From ecf5dbb137e3e216fde158a81c98982718b15ce4 Mon Sep 17 00:00:00 2001
From: Yesha Mavani <yesha.mavani@sourcefuse.com>
Date: Mon, 21 Oct 2024 17:00:59 +0530
Subject: [PATCH] feat(tenant-management): auth0 idp

organization name for silo will be key
while for other will be tier name

GH-47
---
 .../src/controllers/idp.controller.ts           | 17 +++++++----------
 .../callback-verifier.interceptor.ts            |  4 ++--
 .../webhook-verifier.interceptor.ts             |  6 ++----
 .../src/providers/idp/idp-auth0.provider.ts     | 13 ++++++++++---
 4 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/services/tenant-management-service/src/controllers/idp.controller.ts b/services/tenant-management-service/src/controllers/idp.controller.ts
index 4c3c192..55b84c0 100644
--- a/services/tenant-management-service/src/controllers/idp.controller.ts
+++ b/services/tenant-management-service/src/controllers/idp.controller.ts
@@ -49,21 +49,18 @@ export class IdpController {
     })
     payload: IdpDetailsDTO,
   ): Promise<IdpResp> {
-    const res: IdpResp = {
+    let res: IdpResp = {
       authId: '',
     };
     switch (payload.tenant.identityProvider) {
-      case IdPKey.AUTH0: {
-        const auth0Resp = await this.idpAuth0Provider(payload);
-        return auth0Resp;
-      }
+      case IdPKey.AUTH0:
+        res = await this.idpAuth0Provider(payload);
+        break;
       case IdPKey.COGNITO:
         break;
-
-      case IdPKey.KEYCLOAK: {
-        const keycloakResp = await this.idpKeycloakProvider(payload);
-        return keycloakResp;
-      }
+      case IdPKey.KEYCLOAK:
+        res = await this.idpKeycloakProvider(payload);
+        break;
       default:
         break;
     }
diff --git a/services/tenant-management-service/src/interceptors/callback-verifier.interceptor.ts b/services/tenant-management-service/src/interceptors/callback-verifier.interceptor.ts
index baac8df..f034873 100644
--- a/services/tenant-management-service/src/interceptors/callback-verifier.interceptor.ts
+++ b/services/tenant-management-service/src/interceptors/callback-verifier.interceptor.ts
@@ -14,7 +14,7 @@ import {AuthenticationBindings, IAuthUser} from 'loopback4-authentication';
 import {SYSTEM_USER} from '../keys';
 import {WebhookSecretRepository} from '../repositories';
 
-const DEFAULT_TIME_TOLERANCE = 10000;
+const DEFAULT_TIME_TOLERANCE = 20000;
 
 export class CallbackVerifierProvider implements Provider<Interceptor> {
   constructor(
@@ -78,7 +78,7 @@ export class CallbackVerifierProvider implements Provider<Interceptor> {
       }
 
       const hh = Math.abs(timestamp - Date.now());
-      // timestamp should be within 10 seconds
+      // timestamp should be within 20 seconds
       if (hh > TIMESTAMP_TOLERANCE) {
         this.logger.error('Timestamp out of tolerance');
         throw new HttpErrors.Unauthorized();
diff --git a/services/tenant-management-service/src/interceptors/webhook-verifier.interceptor.ts b/services/tenant-management-service/src/interceptors/webhook-verifier.interceptor.ts
index e4dd56c..e740f7a 100644
--- a/services/tenant-management-service/src/interceptors/webhook-verifier.interceptor.ts
+++ b/services/tenant-management-service/src/interceptors/webhook-verifier.interceptor.ts
@@ -79,10 +79,8 @@ export class WebhookVerifierProvider implements Provider<Interceptor> {
         throw new HttpErrors.Unauthorized();
       }
 
-      // timestamp should be within 5 seconds
-      if (
-        Math.abs(timestamp - Date.now()) > this.webhookConfig.timestampTolerance
-      ) {
+      // timestamp should be within 5-20 seconds
+      if (Math.abs(timestamp - Date.now()) > 20000) {
         this.logger.error('Timestamp out of tolerance');
         throw new HttpErrors.Unauthorized();
       }
diff --git a/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts b/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts
index 61c2d13..741fd3f 100644
--- a/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts
+++ b/services/tenant-management-service/src/providers/idp/idp-auth0.provider.ts
@@ -39,10 +39,17 @@ export class Auth0IdpProvider implements Provider<ConfigureIdpFunc<IdpResp>> {
     }
 
     const configValue = tenantConfig[0].configValue;
+
+    /**Organization name for silo tenants will be its key
+     * whereas for pooled tenants it will be the plan tier
+     * all the pooled tenants will be under the same organization
+     */
+    const orgName =
+      planTier === 'PREMIUM' ? tenant.key : planTier.toLowerCase();
     const organizationData: PostOrganizationsRequest = {
-      name: tenant.key,
+      name: orgName,
       // eslint-disable-next-line
-      display_name: configValue.display_name,
+      display_name: orgName,
       branding: {
         // eslint-disable-next-line
         logo_url: configValue.logo_url,
@@ -117,7 +124,7 @@ export class Auth0IdpProvider implements Provider<ConfigureIdpFunc<IdpResp>> {
     } else {
       try {
         const organizationResponse =
-          await this.management.organizations.getByName({name: tenant.name});
+          await this.management.organizations.getByName({name: orgName});
 
         if (organizationResponse.status === STATUS_OK) {
           organizationId = organizationResponse.data.id;