Add bot detection commands (#1435)

* fix(go.mod): update go-auth0 dependency to point DXCDT-1069/add_bot_detection branch commit

- Updated the go-auth0 dependency from v1.33.0 to v1.33.1-0.20260211120643-ac1cfcb90495.
- This change ensures compatibility with the latest features and fixes provided by the go-auth0 library.

* feat(attack_protection): add bot detection management commands

- Introduced new commands for managing bot detection settings, including:
  - `bot-detection show`: Displays current bot detection settings.
  - `bot-detection update`: Updates bot detection settings with user-defined parameters.
- Added `GetBotDetection` and `UpdateBotDetection` methods to the AttackProtectionAPI interface for retrieving and updating settings.
- Implemented a new `botDetectionView` struct for rendering bot detection settings in the CLI.
- Enhanced the attack protection command structure to include bot detection management.

* feat(attack_protection): add bot detection test cases

- Introduced new test cases for bot detection functionality.
- Added tests for both showing and updating bot detection settings.
- Ensured that the output contains relevant fields.
- These changes enhance the coverage of the attack protection feature.

* feat(attack_protection): move attack protection test cases to a dedicated file

- Created a new YAML file for integration test cases specifically for
  attack protection features, including bot detection.
- Moved existing test cases related to attack protection from
  `test-cases.yaml` to `attack-protection-test-cases.yaml` for better
  organization and clarity.
- Each test case verifies the expected output and exit codes for
  various attack protection commands, ensuring functionality and
  reliability of the bot detection feature.

* feat(attack_protection): add bot detection commands documentation

- Updated `auth0_protection.md` to include a link to the new bot detection management commands.
- Created `auth0_protection_bot-detection.md` to describe bot detection features and settings.
- Added `auth0_protection_bot-detection_show.md` for displaying current bot detection settings.
- Added `auth0_protection_bot-detection_update.md` for updating bot detection settings.

* feat(management): add v2 management client initialization

- Introduced a new function `initializeManagementClientV2` to create a management client using the v2 API.
- This function utilizes the `github.com/auth0/go-auth0/v2` package for improved management capabilities.
- Updated `go.mod` and `go.sum` to include the v2 dependency.

* feat(attack_protection): integrate api-v2 in bot detection management

- Added support for v2 management client in the attack protection module.
- Added the AttackProtectionBotDetectionAPIV2 interface to use v2 types.
- Refactored bot detection show command to utilize new v2 API methods.
- Adjusted display functions to handle v2 bot detection response types.
- Enhanced the CLI to initialize and use the v2 management client.

* feat(attack_protection): add bot detection update command with go-auth0-v2

- Updated the `updateBotDetectionCmdRun` function to utilize the new go-auth0 v2 for bot detection settings.
- Introduced a new `stringPtr` utility function to handle string-derived pointer conversions.
- Added tests for `stringPtr` to ensure correct behavior with nil and custom string types.
- Refactored rendering functions to accommodate changes in the bot detection settings response structure.
- Improved user prompts for bot detection configuration options.

* chore(go.mod, go.sum): revert go-auth0 version to v1.33.0

- Updated go-auth0 dependency from v1.33.1 to v1.33.0 in go.mod and go.sum

* refactor(cli): improve comments and simplify nonInputValueFlags initialization

* refactor(cli): simplify bot detection update command logic

- Renamed variable `bd` to `current` for clarity in the `updateBotDetectionCmdRun` function.
- Removed the `noInputValueFlagSet` function and its associated logic to streamline command behavior.

* refactor(bot-detection): update monitoring mode flag naming for consistency

- Changed the long form of the monitoring mode flag from `monitoring-mode` to `monitoring-mode-enabled` for clarity and consistency with other command flags.

* test(bot-detection): enhance tests to ensure boolean flag remain intact

* refactor(cli): rename shouldPromptWhenNoLocalFlagsSet to noLocalFlagSet

- Updated the function name from `shouldPromptWhenNoLocalFlagsSet` to `noLocalFlagSet` for clarity and consistency.
- Adjusted the logic in `appsSessionTransferUpdateCmd` and `updateBotDetectionCmdRun` to utilize the new function name.
- Improved readability by ensuring the function clearly indicates its purpose of checking for local flags.

