en-US",
+  "email": "[email protected]",
+  "surname": "Test User",
+  "displayName": "Test User",
+  "givenName": "Test User",
+  "identities": [
+    {
+      "signInType": "federated",
+      "issuer": "google.com",
+      "issuerAssignedId": "102373679322388401018"
+    }
+  ]
+}