Created
November 24, 2021 05:23
-
-
Save jatinvaidya/f84cc37192b8de8051981d6a71450686 to your computer and use it in GitHub Desktop.
CAUTION: Automatically Link Accounts with Verified Email
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // auto linking of accounts is NOT OK in most circumstances. | |
| // "user-initiated" or "prompted" account linking must be preferred. | |
| // https://auth0.com/docs/users/user-account-linking#scenarios | |
| function (user, context, callback) { | |
| console.log(`account-link rule called ${user.user_id}`); | |
| const request = require('request'); | |
| // Check if email is verified, we shouldn't automatically merge accounts if this is not the case. | |
| // Also, the requirement is to link a currently authenticating Enterprise (federated) Account with | |
| // an existing Auth0 Database Account, so thats the only combination we are allowing. | |
| if (!user.email || !user.email_verified || user.identities[0].provider === 'auth0') { | |
| return callback(null, user, context); | |
| } | |
| const userApiUrl = auth0.baseUrl + '/users'; | |
| const userSearchApiUrl = auth0.baseUrl + '/users-by-email'; | |
| request({ | |
| url: userSearchApiUrl, | |
| headers: { | |
| Authorization: 'Bearer ' + auth0.accessToken | |
| }, | |
| qs: { | |
| email: user.email | |
| } | |
| }, | |
| function(err, response, body) { | |
| if (err) return callback(err); | |
| if (response.statusCode !== 200) return callback(new Error(body)); | |
| var data = JSON.parse(body); | |
| // Ignore non-verified users and current user, if present | |
| data = data.filter(function(u) { | |
| // again, we must check that email is verified on the original account (to be primary account) | |
| return u.email_verified && (u.user_id !== user.user_id) && (u.identities[0].provider === 'auth0'); | |
| }); | |
| if (data.length > 1) { | |
| return callback(new Error('[!] Rule: Multiple user profiles already exist - cannot select base profile to link with')); | |
| } | |
| if (data.length === 0) { | |
| console.log('[-] Skipping link rule'); | |
| return callback(null, user, context); | |
| } | |
| const originalUser = data[0]; | |
| const provider = user.identities[0].provider; | |
| const providerUserId = user.identities[0].user_id; | |
| console.info(`account linking primary: ${originalUser.user_id}, secondary: ${provider}|${providerUserId}`); | |
| request.post({ | |
| url: userApiUrl + '/' + originalUser.user_id + '/identities', | |
| headers: { | |
| Authorization: 'Bearer ' + auth0.accessToken | |
| }, | |
| json: { | |
| provider: provider, | |
| user_id: String(providerUserId) | |
| } | |
| }, function(err, response, body) { | |
| if (response.statusCode >= 400) { | |
| return callback(new Error('Error linking account: ' + response.statusMessage)); | |
| } | |
| context.primaryUser = originalUser.user_id; | |
| callback(null, user, context); | |
| }); | |
| }); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment