feat: include new device setting

Author: Josh Cain

src/context/directory/handlers/index.ts

@@ -19,6 +19,7 @@ import organizations from './organizations';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
 import riskAssessments from './riskAssessments';
+import riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -71,6 +72,7 @@ const directoryHandlers: {
   triggers,
   attackProtection,
   riskAssessments,
+  riskAssessmentsNewDevice,
   branding,
   phoneProviders,
   logStreams,

src/context/directory/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,52 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { constants } from '../../../tools';
+import { dumpJSON, existsMustBeDir, loadJSON } from '../../../utils';
+import { DirectoryHandler } from '.';
+import DirectoryContext from '..';
+import { ParsedAsset, Asset } from '../../../types';
+
+type ParsedRiskAssessmentsNewDevice = ParsedAsset<'riskAssessmentsNewDevice', Asset>;
+
+function parse(context: DirectoryContext): ParsedRiskAssessmentsNewDevice {
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const newDeviceFile = path.join(riskAssessmentsDirectory, 'new-device.json');
+
+  if (!existsMustBeDir(riskAssessmentsDirectory)) {
+    return { riskAssessmentsNewDevice: null };
+  }
+
+  const riskAssessmentsNewDevice = loadJSON(newDeviceFile, {
+    mappings: context.mappings,
+    disableKeywordReplacement: context.disableKeywordReplacement,
+  });
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return;
+
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const newDeviceFile = path.join(riskAssessmentsDirectory, 'new-device.json');
+
+  fs.ensureDirSync(riskAssessmentsDirectory);
+  dumpJSON(newDeviceFile, riskAssessmentsNewDevice);
+}
+
+const riskAssessmentsNewDeviceHandler: DirectoryHandler<ParsedRiskAssessmentsNewDevice> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentsNewDeviceHandler;

src/context/yaml/handlers/index.ts

@@ -19,6 +19,7 @@ import actions from './actions';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
 import riskAssessments from './riskAssessments';
+import riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -69,6 +70,7 @@ const yamlHandlers: { [key in AssetTypes]: YAMLHandler<{ [key: string]: unknown
   triggers,
   attackProtection,
   riskAssessments,
+  riskAssessmentsNewDevice,
   branding,
   phoneProviders,
   logStreams,

src/context/yaml/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,32 @@
+import { YAMLHandler } from '.';
+import YAMLContext from '..';
+import { Asset, ParsedAsset } from '../../../types';
+
+type ParsedRiskAssessmentsNewDevice = ParsedAsset<'riskAssessmentsNewDevice', Asset>;
+
+async function parse(context: YAMLContext): Promise<ParsedRiskAssessmentsNewDevice> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return { riskAssessmentsNewDevice: null };
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+async function dump(context: YAMLContext): Promise<ParsedRiskAssessmentsNewDevice> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return { riskAssessmentsNewDevice: null };
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+const riskAssessmentsNewDeviceHandler: YAMLHandler<ParsedRiskAssessmentsNewDevice> = {
+  parse: parse,
+  dump: dump,
+};
+
+export default riskAssessmentsNewDeviceHandler;

src/tools/auth0/handlers/index.ts

@@ -25,6 +25,7 @@ import * as triggers from './triggers';
 import * as organizations from './organizations';
 import * as attackProtection from './attackProtection';
 import * as riskAssessments from './riskAssessments';
+import * as riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import * as logStreams from './logStreams';
 import * as customDomains from './customDomains';
 import * as themes from './themes';
@@ -68,6 +69,7 @@ const auth0ApiHandlers: { [key in AssetTypes]: any } = {
   organizations,
   attackProtection,
   riskAssessments,
+  riskAssessmentsNewDevice,
   logStreams,
   customDomains,
   themes,

src/tools/auth0/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,65 @@
+import DefaultAPIHandler from './default';
+import { Assets } from '../../../types';
+
+export const schema = {
+  type: 'object',
+  properties: {
+    remember_for: {
+      type: 'number',
+      description: 'Length of time to remember devices for, in days.',
+    },
+  },
+  required: ['remember_for'],
+};
+
+export type RiskAssessmentsNewDeviceSettings = {
+  remember_for: number;
+};
+
+export default class RiskAssessmentsNewDeviceHandler extends DefaultAPIHandler {
+  existing: RiskAssessmentsNewDeviceSettings | null;
+
+  constructor(config: DefaultAPIHandler) {
+    super({
+      ...config,
+      type: 'riskAssessmentsNewDevice',
+    });
+  }
+
+  async getType(): Promise<RiskAssessmentsNewDeviceSettings> {
+    if (this.existing) {
+      return this.existing;
+    }
+
+    try {
+      const { data } = await this.client.riskAssessments.getNewDeviceSettings();
+      this.existing = data;
+      return data;
+    } catch (err) {
+      if (err.statusCode === 404) return { remember_for: 0 };
+      throw err;
+    }
+  }
+
+  async processChanges(assets: Assets): Promise<void> {
+    const { riskAssessmentsNewDevice } = assets;
+
+    // Non-existing section means it doesn't need to be processed
+    if (!riskAssessmentsNewDevice) {
+      return;
+    }
+
+    try {
+      // Validate that remember_for property exists
+      const settings: RiskAssessmentsNewDeviceSettings = {
+        remember_for: riskAssessmentsNewDevice.remember_for as number,
+      };
+
+      await this.client.riskAssessments.updateNewDeviceSettings(settings);
+      this.updated += 1;
+      this.didUpdate(settings);
+    } catch (err) {
+      throw err;
+    }
+  }
+}

