add getChallenge method (#1057)

auth0 · Dec 5, 2019 · c35e6c1 · c35e6c1
1 parent 9d73724
commit c35e6c1
Show file tree

Hide file tree

Showing 2 changed files with 113 additions and 1 deletion.
diff --git a/src/authentication/index.js b/src/authentication/index.js
@@ -546,6 +546,28 @@ Authentication.prototype.userInfo = function(accessToken, cb) {
     .end(responseHandler(cb, { ignoreCasing: true }));
 };
 
+/**
+ * Makes a call to the `/usernamepassword/challenge` endpoint
+ * and returns the challenge (captcha) if necessary.
+ *
+ * @method getChallenge
+ * @param {callback} cb
+ */
+Authentication.prototype.getChallenge = function(cb) {
+  assert.check(cb, { type: 'function', message: 'cb parameter is not valid' });
+
+  if (!this.baseOptions.state) {
+    return cb();
+  }
+
+  var url = urljoin(this.baseOptions.rootUrl, 'usernamepassword', 'challenge');
+
+  return this.request
+    .post(url)
+    .send({ state: this.baseOptions.state })
+    .end(responseHandler(cb, { ignoreCasing: true }));
+};
+
 /**
  * @callback delegationCallback
  * @param {Error} [err] error returned by Auth0 with the reason why the delegation failed

diff --git a/test/authentication/authentication.test.js b/test/authentication/authentication.test.js
@@ -10,7 +10,6 @@ import RequestBuilder from '../../src/helper/request-builder';
 import windowHelper from '../../src/helper/window';
 import Storage from '../../src/helper/storage';
 import Authentication from '../../src/authentication';
-import WebAuth from '../../src/web-auth';
 
 var telemetryInfo = new RequestBuilder({}).getTelemetryData();
 
@@ -23,6 +22,7 @@ describe('auth0.authentication', function() {
       }
     };
   });
+
   describe('initialization', function() {
     it('should use first argument as options when only one argument is used', function() {
       var auth0 = new Authentication({ domain: 'foo', clientID: 'cid' });
@@ -617,6 +617,96 @@ describe('auth0.authentication', function() {
     });
   });
 
+  context('challenge', function() {
+    context('when the client does not have state', function() {
+      before(function() {
+        this.auth0 = new Authentication(this.webAuthSpy, {
+          domain: 'me.auth0.com',
+          clientID: '...',
+          redirectUri: 'http://page.com/callback',
+          responseType: 'code',
+          _sendTelemetry: false
+        });
+      });
+
+      it('should return nothing', function(done) {
+        this.auth0.getChallenge((err, challenge) => {
+          expect(err).to.not.be.ok();
+          expect(challenge).to.not.be.ok();
+          done();
+        });
+      });
+    });
+
+    context('when the client has state', function() {
+      before(function() {
+        this.auth0 = new Authentication(this.webAuthSpy, {
+          domain: 'me.auth0.com',
+          clientID: '...',
+          redirectUri: 'http://page.com/callback',
+          responseType: 'code',
+          _sendTelemetry: false,
+          state: '123abc'
+        });
+      });
+
+      afterEach(function() {
+        request.post.restore();
+      });
+
+      it('should post state and returns the image/type', function(done) {
+        sinon.stub(request, 'post').callsFake(function(url) {
+          expect(url).to.be('https://me.auth0.com/usernamepassword/challenge');
+          return new RequestMock({
+            body: {
+              state: '123abc'
+            },
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            cb: function(cb) {
+              cb(null, {
+                body: {
+                  image: 'svg+yadayada',
+                  type: 'code'
+                }
+              });
+            }
+          });
+        });
+
+        this.auth0.getChallenge((err, challenge) => {
+          expect(err).to.not.be.ok();
+          expect(challenge.image).to.be('svg+yadayada');
+          expect(challenge.type).to.be('code');
+          done();
+        });
+      });
+
+      it('should return the error if network fails', function(done) {
+        sinon.stub(request, 'post').callsFake(function(url) {
+          expect(url).to.be('https://me.auth0.com/usernamepassword/challenge');
+          return new RequestMock({
+            body: {
+              state: '123abc'
+            },
+            headers: {
+              'Content-Type': 'application/json'
+            },
+            cb: function(cb) {
+              cb(new Error('error error error'));
+            }
+          });
+        });
+
+        this.auth0.getChallenge((err, challenge) => {
+          expect(err.original.message).to.equal('error error error');
+          done();
+        });
+      });
+    });
+  });
+
   context('oauthToken', function() {
     before(function() {
       this.auth0 = new Authentication(this.webAuthSpy, {