y-o-u/auth0-mfa-email-associate.js

## auth0-mfa-email-associate.js
var request = require("request");
const AWS = require('aws-sdk');

AWS.config.update({ region: 'ap-northeast-1' });
const client_id = process.env['client_id'];
const encrypted_client_secret = process.env['client_secret'];
let decrypted_client_secret;
const audience = process.env['audience'];
const scope = process.env['scope'];
const api_domain = process.env['api_domain'];

async function signUpMock(email,pass) {
    // Auth0にユーザー登録する
    // Auth0の認証API /dbconnections/signup を使用
    return {username:email, password:pass};
}

function mfaReq(userinfo) {
    var options = { method: 'POST',
        url: 'https://' + api_domain + '/oauth/token',
        headers: { 'content-type': 'application/x-www-form-urlencoded' },
        form:
        { grant_type: 'password',
         username: userinfo.username,
         password: userinfo.password,
         audience: audience,
         scope: scope,
         client_id: client_id,
         client_secret: decrypted_client_secret }
    };

    return new Promise((resolve, reject) => {
        request(options, function (error, response, body) {
          if (error) throw new Error(error);
          body = JSON.parse(body);

          if (body.error == 'mfa_required') {
              console.log('mfa_required');
              resolve( body.mfa_token);
          } else {
             console.error('Something went wrong');
             reject(body)
          }
        });
    });
}

function mfaAssociate(mfa_token, userinfo) {
    var options = { method: 'POST',
        url: 'https://' + api_domain + '/mfa/associate',
        headers: { 'content-type': 'application/json', 'authorization': 'Bearer ' + mfa_token },
        body:
        {
            "authenticator_types": ["oob"],
            "oob_channels": ["email"],
            "email": userinfo.username
        },
    json: true };

    return new Promise((resolve, reject) => {
        request(options, function (error, response, body) {
            if (error) throw new Error(error);

            if (body.authenticator_type === 'oob') {
              if (body.binding_method === 'prompt' && body.oob_channel === 'email') {
                resolve(body);
              } else {
                console.error('Unsupported binding_method');
                reject(body);
              }
            } else {
              console.error('Something went wrong');
              reject(body);
            }
        });
    });
}

exports.handler = async (event, context, callback) => {
    const kms = new AWS.KMS();

    let params = {
        CiphertextBlob: Buffer.from(encrypted_client_secret, 'base64')
    }

    try {
        const decrypted = await kms.decrypt(params).promise()
        decrypted_client_secret = decrypted.Plaintext.toString('utf-8')
    }
        catch (exception) {
        console.error(exception)
    }
    console.log(decrypted_client_secret)
    try {
        // ユーザー新規登録する（今回はモック）
        var userinfo = await signUpMock(event.email, event.password);
        // MFAトークンを取得する
        var mfa_token = await mfaReq(userinfo);
        // 認証システムの関連付けを要求する
        var res = await mfaAssociate(mfa_token, userinfo);

        return res;

    } catch(e) {
        console.error(e)
        return e
    }
};
	var request = require("request");
	const AWS = require('aws-sdk');

	AWS.config.update({ region: 'ap-northeast-1' });
	const client_id = process.env['client_id'];
	const encrypted_client_secret = process.env['client_secret'];
	let decrypted_client_secret;
	const audience = process.env['audience'];
	const scope = process.env['scope'];
	const api_domain = process.env['api_domain'];

	async function signUpMock(email,pass) {
	// Auth0にユーザー登録する
	// Auth0の認証API /dbconnections/signup を使用
	return {username:email, password:pass};
	}

	function mfaReq(userinfo) {
	var options = { method: 'POST',
	url: 'https://' + api_domain + '/oauth/token',
	headers: { 'content-type': 'application/x-www-form-urlencoded' },
	form:
	{ grant_type: 'password',
	username: userinfo.username,
	password: userinfo.password,
	audience: audience,
	scope: scope,
	client_id: client_id,
	client_secret: decrypted_client_secret }
	};

	return new Promise((resolve, reject) => {
	request(options, function (error, response, body) {
	if (error) throw new Error(error);
	body = JSON.parse(body);

	if (body.error == 'mfa_required') {
	console.log('mfa_required');
	resolve( body.mfa_token);
	} else {
	console.error('Something went wrong');
	reject(body)
	}
	});
	});
	}

	function mfaAssociate(mfa_token, userinfo) {
	var options = { method: 'POST',
	url: 'https://' + api_domain + '/mfa/associate',
	headers: { 'content-type': 'application/json', 'authorization': 'Bearer ' + mfa_token },
	body:
	{
	"authenticator_types": ["oob"],
	"oob_channels": ["email"],
	"email": userinfo.username
	},
	json: true };

	return new Promise((resolve, reject) => {
	request(options, function (error, response, body) {
	if (error) throw new Error(error);

	if (body.authenticator_type === 'oob') {
	if (body.binding_method === 'prompt' && body.oob_channel === 'email') {
	resolve(body);
	} else {
	console.error('Unsupported binding_method');
	reject(body);
	}
	} else {
	console.error('Something went wrong');
	reject(body);
	}
	});
	});
	}

	exports.handler = async (event, context, callback) => {
	const kms = new AWS.KMS();

	let params = {
	CiphertextBlob: Buffer.from(encrypted_client_secret, 'base64')
	}

	try {
	const decrypted = await kms.decrypt(params).promise()
	decrypted_client_secret = decrypted.Plaintext.toString('utf-8')
	}
	catch (exception) {
	console.error(exception)
	}
	console.log(decrypted_client_secret)
	try {
	// ユーザー新規登録する（今回はモック）
	var userinfo = await signUpMock(event.email, event.password);
	// MFAトークンを取得する
	var mfa_token = await mfaReq(userinfo);
	// 認証システムの関連付けを要求する
	var res = await mfaAssociate(mfa_token, userinfo);

	return res;

	} catch(e) {
	console.error(e)
	return e
	}
	};