feat: Add support for riskAssessment (#1217)

* feat: riskAssessments integration

* feedback: nest new device settings under riskAssessment

* feedbadck: null check for status code

* feedback: remove useless catch

* remove additional references to previous/legacy format

* null checkery

* shorthand

* feedback: singular-ize riskAssessments

* Update docs/resource-specific-documentation.md

Co-authored-by: Kushal <[email protected]>

* Update src/tools/constants.ts

Co-authored-by: Kushal <[email protected]>

* feedback: more renaming

* fix: tests should reflect singular naming too

* feat: update risk assessment schema structure

- src/tools/auth0/handlers/riskAssessment.ts: nest 'enabled' under 'settings' object
- src/tools/auth0/handlers/riskAssessment.ts: change required fields to include 'settings'

* feat: update risk assessment structure and tests

- src/context/directory/handlers/riskAssessment.ts: change ParsedRiskAssessment type to use RiskAssessmentSettings
- src/context/yaml/handlers/riskAssessment.ts: change ParsedRiskAssessment type to use RiskAssessmentSettings
- test/context/directory/riskAssessment.test.js: update settings structure in test cases
- test/context/yaml/context.test.js: update settings structure in test cases
- test/tools/auth0/handlers/riskAssessment.tests.js: update settings structure in handler tests
- test/utils.js: update mock for risk assessments to reflect new structure

* feat: update risk assessment configuration and examples
- docs/resource-specific-documentation.md: enhance risk assessments section with detailed configuration options
- examples/directory/risk-assessment/settings.json: add new settings.json file for risk assessment
- examples/yaml/tenant.yaml: modify risk assessment structure to include settings

* update e2e

* feat: update risk assessment types and remove settings.json

- src/context/directory/handlers/riskAssessment.ts: replace RiskAssessmentSettings with RiskAssessment
- src/context/yaml/handlers/riskAssessment.ts: replace RiskAssessmentSettings with RiskAssessment
- src/tools/auth0/handlers/riskAssessment.ts: rename RiskAssessmentSettings to RiskAssessment
- src/types.ts: update riskAssessment type to use RiskAssessment instead of RiskAssessmentSettings
- examples/directory/risk-assessments/settings.json: remove settings.json file