Author: bkiran6398

docs/auth0_protection.md

@@ -8,6 +8,7 @@ Auth0 can detect attacks and stop malicious attempts to access your application
 
 ## Commands
 
+- [auth0 protection bot-detection](auth0_protection_bot-detection.md) - Manage bot detection settings
 - [auth0 protection breached-password-detection](auth0_protection_breached-password-detection.md) - Manage breached password detection settings
 - [auth0 protection brute-force-protection](auth0_protection_brute-force-protection.md) - Manage brute force protection settings
 - [auth0 protection suspicious-ip-throttling](auth0_protection_suspicious-ip-throttling.md) - Manage suspicious ip throttling settings

docs/auth0_protection_bot-detection.md

@@ -0,0 +1,14 @@
+---
+layout: default
+has_toc: false
+has_children: true
+---
+# auth0 protection bot-detection
+
+Bot detection protects your applications from automated attacks by detecting and blocking bot traffic. Auth0 can challenge suspicious requests with CAPTCHA or block them entirely. Configure detection sensitivity, CAPTCHA policies for different authentication flows, and allowlists for trusted IP addresses.
+
+## Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+

docs/auth0_protection_bot-detection_show.md

@@ -0,0 +1,47 @@
+---
+layout: default
+parent: auth0 protection bot-detection
+has_toc: false
+---
+# auth0 protection bot-detection show
+
+Display the current bot detection settings.
+
+## Usage
+```
+auth0 protection bot-detection show [flags]
+```
+
+## Examples
+
+```
+  auth0 protection bot-detection show
+  auth0 ap bd show --json
+  auth0 ap bd show --json-compact
+```
+
+
+## Flags
+
+```
+      --json           Output in json format.
+      --json-compact   Output in compact json format.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+
+

docs/auth0_protection_bot-detection_update.md

@@ -0,0 +1,55 @@
+---
+layout: default
+parent: auth0 protection bot-detection
+has_toc: false
+---
+# auth0 protection bot-detection update
+
+Update the bot detection settings.
+
+## Usage
+```
+auth0 protection bot-detection update [flags]
+```
+
+## Examples
+
+```
+  auth0 protection bot-detection update
+  auth0 ap bd update --bot-detection-level medium --json-compact
+  auth0 ap bd update --bot-detection-level low --challenge-password-policy never
+  auth0 ap bd update --monitoring-mode-enabled=true --allowlist "198.51.100.42,10.0.0.0/24"
+  auth0 ap bd update -l high -a "198.51.100.42" -m=false --json
+```
+
+
+## Flags
+
+```
+  -a, --allowlist strings                        List of comma-separated trusted IP addresses that will not have bot detection enforced against them. Supports IPv4, IPv6 and CIDR notations.
+  -l, --bot-detection-level string               The level of bot detection sensitivity. Possible values: low, medium, high.
+      --challenge-password-policy string         Determines how often to challenge users with a CAPTCHA for password-based login. Possible values: never, when_risky, always.
+      --challenge-password-reset-policy string   Determines how often to challenge users with a CAPTCHA for password reset. Possible values: never, when_risky, always.
+      --challenge-passwordless-policy string     Determines how often to challenge users with a CAPTCHA for passwordless login. Possible values: never, when_risky, always.
+      --json                                     Output in json format.
+      --json-compact                             Output in compact json format.
+  -m, --monitoring-mode-enabled                  Enable (or disable) monitoring mode. When enabled, logs but does not block.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+
+

go.mod

@@ -7,6 +7,7 @@ require (
 	github.com/PuerkitoBio/rehttp v1.4.0
 	github.com/atotto/clipboard v0.1.4
 	github.com/auth0/go-auth0 v1.34.0
+	github.com/auth0/go-auth0/v2 v2.5.0
 	github.com/briandowns/spinner v1.23.2
 	github.com/charmbracelet/glamour v0.10.0
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e