src/types.ts

@@ -96,6 +96,7 @@ export type Assets = Partial<{
   actions: Action[] | null;
   attackProtection: AttackProtection | null;
   riskAssessments: Asset | null;
+  riskAssessmentsNewDevice: Asset | null;
   branding:
     | (Asset & {
         templates?: { template: string; body: string }[] | null;
@@ -178,6 +179,7 @@ export type AssetTypes =
   | 'triggers'
   | 'attackProtection'
   | 'riskAssessments'
+  | 'riskAssessmentsNewDevice'
   | 'branding'
   | 'phoneProviders'
   | 'logStreams'

test/context/directory/riskAssessmentsNewDevice.test.js

@@ -0,0 +1,132 @@
+import path from 'path';
+import { expect } from 'chai';
+import Context from '../../../src/context/directory';
+import { cleanThenMkdir, createDir, mockMgmtClient, testDataDir } from '../../utils';
+import handler from '../../../src/context/directory/handlers/riskAssessmentsNewDevice';
+import { loadJSON } from '../../../src/utils';
+
+describe('#directory context risk-assessments new-device', () => {
+  it('should replace keywords', async () => {
+    const files = {
+      'risk-assessments': {
+        'settings.json': '{"enabled": true}',
+        'new-device.json': '{"remember_for": @@REMEMBER_FOR_DAYS@@}',
+      },
+    };
+
+    const repoDir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDevice1');
+    createDir(repoDir, files);
+
+    const config = {
+      AUTH0_INPUT_FILE: repoDir,
+      AUTH0_KEYWORD_REPLACE_MAPPINGS: {
+        REMEMBER_FOR_DAYS: 30,
+      },
+    };
+
+    const context = new Context(config, mockMgmtClient());
+    await context.loadAssetsFromLocal();
+
+    const target = {
+      remember_for: 30,
+    };
+
+    expect(context.assets.riskAssessmentsNewDevice).to.deep.equal(target);
+  });
+
+  it('should process risk-assessments new-device', async () => {
+    const files = {
+      'risk-assessments': {
+        'settings.json': '{"enabled": true}',
+        'new-device.json': '{"remember_for": 30}',
+      },
+    };
+
+    const repoDir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDevice2');
+    createDir(repoDir, files);
+
+    const config = { AUTH0_INPUT_FILE: repoDir };
+    const context = new Context(config, mockMgmtClient());
+    await context.loadAssetsFromLocal();
+
+    const target = {
+      remember_for: 30,
+    };
+
+    expect(context.assets.riskAssessmentsNewDevice).to.deep.equal(target);
+  });
+
+  it('should process risk-assessments new-device with zero value', async () => {
+    const files = {
+      'risk-assessments': {
+        'settings.json': '{"enabled": true}',
+        'new-device.json': '{"remember_for": 0}',
+      },
+    };
+
+    const repoDir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDevice3');
+    createDir(repoDir, files);
+
+    const config = { AUTH0_INPUT_FILE: repoDir };
+    const context = new Context(config, mockMgmtClient());
+    await context.loadAssetsFromLocal();
+
+    const target = {
+      remember_for: 0,
+    };
+
+    expect(context.assets.riskAssessmentsNewDevice).to.deep.equal(target);
+  });
+
+  it('should process risk-assessments new-device with large value', async () => {
+    const files = {
+      'risk-assessments': {
+        'settings.json': '{"enabled": true}',
+        'new-device.json': '{"remember_for": 365}',
+      },
+    };
+
+    const repoDir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDevice4');
+    createDir(repoDir, files);
+
+    const config = { AUTH0_INPUT_FILE: repoDir };
+    const context = new Context(config, mockMgmtClient());
+    await context.loadAssetsFromLocal();
+
+    const target = {
+      remember_for: 365,
+    };
+
+    expect(context.assets.riskAssessmentsNewDevice).to.deep.equal(target);
+  });
+
+  it('should dump risk-assessments new-device', async () => {
+    const dir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDeviceDump');
+    cleanThenMkdir(dir);
+    const context = new Context({ AUTH0_INPUT_FILE: dir }, mockMgmtClient());
+
+    context.assets.riskAssessmentsNewDevice = {
+      remember_for: 90,
+    };
+
+    await handler.dump(context);
+    const riskAssessmentsFolder = path.join(dir, 'risk-assessments');
+
+    expect(loadJSON(path.join(riskAssessmentsFolder, 'new-device.json'))).to.deep.equal(
+      context.assets.riskAssessmentsNewDevice
+    );
+  });
+
+  it('should not create files if riskAssessmentsNewDevice is null', async () => {
+    const dir = path.join(testDataDir, 'directory', 'riskAssessmentsNewDeviceNull');
+    cleanThenMkdir(dir);
+    const context = new Context({ AUTH0_INPUT_FILE: dir }, mockMgmtClient());
+
+    context.assets.riskAssessmentsNewDevice = null;
+
+    await handler.dump(context);
+    const riskAssessmentsFolder = path.join(dir, 'risk-assessments');
+
+    expect(() => loadJSON(path.join(riskAssessmentsFolder, 'new-device.json'))).to.throw();
+  });
+});

test/context/yaml/context.test.js

@@ -275,6 +275,9 @@ describe('#YAML context validation', () => {
       riskAssessments: {
         enabled: false,
       },
+      riskAssessmentsNewDevice: {
+        remember_for: 30,
+      },
       rules: [],
       hooks: [],
       actions: [],
@@ -408,6 +411,9 @@ describe('#YAML context validation', () => {
       riskAssessments: {
         enabled: false,
       },
+      riskAssessmentsNewDevice: {
+        remember_for: 30,
+      },
       rules: [],
       hooks: [],
       actions: [],
@@ -542,6 +548,9 @@ describe('#YAML context validation', () => {
       riskAssessments: {
         enabled: false,
       },
+      riskAssessmentsNewDevice: {
+        remember_for: 30,
+      },
       rules: [],
       hooks: [],
       actions: [],