Forked from jatinvaidya/caution-account-auto-link-rule.js
Created
February 13, 2023 20:18
-
-
Save saltukalakus/62cdbc6dd44f84f5c7163979956bc91b to your computer and use it in GitHub Desktop.
CAUTION: Automatically Link Accounts with Verified Email
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // auto linking of accounts is NOT OK in most circumstances. | |
| // "user-initiated" or "prompted" account linking must be preferred. | |
| // https://auth0.com/docs/users/user-account-linking#scenarios | |
| function (user, context, callback) { | |
| console.log(`account-link rule called ${user.user_id}`); | |
| const request = require('request'); | |
| // Check if email is verified, we shouldn't automatically merge accounts if this is not the case. | |
| // Also, the requirement is to link a currently authenticating Enterprise (federated) Account with | |
| // an existing Auth0 Database Account, so thats the only combination we are allowing. | |
| if (!user.email || !user.email_verified || user.identities[0].provider === 'auth0') { | |
| return callback(null, user, context); | |
| } | |
| const userApiUrl = auth0.baseUrl + '/users'; | |
| const userSearchApiUrl = auth0.baseUrl + '/users-by-email'; | |
| request({ | |
| url: userSearchApiUrl, | |
| headers: { | |
| Authorization: 'Bearer ' + auth0.accessToken | |
| }, | |
| qs: { | |
| email: user.email | |
| } | |
| }, | |
| function(err, response, body) { | |
| if (err) return callback(err); | |
| if (response.statusCode !== 200) return callback(new Error(body)); | |
| var data = JSON.parse(body); | |
| // Ignore non-verified users and current user, if present | |
| data = data.filter(function(u) { | |
| // again, we must check that email is verified on the original account (to be primary account) | |
| return u.email_verified && (u.user_id !== user.user_id) && (u.identities[0].provider === 'auth0'); | |
| }); | |
| if (data.length > 1) { | |
| return callback(new Error('[!] Rule: Multiple user profiles already exist - cannot select base profile to link with')); | |
| } | |
| if (data.length === 0) { | |
| console.log('[-] Skipping link rule'); | |
| return callback(null, user, context); | |
| } | |
| const originalUser = data[0]; | |
| const provider = user.identities[0].provider; | |
| const providerUserId = user.identities[0].user_id; | |
| console.info(`account linking primary: ${originalUser.user_id}, secondary: ${provider}|${providerUserId}`); | |
| request.post({ | |
| url: userApiUrl + '/' + originalUser.user_id + '/identities', | |
| headers: { | |
| Authorization: 'Bearer ' + auth0.accessToken | |
| }, | |
| json: { | |
| provider: provider, | |
| user_id: String(providerUserId) | |
| } | |
| }, function(err, response, body) { | |
| if (response.statusCode >= 400) { | |
| return callback(new Error('Error linking account: ' + response.statusMessage)); | |
| } | |
| context.primaryUser = originalUser.user_id; | |
| callback(null, user, context); | |
| }); | |
| }); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment