feat: riskAssessments integration

docs/resource-specific-documentation.md

@@ -576,6 +576,30 @@ phoneProviders:
 ]
 ```
 
+## Risk Assessments
+
+Risk assessments configuration allows you to enable or disable risk assessment features for your tenant.
+
+### YAML Example
+
+```yaml
+# Contents of ./tenant.yaml
+riskAssessments:
+  enabled: true
+```
+
+### Directory Example
+
+File: `./risk-assessments/settings.json`
+
+```json
+{
+  "enabled": true
+}
+```
+
+For more details, see the [Management API documentation](https://auth0.com/docs/api/management/v2#!/Risk_Assessments/get_settings).
+
 ## Connection Profiles
 
 Application specific configuration for use with the OIN Express Configuration feature

examples/directory/risk-assessments/settings.json

@@ -0,0 +1,3 @@
+{
+  "enabled": false
+}

examples/yaml/tenant.yaml

@@ -419,3 +419,6 @@ userAttributeProfiles:
         type: "email"
         required: true
 
+riskAssessments:
+  enabled: false
+

src/context/directory/handlers/index.ts

@@ -18,6 +18,8 @@ import actions from './actions';
 import organizations from './organizations';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessments from './riskAssessments';
+import riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -69,6 +71,8 @@ const directoryHandlers: {
   organizations,
   triggers,
   attackProtection,
+  riskAssessments,
+  riskAssessmentsNewDevice,
   branding,
   phoneProviders,
   logStreams,

src/context/directory/handlers/riskAssessments.ts

@@ -0,0 +1,52 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { constants } from '../../../tools';
+import { dumpJSON, existsMustBeDir, loadJSON } from '../../../utils';
+import { DirectoryHandler } from '.';
+import DirectoryContext from '..';
+import { ParsedAsset, Asset } from '../../../types';
+
+type ParsedRiskAssessments = ParsedAsset<'riskAssessments', Asset>;
+
+function parse(context: DirectoryContext): ParsedRiskAssessments {
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const riskAssessmentsFile = path.join(riskAssessmentsDirectory, 'settings.json');
+
+  if (!existsMustBeDir(riskAssessmentsDirectory)) {
+    return { riskAssessments: null };
+  }
+
+  const riskAssessments = loadJSON(riskAssessmentsFile, {
+    mappings: context.mappings,
+    disableKeywordReplacement: context.disableKeywordReplacement,
+  });
+
+  return {
+    riskAssessments,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { riskAssessments } = context.assets;
+
+  if (!riskAssessments) return;
+
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const riskAssessmentsFile = path.join(riskAssessmentsDirectory, 'settings.json');
+
+  fs.ensureDirSync(riskAssessmentsDirectory);
+  dumpJSON(riskAssessmentsFile, riskAssessments);
+}
+
+const riskAssessmentsHandler: DirectoryHandler<ParsedRiskAssessments> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentsHandler;

src/context/directory/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,52 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { constants } from '../../../tools';
+import { dumpJSON, existsMustBeDir, loadJSON } from '../../../utils';
+import { DirectoryHandler } from '.';
+import DirectoryContext from '..';
+import { ParsedAsset, Asset } from '../../../types';
+
+type ParsedRiskAssessmentsNewDevice = ParsedAsset<'riskAssessmentsNewDevice', Asset>;
+
+function parse(context: DirectoryContext): ParsedRiskAssessmentsNewDevice {
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const newDeviceFile = path.join(riskAssessmentsDirectory, 'new-device.json');
+
+  if (!existsMustBeDir(riskAssessmentsDirectory)) {
+    return { riskAssessmentsNewDevice: null };
+  }
+
+  const riskAssessmentsNewDevice = loadJSON(newDeviceFile, {
+    mappings: context.mappings,
+    disableKeywordReplacement: context.disableKeywordReplacement,
+  });
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return;
+
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const newDeviceFile = path.join(riskAssessmentsDirectory, 'new-device.json');
+
+  fs.ensureDirSync(riskAssessmentsDirectory);
+  dumpJSON(newDeviceFile, riskAssessmentsNewDevice);
+}
+
+const riskAssessmentsNewDeviceHandler: DirectoryHandler<ParsedRiskAssessmentsNewDevice> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentsNewDeviceHandler;

src/context/yaml/handlers/index.ts

@@ -18,6 +18,8 @@ import organizations from './organizations';
 import actions from './actions';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessments from './riskAssessments';
+import riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -67,6 +69,8 @@ const yamlHandlers: { [key in AssetTypes]: YAMLHandler<{ [key: string]: unknown
   organizations,
   triggers,
   attackProtection,
+  riskAssessments,
+  riskAssessmentsNewDevice,
   branding,
   phoneProviders,
   logStreams,

src/context/yaml/handlers/riskAssessments.ts

@@ -0,0 +1,32 @@
+import { YAMLHandler } from '.';
+import YAMLContext from '..';
+import { Asset, ParsedAsset } from '../../../types';
+
+type ParsedRiskAssessments = ParsedAsset<'riskAssessments', Asset>;
+
+async function parse(context: YAMLContext): Promise<ParsedRiskAssessments> {
+  const { riskAssessments } = context.assets;
+
+  if (!riskAssessments) return { riskAssessments: null };
+
+  return {
+    riskAssessments,
+  };
+}
+
+async function dump(context: YAMLContext): Promise<ParsedRiskAssessments> {
