Skip to content

Commit

Permalink
[DXCDT-60] Add attack protection update commands (#407)
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught authored Mar 11, 2022
1 parent e3a1026 commit f9bcaf1
Show file tree
Hide file tree
Showing 12 changed files with 755 additions and 4 deletions.
34 changes: 34 additions & 0 deletions commander.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -605,3 +605,37 @@ tests:
- STAGE_PRE_USER_REGISTRATION_MAX_ATTEMPTS
- STAGE_PRE_USER_REGISTRATION_RATE
exit-code: 0

attack protection update breached password detection:
command: auth0 attack-protection breached-password-detection update --enabled
stdout:
contains:
- ENABLED
- SHIELDS
- ADMIN_NOTIFICATION_FREQUENCY
- METHOD
exit-code: 0

attack protection update brute force protection:
command: auth0 attack-protection brute-force-protection update --enabled
stdout:
contains:
- ENABLED
- SHIELDS
- ALLOW_LIST
- MODE
- MAX_ATTEMPTS
exit-code: 0

attack protection update suspicious ip throttling:
command: auth0 attack-protection suspicious-ip-throttling update --enabled
stdout:
contains:
- ENABLED
- SHIELDS
- ALLOW_LIST
- STAGE_PRE_LOGIN_MAX_ATTEMPTS
- STAGE_PRE_LOGIN_RATE
- STAGE_PRE_USER_REGISTRATION_MAX_ATTEMPTS
- STAGE_PRE_USER_REGISTRATION_RATE
exit-code: 0
49 changes: 49 additions & 0 deletions docs/auth0_attack_protection_breached_password_detection_update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---
layout: default
---
## auth0 attack-protection breached-password-detection update

Update breached password detection settings

### Synopsis

Update breached password detection settings.

```
auth0 attack-protection breached-password-detection update [flags]
```

### Examples

```
auth0 attack-protection breached-password-detection update
```

### Options

```
-f, --admin-notification-frequency strings When "admin_notification" is enabled, determines how often email notifications are sent. Possible values:
immediately, daily, weekly, monthly. Comma-separated.
-e, --enabled Enable (or disable) breached password detection.
-h, --help help for update
-m, --method string The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard.
Possible values: standard, enhanced.
-s, --shields strings Action to take when a breached password is detected. Possible values: block, user_notification,
admin_notification. Comma-separated.
```

### Options inherited from parent commands

```
--debug Enable debug mode.
--force Skip confirmation.
--format string Command output format. Options: json.
--no-color Disable colors.
--no-input Disable interactivity.
--tenant string Specific tenant to use.
```

### SEE ALSO

* [auth0 attack-protection](auth0_attack_protection.md) - Manage attack protection settings
* [auth0 attack-protection breached-password-detection](auth0_attack_protection_breached_password_detection.md) - Manage breached password detection settings
48 changes: 48 additions & 0 deletions docs/auth0_attack_protection_brute_force_protection_update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---
layout: default
---
## auth0 attack-protection brute-force-protection update

Update brute force protection settings

### Synopsis

Update brute force protection settings.

```
auth0 attack-protection brute-force-protection update [flags]
```

### Examples

```
auth0 attack-protection brute-force-protection update
```

### Options

```
-l, --allowlist strings List of trusted IP addresses that will not have attack protection enforced against them. Comma-separated.
-e, --enabled Enable (or disable) brute force protection.
-h, --help help for update
-a, --max-attempts int Maximum number of unsuccessful attempts. (default 1)
-m, --mode string Account Lockout: Determines whether or not IP address is used when counting failed attempts. Possible values:
count_per_identifier_and_ip, count_per_identifier.
-s, --shields strings Action to take when a brute force protection threshold is violated. Possible values: block, user_notification. Comma-separated.
```

### Options inherited from parent commands

```
--debug Enable debug mode.
--force Skip confirmation.
--format string Command output format. Options: json.
--no-color Disable colors.
--no-input Disable interactivity.
--tenant string Specific tenant to use.
```

