Updated the msal version

Author: 4gust

1-Authentication/7-sign-in-express-mfa/App/auth/AuthProvider.js

@@ -74,6 +74,13 @@ class AuthProvider {
         );
     }
 
+    doesRequireMFA(token) {
+        // Decode the access token payload
+        const tokenPayload = JSON.parse(atob(token.split('.')[1]));
+        console.log(tokenPayload);
+        return !tokenPayload.amr.includes("mfa");
+    }
+
     async handleRedirect(req, res, next) {
         const authCodeRequest = {
             ...req.session.authCodeRequest,
@@ -110,7 +117,6 @@ class AuthProvider {
      */
     getToken(scopes, redirectUri = "http://localhost:3000/") {
         return  async function (req, res, next) {
-            console.log(scopes);
             const msalInstance = authProvider.getMsalInstance(authProvider.config.msalConfig);
             try {
                 msalInstance.getTokenCache().deserialize(req.session.tokenCache);
@@ -119,7 +125,6 @@ class AuthProvider {
                     account: req.session.account,
                     scopes: scopes,
                 };
-
                 const tokenResponse = await msalInstance.acquireTokenSilent(silentRequest);
 
                 req.session.tokenCache = msalInstance.getTokenCache().serialize();
@@ -131,7 +136,7 @@ class AuthProvider {
 
                     const state = authProvider.cryptoProvider.base64Encode(
                         JSON.stringify({
-                            redirectTo: 'http://localhost:3000/users/updateProfile',
+                            redirectTo: redirectUri,
                             csrfToken: req.session.csrfToken,
                         })
                     );

1-Authentication/7-sign-in-express-mfa/App/package.json

@@ -8,7 +8,7 @@
   "author": "Microsoft",
   "license": "MIT",
   "dependencies": {
-    "@azure/msal-node": "^1.17.2",
+    "@azure/msal-node": "^2.8.0",
     "axios": "^1.0.0",
     "cookie-parser": "^1.4.6",
     "dotenv": "^16.0.3",

1-Authentication/7-sign-in-express-mfa/App/routes/users.js

@@ -6,6 +6,8 @@
 const express = require('express');
 const router = express.Router();
 const authProvider = require('../auth/AuthProvider');
+const temp = require("@azure/msal-node")
+
 var { fetch } = require("../fetch");
 const { GRAPH_ME_ENDPOINT, 
         mfaProtectedResourceScope } = require('../authConfig');
@@ -29,22 +31,40 @@ router.get('/id',
 router.get(
     '/updateProfile',
     isAuthenticated, // check if user is authenticated
-    authProvider.getToken(["User.ReadWrite"]), // check for mfa
+    authProvider.getToken(["User.ReadWrite"]),
     async function (req, res, next) {
+        let doesRequiredMFA = authProvider.doesRequireMFA(req.session.accessToken);
         const graphResponse = await fetch(
             GRAPH_ME_ENDPOINT,
             req.session.accessToken
           );
         res.render("updateProfile", {
             profile: graphResponse,
+            doesRequiredMFA: doesRequiredMFA
           });
     }
 );
 
+router.get(
+  '/gatedUpdateProfile',
+  isAuthenticated, // check if user is authenticated
+  authProvider.getToken(["User.ReadWrite", mfaProtectedResourceScope], 
+                        "http://localhost:3000/users/gatedUpdateProfile"), // check for mfa
+  async function (req, res, next) {
+      const graphResponse = await fetch(
+          GRAPH_ME_ENDPOINT,
+          req.session.accessToken
+        );
+      res.render("updateProfile", {
+          profile: graphResponse,
+          doesRequiredMFA: false
+        });
+  }
+);
+
 router.post(
     '/update',
     isAuthenticated, // check if user is authenticated
-    authProvider.getToken(["User.ReadWrite", mfaProtectedResourceScope]), // check for mfa
     async function (req, res, next) {
         try {
             if (!!req.body) {

1-Authentication/7-sign-in-express-mfa/App/views/updateProfile.hbs

@@ -5,8 +5,11 @@
     <label>Id :</label>
     <label> {{profile.id}}</label>
     <br/>
-    <label for="userName">Display Name :</label>
-    <input type="text" id="displayName" name="displayName" value="{{profile.displayName}}" />
+    <label>Email :</label>
+    <label> {{profile.mail}}</label>
+    <br/>
+    <label for="userName" >Display Name :</label>
+    <input type="text" id="displayName" name="displayName" {{#if doesRequiredMFA}}disabled{{else}}{{/if}} value="{{profile.displayName}}" />
     <br />
     <label for="userName">Given Name :</label>
     <input type="text" id="givenName" name="givenName" value="{{profile.givenName}}" />
@@ -16,11 +19,19 @@
     <input type="text" id="surname" name="surname" value="{{profile.surname}}" />
     <br />
 
-    <label for="userEmail">Email :</label>
+    {{!-- <label for="userEmail">Email :</label>
     <input type="text" id="mail" name="mail" value="{{profile.mail}}" readonly />
-    <br />
+    <br /> --}}
 
     <button type="submit" id="button">Save</button>
   </form>
+  {{#if doesRequiredMFA}}
+  <p>To Edit Name please complete MFA</p>
+      <a href="/users/gatedUpdateProfile">
+    <button>Edit display name</button>
+    </a>
+    {{else}}
+       <br />
+    {{/if}}
 </div>
 <a href="/">Go back</a>