diff --git a/SignUpValidation/README.md b/SignUpValidation/README.md new file mode 100644 index 0000000..d2a0d9a --- /dev/null +++ b/SignUpValidation/README.md @@ -0,0 +1,17 @@ +# Sign up Validation with Azure Function + +## Description + +This function restricts external users through email validation to allow only @ioet emails. + +## Installation + +The function doesn't require the installation of any external package. + +## Usage + +Tha function is called by the Azure Connector API, so you need to configure in the Connector API. + +## Credits + +[Sign up Validation with Azure Function](https://github.com/ioet/time-tracker-ui/wiki/Sign-up-Validation-with-Azure-Function) diff --git a/SignUpValidation/function.json b/SignUpValidation/function.json new file mode 100644 index 0000000..258cb10 --- /dev/null +++ b/SignUpValidation/function.json @@ -0,0 +1,19 @@ +{ + "bindings": [ + { + "authLevel": "function", + "type": "httpTrigger", + "direction": "in", + "name": "req", + "methods": [ + "get", + "post" + ] + }, + { + "type": "http", + "direction": "out", + "name": "res" + } + ] +} diff --git a/SignUpValidation/index.js b/SignUpValidation/index.js new file mode 100644 index 0000000..488d83d --- /dev/null +++ b/SignUpValidation/index.js @@ -0,0 +1,70 @@ +module.exports = async function (context, req) { + context.log("JavaScript HTTP trigger function processed a request v1."); + const API_VERSION = "1.0.0"; + + // Parse Basic Auth username and password + var header = req.headers["authorization"] || "", // get the header + token = header.split(/\s+/).pop() || "", // and the encoded auth token + auth = new Buffer.from(token, "base64").toString(), // convert from base64 + parts = auth.split(/:/), // split on colon + username = parts[0], + password = parts[1]; + + // Check for HTTP Basic Authentication, return HTTP 401 error if invalid credentials. + if ( + username !== process.env["BASIC_AUTH_USERNAME"] || + password !== process.env["BASIC_AUTH_PASSWORD"] + ) { + context.res = { + status: 401, + }; + context.log("Invalid Authentication"); + return; + } + + // If input data is null, return error. + const INVALID_REQUEST = { + status: 400, + body: { + version: API_VERSION, + code: "INVALID_REQUEST", + }, + }; + + if (!(req.body && req.body.email)) { + context.res = INVALID_REQUEST; + context.log("Invalid Request"); + return; + } + + // Log the request body + context.log(`Request body: ${JSON.stringify(req.body)}`); + + // Get domain of email address + const domain = req.body.email.split("@")[1]; + const allowedDomains = ["ioet.com"]; + + context.log("Validation: ", allowedDomains.includes(domain.toLowerCase())); + // Check that the domain of the email is from a specific other tenant + if (!allowedDomains.includes(domain.toLowerCase())) { + context.res = { + body: { + version: API_VERSION, + action: "ShowBlockPage", + userMessage: + "You must have an account from a valid domain to register as an user for ioet Inc.", + code: "SignUp-BlockByEmailDomain-0", + }, + }; + context.log(context.res); + return; + } + + // Email domain and user collected attribute are valid, return continuation response. + context.res = { + body: { version: API_VERSION, action: "Continue" }, + }; + + context.log(context.res); + return; +}; diff --git a/SignUpValidation/sample.dat b/SignUpValidation/sample.dat new file mode 100644 index 0000000..bd0bd66 --- /dev/null +++ b/SignUpValidation/sample.dat @@ -0,0 +1,14 @@ +{ + "ui_locales": "en-US", + "email": "example@gmail.ec", + "surname": "Test User", + "displayName": "Test User", + "givenName": "Test User", + "identities": [ + { + "signInType": "federated", + "issuer": "google.com", + "issuerAssignedId": "102373679322388401018" + } + ] +} \ No newline at end of file