### SEE ALSO

* [auth0 attack-protection](auth0_attack_protection.md) - Manage attack protection settings
* [auth0 attack-protection brute-force-protection](auth0_attack_protection_brute_force_protection.md) - Manage brute force protection settings
51 changes: 51 additions & 0 deletions docs/auth0_attack_protection_suspicious_ip_throttling_update.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
layout: default
---
## auth0 attack-protection suspicious-ip-throttling update

Update suspicious ip throttling settings

### Synopsis

Update suspicious ip throttling settings.

```
auth0 attack-protection suspicious-ip-throttling update [flags]
```

### Examples

```
auth0 attack-protection suspicious-ip-throttling update
```

### Options

```
-l, --allowlist strings List of trusted IP addresses that will not have attack protection enforced against them. Comma-separated.
-e, --enabled Enable (or disable) suspicious ip throttling.
-h, --help help for update
--pre-login-max int Configuration options that apply before every login attempt. Total number of attempts allowed per day. (default 1)
--pre-login-rate int Configuration options that apply before every login attempt. Interval of time, given in milliseconds, at which new attempts
are granted. (default 34560)
--pre-registration-max int Configuration options that apply before every user registration attempt. Total number of attempts allowed. (default 1)
--pre-registration-rate int Configuration options that apply before every user registration attempt. Interval of time, given in milliseconds, at which
new attempts are granted. (default 1200)
-s, --shields strings Action to take when a suspicious IP throttling threshold is violated. Possible values: block, admin_notification. Comma-separated.
```

### Options inherited from parent commands

```
--debug Enable debug mode.
--force Skip confirmation.
--format string Command output format. Options: json.
--no-color Disable colors.
--no-input Disable interactivity.
--tenant string Specific tenant to use.
```

### SEE ALSO

* [auth0 attack-protection](auth0_attack_protection.md) - Manage attack protection settings
* [auth0 attack-protection suspicious-ip-throttling](auth0_attack_protection_suspicious_ip_throttling.md) - Manage suspicious ip throttling settings
2 changes: 1 addition & 1 deletion internal/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ var requiredScopes = []string{
"create:actions", "delete:actions", "read:actions", "update:actions",
"create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles",
"read:prompts", "update:prompts",
"read:attack_protection",
"read:attack_protection", "update:attack_protection",
}

type Authenticator struct {
Expand Down
30 changes: 30 additions & 0 deletions internal/auth0/attack_protection.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,16 @@ type AttackProtectionAPI interface {
opts ...management.RequestOption,
) (bpd *management.BreachedPasswordDetection, err error)

// UpdateBreachedPasswordDetection updates the breached password detection settings.
//
// Required scope: `update:attack_protection`
//
// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_breached_password_detection
UpdateBreachedPasswordDetection(
bpd *management.BreachedPasswordDetection,
opts ...management.RequestOption,
) (err error)

// GetBruteForceProtection retrieves the brute force configuration.
//
// Required scope: `read:attack_protection`
Expand All @@ -23,6 +33,16 @@ type AttackProtectionAPI interface {
opts ...management.RequestOption,
) (bfp *management.BruteForceProtection, err error)

// UpdateBruteForceProtection updates the brute force configuration.
//
// Required scope: `update:attack_protection`
//
// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_brute_force_protection
UpdateBruteForceProtection(
bfp *management.BruteForceProtection,
opts ...management.RequestOption,
) (err error)

// GetSuspiciousIPThrottling retrieves the suspicious IP throttling configuration.
//
// Required scope: `read:attack_protection`
Expand All @@ -31,4 +51,14 @@ type AttackProtectionAPI interface {
GetSuspiciousIPThrottling(
opts ...management.RequestOption,
) (sit *management.SuspiciousIPThrottling, err error)

// UpdateSuspiciousIPThrottling updates the suspicious IP throttling configuration.
//
// Required scope: `update:attack_protection`
//
// See: https://auth0.com/docs/api/management/v2#!/Attack_Protection/patch_suspicious_ip_throttling
UpdateSuspiciousIPThrottling(
sit *management.SuspiciousIPThrottling,
opts ...management.RequestOption,
) (err error)
}
Loading

0 comments on commit f9bcaf1

Please sign in to comment.