ntotten/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Change Password Webtask

In order to use this Auth0 WebTask you simply need to follow these instructions.
You first need to create an Auth0 Client and authorize this client to call the management API;

Create a new Auth0 Client called "Change Password Service"
Select the type of the client to be "Non-Interactive"
On the "quickstart" screen that is show select "Auth0 Management API" in the drop down. This will show a orange box that says "This client is not authorized for this API."
Click the button that says to "Navigate to the API and Authorize"
Toggle the "Change Password Service" to authorized.
Select the scopes read:users and update:users
Click "Update"

Now create the webtask:

Login to https://webtask.io/make
Create a new webtask and click the settings icon (wrench) to edit the "Secrets". Name your webtask change-password
Add three secrets:
AUTH0_DOMAIN - this is your auth0 account's domain. i.e. myaccount.auth0.com
AUTH0_CLIENT_ID - this is the client_id of the auth0 client you using
AUTH0_CLIENT_SECRET - this is the client_secret for the client you are using.
Copy the context of the change_password.js into your webtask body.
Click Save
From the bottom left of the page, copy your webtask url. It will look like: https://wt-1234556.run.webtask.io/change-password
Use that url from your application to post the change password data. The request is in the format shown below:

METHOD: POST
URL: https://wt-YOURWEBTASK.run.webtask.io/change-password
BODY:
{
  "connection": "Username-Password-Authentication",
  "username": "test@example.com",
  "old_password": "test",
  "new_password": "test1"
}
The username is the email address of the user. The connection is the name of the Auth0 DB connection you are using. The value shown is the default.

  
## change_password.js
'use latest';

const request = require('superagent');

function getManagementApiToken(domain, client_id, client_secret) {
  return new Promise((resolve, reject) => {
    return request
      .post(`https://${domain}/oauth/token`)
      .send({
        client_id,
        client_secret,
        audience: `https://${domain}/api/v2/`,
        grant_type:"client_credentials"
      })
      .set('User-agent', 'change-password-webtask')
      .set('Content-Type', 'application/json')
      .end((err, res) => {
        if (!err && res.body && res.body.access_token) {
          return resolve(res.body.access_token);
        }
        return reject(err || new Error('Unknown error'));
      });
  });
}

function validatePassword(domain, client_id, connection, username, password) {
  return new Promise((resolve, reject) => {
    return request
      .post(`https://${domain}/oauth/ro`)
      .send({
        client_id,
        username,
        password,
        connection,
        grant_type: 'password'
      })
      .set('User-agent', 'change-password-webtask')
      .set('Content-Type', 'application/json')
      .end((err) => {
        if (err) {
          return reject(err);
        }
        return resolve();
      });
  });
}

function getUser(domain, mgmtToken, connection, username) {
  return new Promise((resolve, reject) => {
    return request
      .get(`https://${domain}/api/v2/users`)
      .query({
        search_engine: 'v2',
        connection,
        q: `email:"${username}"`
      })
      .set('Authorization', `Bearer ${mgmtToken}`)
      .set('User-agent', 'change-password-webtask')
      .set('Content-Type', 'application/json')
      .set('Accept', 'application/json')
      .end((err, res) => {
        if (!err && res.body && res.body.length === 1) {
          return resolve(res.body[0]);
        }
        return reject(err || new Error('User not found'));
      });
  });
}

function changePassword(domain, mgmtToken, user_id, password) {
  return new Promise((resolve, reject) => {
    return request
      .patch(`https://${domain}/api/v2/users/${user_id}`)
      .send({
        password
      })
      .set('Authorization', `Bearer ${mgmtToken}`)
      .set('User-agent', 'change-password-webtask')
      .set('Content-Type', 'application/json')
      .end((err) => {
        if (err) {
          return reject(err);
        }
        return resolve();
      });
  });
}

module.exports = function(context, cb) {
  if (!context.body) {
    return cb(new Error('Invalid request.'));
  }