* update e2e

* update e2e

* E2E  add cross_origin_authentication to client configurations test-data

* E2E updated

* E2E:enable cross_origin_authentication for Deploy CLI client on test-data

* e2e update

* e2e update

---------

Co-authored-by: Kushal <[email protected]>

Author: josh-cain

docs/resource-specific-documentation.md

@@ -707,3 +707,40 @@ clients:
 ```
 
 For more details, see the [Management API documentation](https://auth0.com/docs/api/management/v2).
+
+## Risk Assessments
+
+Risk assessments configuration allows you to enable or disable risk assessment features for your tenant.
+
+- `settings.enabled`: toggles the feature true/flase (required)
+- `new_device.remember_for` (optional): days to remember devices
+
+### YAML Example
+
+```yaml
+# Contents of ./tenant.yaml
+riskAssessment:
+  settings:
+    enabled: true
+  new_device:
+    remember_for: 30
+```
+
+### Directory Example
+
+Folder: `./risk-assessment/`
+
+File: `./risk-assessment/settings.json`
+
+```json
+{
+  "settings": {
+    "enabled": true
+  },
+  "new_device": {
+    "remember_for": 30
+  }
+}
+```
+
+For more details, see the [Management API documentation](https://auth0.com/docs/api/management/v2#!/Risk_Assessments/get_settings).

examples/directory/risk-assessment/settings.json

@@ -0,0 +1,5 @@
+{
+  "settings": {
+    "enabled": false
+  }
+}

examples/yaml/tenant.yaml

@@ -451,3 +451,9 @@ userAttributeProfiles:
         type: "email"
         required: true
 
+riskAssessment:
+  settings:
+    enabled: false
+  # new_device:
+  #   remember_for: 30
+

src/context/directory/handlers/index.ts

@@ -18,6 +18,7 @@ import actions from './actions';
 import organizations from './organizations';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessment from './riskAssessment';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import phoneTemplates from './phoneTemplates';
@@ -71,6 +72,7 @@ const directoryHandlers: {
   organizations,
   triggers,
   attackProtection,
+  riskAssessment,
   branding,
   phoneProviders,
   phoneTemplates,

src/context/directory/handlers/riskAssessment.ts

@@ -0,0 +1,51 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { constants } from '../../../tools';
+import { dumpJSON, existsMustBeDir, isFile, loadJSON } from '../../../utils';
+import { DirectoryHandler } from '.';
+import DirectoryContext from '..';
+import { ParsedAsset } from '../../../types';
+import { RiskAssessment } from '../../../tools/auth0/handlers/riskAssessment';
+
+type ParsedRiskAssessment = ParsedAsset<'riskAssessment', RiskAssessment>;
+
+function parse(context: DirectoryContext): ParsedRiskAssessment {
+  const riskAssessmentDirectory = path.join(context.filePath, constants.RISK_ASSESSMENT_DIRECTORY);
+  const riskAssessmentFile = path.join(riskAssessmentDirectory, 'settings.json');
+
+  if (!existsMustBeDir(riskAssessmentDirectory)) {
+    return { riskAssessment: null };
+  }
+
+  if (!isFile(riskAssessmentFile)) {
+    return { riskAssessment: null };
+  }
+
+  const riskAssessment = loadJSON(riskAssessmentFile, {
+    mappings: context.mappings,
+    disableKeywordReplacement: context.disableKeywordReplacement,
+  });
+
+  return {
+    riskAssessment,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return;
+
+  const riskAssessmentDirectory = path.join(context.filePath, constants.RISK_ASSESSMENT_DIRECTORY);
+  const riskAssessmentFile = path.join(riskAssessmentDirectory, 'settings.json');
+
+  fs.ensureDirSync(riskAssessmentDirectory);
+  dumpJSON(riskAssessmentFile, riskAssessment);
+}
+
+const riskAssessmentHandler: DirectoryHandler<ParsedRiskAssessment> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentHandler;

src/context/yaml/handlers/index.ts

@@ -18,6 +18,7 @@ import organizations from './organizations';
 import actions from './actions';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessment from './riskAssessment';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import phoneTemplates from './phoneTemplates';
@@ -69,6 +70,7 @@ const yamlHandlers: { [key in AssetTypes]: YAMLHandler<{ [key: string]: unknown
   organizations,
   triggers,
   attackProtection,
+  riskAssessment,
   branding,
   phoneProviders,
   phoneTemplates,

src/context/yaml/handlers/riskAssessment.ts

@@ -0,0 +1,33 @@
+import { YAMLHandler } from '.';
+import YAMLContext from '..';
+import { RiskAssessment } from '../../../tools/auth0/handlers/riskAssessment';
+import { ParsedAsset } from '../../../types';
+