go.sum

@@ -22,6 +22,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
+github.com/auth0/go-auth0/v2 v2.5.0 h1:IBfiYGsqFwOu4hsxV1JDtB6+ayRinybUIUCU/fRBE8Y=
+github.com/auth0/go-auth0/v2 v2.5.0/go.mod h1:XVRck9fw1EIw1z4guYcbKFGmElnexb+xOvQ/0U1hHd0=
 github.com/auth0/go-auth0 v1.34.0 h1:5rtel4yYbYp+NYlVf3ryxSRaDHWxJubtVc+cqdLMa7o=
 github.com/auth0/go-auth0 v1.34.0/go.mod h1:32sQB1uAn+99fJo6N819EniKq8h785p0ag0lMWhiTaE=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=

internal/auth0/attack_protection.go

@@ -4,6 +4,8 @@ import (
 	"context"
 
 	"github.com/auth0/go-auth0/management"
+	managementv2 "github.com/auth0/go-auth0/v2/management"
+	"github.com/auth0/go-auth0/v2/management/option"
 )
 
 type AttackProtectionAPI interface {
@@ -64,3 +66,19 @@ type AttackProtectionAPI interface {
 		opts ...management.RequestOption,
 	) (err error)
 }
+
+type AttackProtectionBotDetectionAPIV2 interface {
+	// Get the Bot Detection configuration of tenant.
+	//
+	// Required scope: `read:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/attack-protection/get-bot-detection
+	Get(ctx context.Context, opts ...option.RequestOption) (*managementv2.GetBotDetectionSettingsResponseContent, error)
+
+	// Update the Bot Detection configuration of tenant.
+	//
+	// Required scope: `update:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/attack-protection/patch-bot-detection
+	Update(ctx context.Context, request *managementv2.UpdateBotDetectionSettingsRequestContent, opts ...option.RequestOption) (*managementv2.UpdateBotDetectionSettingsResponseContent, error)
+}

internal/auth0/auth0.go

@@ -3,6 +3,7 @@ package auth0
 import (
 	"github.com/auth0/go-auth0"
 	"github.com/auth0/go-auth0/management"
+	managementv2 "github.com/auth0/go-auth0/v2/management/client"
 )
 
 // API mimics `management.Management`s general interface, except it refers to
@@ -76,6 +77,16 @@ func NewAPI(m *management.Management) *API {
 	}
 }
 
+type APIV2 struct {
+	AttackProtectionBotDetection AttackProtectionBotDetectionAPIV2
+}
+
+func NewAPIV2(m *managementv2.Management) *APIV2 {
+	return &APIV2{
+		AttackProtectionBotDetection: m.AttackProtection.BotDetection,
+	}
+}
+
 // Alias all the helper methods so we can keep just typing `auth0.Bool` and the
 // compiler can autocomplete our internal package.
 var (

internal/cli/apps.go

@@ -1175,7 +1175,7 @@ func appsSessionTransferUpdateCmd(cli *cli) *cobra.Command {
 			}
 
 			// Set the flag if it was supplied or entered by the prompt.
-			if appSTCanCreateToken.IsSet(cmd) || shouldPromptWhenNoLocalFlagsSet(cmd) {
+			if appSTCanCreateToken.IsSet(cmd) || noLocalFlagSet(cmd) {
 				st.CanCreateSessionTransferToken = &inputs.CanCreateToken
 			}
 

internal/cli/attack_protection.go

@@ -19,6 +19,7 @@ func attackProtectionCmd(cli *cli) *cobra.Command {
 	cmd.AddCommand(breachedPasswordDetectionCmd(cli))
 	cmd.AddCommand(bruteForceProtectionCmd(cli))
 	cmd.AddCommand(suspiciousIPThrottlingCmd(cli))
+	cmd.AddCommand(botDetectionCmd(cli))
 
 	return cmd
 }