(domain: string)
| 11 | const PROVIDER_NAME_AUTH0_SSO = 'Auth0 SSO' |
| 12 | |
| 13 | function validateAuth0Domain(domain: string): string | null { |
| 14 | if (!domain || typeof domain !== 'string') { |
| 15 | return null |
| 16 | } |
| 17 | |
| 18 | const trimmed = domain.trim() |
| 19 | |
| 20 | // Reject characters that could introduce scheme, port, path, or query |
| 21 | if (/[/\\?#:]/.test(trimmed)) { |
| 22 | return null |
| 23 | } |
| 24 | |
| 25 | // Basic hostname validation |
| 26 | const hostnameRegex = /^(?=.{1,253}$)([a-zA-Z0-9-]{1,63}\.)+[a-zA-Z]{2,63}$/ |
| 27 | if (!hostnameRegex.test(trimmed)) { |
| 28 | return null |
| 29 | } |
| 30 | |
| 31 | // Restrict to Auth0 domains |
| 32 | if (!trimmed.toLowerCase().endsWith('.auth0.com')) { |
| 33 | return null |
| 34 | } |
| 35 | |
| 36 | return trimmed |
| 37 | } |
| 38 | |
| 39 | class Auth0SSO extends SSOBase { |
| 40 | static LOGIN_URI = '/api/v1/auth0/login' |
no test coverage detected