update processChanges to also apply third party client filter

Author: mgyarmathy

src/tools/auth0/handlers/clients.ts

@@ -274,6 +274,7 @@ export type Client = {
   client_id: string;
   name: string;
   app_type?: string;
+  is_first_party?: boolean;
   resource_server_identifier?: string;
   custom_login_page?: string;
   custom_login_page_on?: boolean;
@@ -318,21 +319,23 @@ export default class ClientHandler extends DefaultAPIHandler {
 
     const excludedClients = (assets.exclude && assets.exclude.clients) || [];
 
+    const excludeThirdPartyClients =
+      this.config('AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS') === 'true' ||
+      this.config('AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS') === true;
+
     const { del, update, create, conflicts } = await this.calcChanges(assets);
 
     // Always filter out the client we are using to access Auth0 Management API
     // As it could cause problems if it gets deleted or updated etc
     const currentClient = this.config('AUTH0_CLIENT_ID') || '';
 
-    const filterClients = (list) => {
-      if (excludedClients.length) {
-        return list.filter(
-          (item) => item.client_id !== currentClient && !excludedClients.includes(item.name)
-        );
-      }
-
-      return list.filter((item) => item.client_id !== currentClient);
-    };
+    const filterClients = (list: Client[]): Client[] =>
+      list.filter(
+        (item) =>
+          item.client_id !== currentClient &&
+          !excludedClients.includes(item.name) &&
+          (!excludeThirdPartyClients || item.is_first_party)
+      );
 
     // Sanitize client fields
     const sanitizeClientFields = (list: Client[]): Client[] =>
@@ -353,10 +356,10 @@ export default class ClientHandler extends DefaultAPIHandler {
       });
 
     const changes = {
-      del: sanitizeClientFields(filterClients(del)),
-      update: sanitizeClientFields(filterClients(update)),
-      create: sanitizeClientFields(filterClients(create)),
-      conflicts: sanitizeClientFields(filterClients(conflicts)),
+      del: sanitizeClientFields(filterClients(del as Client[])),
+      update: sanitizeClientFields(filterClients(update as Client[])),
+      create: sanitizeClientFields(filterClients(create as Client[])),
+      conflicts: sanitizeClientFields(filterClients(conflicts as Client[])),
     };
 
     await super.processChanges(assets, {

test/tools/auth0/handlers/clients.tests.js

@@ -375,14 +375,26 @@ describe('#clients handler', () => {
       expect(wasCreateCalled).to.be.equal(true);
     });
 
-    it('should get clients', async () => {
+    it('should ignore third-party clients if AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS is true', async () => {
+      let wasCreateCalled = false;
+      const thirdPartyClient = {
+        name: 'Third-Party Client',
+        is_first_party: false,
+      };
+
       const auth0 = {
         clients: {
-          getAll: (params) =>
-            mockPagedData(params, 'clients', [
-              { name: 'test client', client_id: 'FMfcgxvzLDvPsgpRFKkLVrnKqGgkHhQV' },
-              { name: 'deploy client', client_id: 'client_id' },
-            ]),
+          create: function (data) {
+            (() => expect(this).to.not.be.undefined)();
+            wasCreateCalled = true;
+            expect(data).to.be.an('object');
+            expect(data.name).to.equal('Third-Party Client');
+            expect(data.is_first_party).to.equal(false);
+            return Promise.resolve({ data });
+          },
+          update: () => Promise.resolve({ data: [] }),
+          delete: () => Promise.resolve({ data: [] }),
+          getAll: (params) => mockPagedData(params, 'clients', []),
         },
         connectionProfiles: { getAll: (params) => mockPagedData(params, 'connectionProfiles', []) },
         userAttributeProfiles: {
@@ -391,12 +403,61 @@ describe('#clients handler', () => {
         pool,
       };
 
-      const handler = new clients.default({ client: pageClient(auth0), config });
-      const data = await handler.getType();
-      expect(data).to.deep.equal([
-        { client_id: 'FMfcgxvzLDvPsgpRFKkLVrnKqGgkHhQV', name: 'test client' },
-        { client_id: 'client_id', name: 'deploy client' },
-      ]);
+      const testConfig = function (key) {
+        return testConfig.data && testConfig.data[key];
+      };
+      testConfig.data = {
+        AUTH0_CLIENT_ID: 'client_id',
+        AUTH0_ALLOW_DELETE: true,
+        AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS: true,
+      };
+
+      const handler = new clients.default({
+        client: pageClient(auth0),
+        config: testConfig,
+      });
+      const stageFn = Object.getPrototypeOf(handler).processChanges;
+      await stageFn.apply(handler, [{ clients: [thirdPartyClient] }]);
+      expect(wasCreateCalled).to.be.equal(false);
+    });
+
+    it('should include third-party clients if AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS is false', async () => {
+      let wasCreateCalled = false;
+      const thirdPartyClient = {
+        name: 'Third-Party Client',
+        is_first_party: false,
+      };
+
+      const auth0 = {
+        clients: {
+          create: function (data) {
+            (() => expect(this).to.not.be.undefined)();
+            wasCreateCalled = true;
+            return Promise.resolve({ data });
+          },
+          update: () => Promise.resolve({ data: [] }),
+          delete: () => Promise.resolve({ data: [] }),
+          getAll: (params) => mockPagedData(params, 'clients', []),
+        },
+        pool,
+      };
+
+      const testConfig = function (key) {
+        return testConfig.data && testConfig.data[key];
+      };
+      testConfig.data = {
+        AUTH0_CLIENT_ID: 'client_id',
+        AUTH0_ALLOW_DELETE: true,
+        AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS: false,
+      };
+
+      const handler = new clients.default({
+        client: pageClient(auth0),
+        config: testConfig,
+      });
+      const stageFn = Object.getPrototypeOf(handler).processChanges;
+      await stageFn.apply(handler, [{ clients: [thirdPartyClient] }]);
+      expect(wasCreateCalled).to.be.equal(true);
     });
 
     it('should get clients with is_first_party when AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS is enabled', async () => {