+type ParsedRiskAssessment = ParsedAsset<'riskAssessment', RiskAssessment>;
+
+async function parse(context: YAMLContext): Promise<ParsedRiskAssessment> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return { riskAssessment: null };
+
+  return {
+    riskAssessment,
+  };
+}
+
+async function dump(context: YAMLContext): Promise<ParsedRiskAssessment> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return { riskAssessment: null };
+
+  return {
+    riskAssessment,
+  };
+}
+
+const riskAssessmentHandler: YAMLHandler<ParsedRiskAssessment> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentHandler;

src/tools/auth0/handlers/index.ts

@@ -25,6 +25,7 @@ import * as actions from './actions';
 import * as triggers from './triggers';
 import * as organizations from './organizations';
 import * as attackProtection from './attackProtection';
+import * as riskAssessment from './riskAssessment';
 import * as logStreams from './logStreams';
 import * as customDomains from './customDomains';
 import * as themes from './themes';
@@ -69,6 +70,7 @@ const auth0ApiHandlers: { [key in AssetTypes]: any } = {
   triggers,
   organizations,
   attackProtection,
+  riskAssessment,
   logStreams,
   customDomains,
   themes,

src/tools/auth0/handlers/riskAssessment.ts

@@ -0,0 +1,109 @@
+import DefaultAPIHandler from './default';
+import { Assets } from '../../../types';
+import { Management, ManagementError } from 'auth0';
+
+export const schema = {
+  type: 'object',
+  properties: {
+    settings: {
+      type: 'object',
+      properties: {
+        enabled: {
+          type: 'boolean',
+          description: 'Whether or not risk assessment is enabled.',
+        },
+      },
+      required: ['enabled'],
+    },
+    new_device: {
+      type: 'object',
+      properties: {
+        remember_for: {
+          type: 'number',
+          description: 'Length of time to remember devices for, in days.',
+        },
+      },
+      required: ['remember_for'],
+    },
+  },
+  required: ['settings'],
+};
+
+export type RiskAssessment = {
+  settings: Management.GetRiskAssessmentsSettingsResponseContent;
+  new_device?: Management.GetRiskAssessmentsSettingsNewDeviceResponseContent;
+};
+
+export default class RiskAssessmentHandler extends DefaultAPIHandler {
+  existing: RiskAssessment;
+
+  constructor(config: DefaultAPIHandler) {
+    super({
+      ...config,
+      type: 'riskAssessment',
+    });
+  }
+
+  async getType(): Promise<RiskAssessment> {
+    if (this.existing) {
+      return this.existing;
+    }
+
+    try {
+      const [settings, newDeviceSettings] = await Promise.all([
+        this.client.riskAssessments.settings.get(),
+        this.client.riskAssessments.settings.newDevice.get().catch((err) => {
+          if (err instanceof ManagementError && err?.statusCode === 404) {
+            return { remember_for: 0 };
+          }
+          throw err;
+        }),
+      ]);
+
+      const riskAssessment: RiskAssessment = {
+        settings: settings,
+        new_device: newDeviceSettings,
+        ...(newDeviceSettings.remember_for > 0 && {
+          new_device: newDeviceSettings,
+        }),
+      };
+
+      this.existing = riskAssessment;
+      return this.existing;
+    } catch (err) {
+      if (err instanceof ManagementError && err.statusCode === 404) {
+        const riskAssessment: RiskAssessment = {
+          settings: { enabled: false },
+        };
+        this.existing = riskAssessment;
+        return this.existing;
+      }
+      throw err;
+    }
+  }
+
+  async processChanges(assets: Assets): Promise<void> {
+    const { riskAssessment } = assets;
+
+    // Non-existing section means it doesn't need to be processed
+    if (!riskAssessment) {
+      return;
+    }
+
+    const updates: Promise<unknown>[] = [];
+
+    // Update main settings (enabled flag)
+    updates.push(this.client.riskAssessments.settings.update(riskAssessment?.settings));
+
+    // Update new device settings if provided
+    if (riskAssessment.new_device) {
+      updates.push(
+        this.client.riskAssessments.settings.newDevice.update(riskAssessment.new_device)
+      );
+    }
+
+    await Promise.all(updates);
+    this.updated += 1;
+    this.didUpdate(riskAssessment);
+  }
+}

src/tools/constants.ts

@@ -107,6 +107,7 @@ const constants = {
   CONNECTIONS_ID_NAME: 'id',
   ROLES_DIRECTORY: 'roles',
   ATTACK_PROTECTION_DIRECTORY: 'attack-protection',
+  RISK_ASSESSMENT_DIRECTORY: 'risk-assessment',
   GUARDIAN_FACTORS: [
     'sms',
     'push-notification',