+  const { riskAssessments } = context.assets;
+
+  if (!riskAssessments) return { riskAssessments: null };
+
+  return {
+    riskAssessments,
+  };
+}
+
+const riskAssessmentsHandler: YAMLHandler<ParsedRiskAssessments> = {
+  parse: parse,
+  dump: dump,
+};
+
+export default riskAssessmentsHandler;

src/context/yaml/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,32 @@
+import { YAMLHandler } from '.';
+import YAMLContext from '..';
+import { Asset, ParsedAsset } from '../../../types';
+
+type ParsedRiskAssessmentsNewDevice = ParsedAsset<'riskAssessmentsNewDevice', Asset>;
+
+async function parse(context: YAMLContext): Promise<ParsedRiskAssessmentsNewDevice> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return { riskAssessmentsNewDevice: null };
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+async function dump(context: YAMLContext): Promise<ParsedRiskAssessmentsNewDevice> {
+  const { riskAssessmentsNewDevice } = context.assets;
+
+  if (!riskAssessmentsNewDevice) return { riskAssessmentsNewDevice: null };
+
+  return {
+    riskAssessmentsNewDevice,
+  };
+}
+
+const riskAssessmentsNewDeviceHandler: YAMLHandler<ParsedRiskAssessmentsNewDevice> = {
+  parse: parse,
+  dump: dump,
+};
+
+export default riskAssessmentsNewDeviceHandler;

src/tools/auth0/handlers/index.ts

@@ -24,6 +24,8 @@ import * as actions from './actions';
 import * as triggers from './triggers';
 import * as organizations from './organizations';
 import * as attackProtection from './attackProtection';
+import * as riskAssessments from './riskAssessments';
+import * as riskAssessmentsNewDevice from './riskAssessmentsNewDevice';
 import * as logStreams from './logStreams';
 import * as customDomains from './customDomains';
 import * as themes from './themes';
@@ -66,6 +68,8 @@ const auth0ApiHandlers: { [key in AssetTypes]: any } = {
   triggers,
   organizations,
   attackProtection,
+  riskAssessments,
+  riskAssessmentsNewDevice,
   logStreams,
   customDomains,
   themes,

src/tools/auth0/handlers/riskAssessments.ts

@@ -0,0 +1,65 @@
+import DefaultAPIHandler from './default';
+import { Assets } from '../../../types';
+
+export const schema = {
+  type: 'object',
+  properties: {
+    enabled: {
+      type: 'boolean',
+      description: 'Whether or not risk assessment is enabled.',
+    },
+  },
+  required: ['enabled'],
+};
+
+export type RiskAssessmentsSettings = {
+  enabled: boolean;
+};
+
+export default class RiskAssessmentsHandler extends DefaultAPIHandler {
+  existing: RiskAssessmentsSettings | null;
+
+  constructor(config: DefaultAPIHandler) {
+    super({
+      ...config,
+      type: 'riskAssessments',
+    });
+  }
+
+  async getType(): Promise<RiskAssessmentsSettings> {
+    if (this.existing) {
+      return this.existing;
+    }
+
+    try {
+      const { data } = await this.client.riskAssessments.getSettings();
+      this.existing = data;
+      return data;
+    } catch (err) {
+      if (err.statusCode === 404) return { enabled: false };
+      throw err;
+    }
+  }
+
+  async processChanges(assets: Assets): Promise<void> {
+    const { riskAssessments } = assets;
+
+    // Non-existing section means it doesn't need to be processed
+    if (!riskAssessments) {
+      return;
+    }
+
+    try {
+      // Validate that enabled property exists
+      const settings: RiskAssessmentsSettings = {
+        enabled: riskAssessments.enabled as boolean,
+      };
+
+      await this.client.riskAssessments.updateSettings(settings);
+      this.updated += 1;
+      this.didUpdate(settings);
+    } catch (err) {
+      throw err;
+    }
+  }
+}

src/tools/auth0/handlers/riskAssessmentsNewDevice.ts

@@ -0,0 +1,65 @@
+import DefaultAPIHandler from './default';
+import { Assets } from '../../../types';
+
+export const schema = {
+  type: 'object',
+  properties: {
+    remember_for: {
+      type: 'number',
+      description: 'Length of time to remember devices for, in days.',
+    },
+  },
+  required: ['remember_for'],
+};
+
+export type RiskAssessmentsNewDeviceSettings = {
+  remember_for: number;
+};
+
+export default class RiskAssessmentsNewDeviceHandler extends DefaultAPIHandler {
+  existing: RiskAssessmentsNewDeviceSettings | null;
+
+  constructor(config: DefaultAPIHandler) {
+    super({
+      ...config,
+      type: 'riskAssessmentsNewDevice',
+    });
+  }
+
+  async getType(): Promise<RiskAssessmentsNewDeviceSettings> {
+    if (this.existing) {
+      return this.existing;
+    }
+
+    try {
+      const { data } = await this.client.riskAssessments.getNewDeviceSettings();
+      this.existing = data;
+      return data;
+    } catch (err) {
+      if (err.statusCode === 404) return { remember_for: 0 };
+      throw err;
+    }
+  }
+
+  async processChanges(assets: Assets): Promise<void> {
+    const { riskAssessmentsNewDevice } = assets;
+
+    // Non-existing section means it doesn't need to be processed
+    if (!riskAssessmentsNewDevice) {
+      return;
+    }
+
+    try {
+      // Validate that remember_for property exists
+      const settings: RiskAssessmentsNewDeviceSettings = {
+        remember_for: riskAssessmentsNewDevice.remember_for as number,
+      };
+
+      await this.client.riskAssessments.updateNewDeviceSettings(settings);
+      this.updated += 1;
+      this.didUpdate(settings);
+    } catch (err) {
+      throw err;
+    }
+  }
+}