  let {
    connection,
    username,
    old_password,
    new_password
  } = context.body;
  let {
    AUTH0_DOMAIN,
    AUTH0_CLIENT_ID,
    AUTH0_CLIENT_SECRET
  } = context.secrets;

  var managementToken;

  validatePassword(AUTH0_DOMAIN, AUTH0_CLIENT_ID, connection, username, old_password)
    .then(() => getManagementApiToken(AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET))
    .then((token) => managementToken = token)
    .then(() => getUser(AUTH0_DOMAIN, managementToken, connection, username))
    .then((user) => changePassword(AUTH0_DOMAIN, managementToken, user.user_id, new_password))
    .then(cb)
    .catch((err) => {
      console.log(err);
      cb(new Error('Invalid request'));
    });
};
	'use latest';

	const request = require('superagent');

	function getManagementApiToken(domain, client_id, client_secret) {
	return new Promise((resolve, reject) => {
	return request
	.post(`https://${domain}/oauth/token`)
	.send({
	client_id,
	client_secret,
	audience: `https://${domain}/api/v2/`,
	grant_type:"client_credentials"
	})
	.set('User-agent', 'change-password-webtask')
	.set('Content-Type', 'application/json')
	.end((err, res) => {
	if (!err && res.body && res.body.access_token) {
	return resolve(res.body.access_token);
	}
	return reject(err \|\| new Error('Unknown error'));
	});
	});
	}

	function validatePassword(domain, client_id, connection, username, password) {
	return new Promise((resolve, reject) => {
	return request
	.post(`https://${domain}/oauth/ro`)
	.send({
	client_id,
	username,
	password,
	connection,
	grant_type: 'password'
	})
	.set('User-agent', 'change-password-webtask')
	.set('Content-Type', 'application/json')
	.end((err) => {
	if (err) {
	return reject(err);
	}
	return resolve();
	});
	});
	}

	function getUser(domain, mgmtToken, connection, username) {
	return new Promise((resolve, reject) => {
	return request
	.get(`https://${domain}/api/v2/users`)
	.query({
	search_engine: 'v2',
	connection,
	q: `email:"${username}"`
	})
	.set('Authorization', `Bearer ${mgmtToken}`)
	.set('User-agent', 'change-password-webtask')
	.set('Content-Type', 'application/json')
	.set('Accept', 'application/json')
	.end((err, res) => {
	if (!err && res.body && res.body.length === 1) {
	return resolve(res.body[0]);
	}
	return reject(err \|\| new Error('User not found'));
	});
	});
	}

	function changePassword(domain, mgmtToken, user_id, password) {
	return new Promise((resolve, reject) => {
	return request
	.patch(`https://${domain}/api/v2/users/${user_id}`)
	.send({
	password
	})
	.set('Authorization', `Bearer ${mgmtToken}`)
	.set('User-agent', 'change-password-webtask')
	.set('Content-Type', 'application/json')
	.end((err) => {
	if (err) {
	return reject(err);
	}
	return resolve();
	});
	});
	}

	module.exports = function(context, cb) {
	if (!context.body) {
	return cb(new Error('Invalid request.'));
	}

	let {
	connection,
	username,
	old_password,
	new_password
	} = context.body;
	let {
	AUTH0_DOMAIN,
	AUTH0_CLIENT_ID,
	AUTH0_CLIENT_SECRET
	} = context.secrets;

	var managementToken;

	validatePassword(AUTH0_DOMAIN, AUTH0_CLIENT_ID, connection, username, old_password)
	.then(() => getManagementApiToken(AUTH0_DOMAIN, AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET))
	.then((token) => managementToken = token)
	.then(() => getUser(AUTH0_DOMAIN, managementToken, connection, username))
	.then((user) => changePassword(AUTH0_DOMAIN, managementToken, user.user_id, new_password))
	.then(cb)
	.catch((err) => {
	console.log(err);
	cb(new Error('Invalid request'));
	});
	};