feat(password): apply backend logic to all password set fields

defelmnq · defelmnq · commit 0b346d3e20be · 2024-10-23T13:36:20.000Z
diff --git a/coderd/userauth.go b/coderd/userauth.go
@@ -446,7 +446,8 @@ func (api *API) postChangePasswordWithOneTimePasscode(rw http.ResponseWriter, r
 // @Router /users/validate-password [post]
 func (api *API) validateUserPassword(rw http.ResponseWriter, r *http.Request) {
 	var (
-		ctx = r.Context()
+		ctx   = r.Context()
+		valid = true
 	)
 
 	var req codersdk.ValidateUserPasswordRequest
@@ -456,14 +457,11 @@ func (api *API) validateUserPassword(rw http.ResponseWriter, r *http.Request) {
 
 	err := userpassword.Validate(req.Password)
 	if err != nil {
-		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.ValidateUserPasswordResponse{
-			Valid: false,
-		})
-		return
+		valid = false
 	}
 
 	httpapi.Write(ctx, rw, http.StatusOK, codersdk.ValidateUserPasswordResponse{
-		Valid: true,
+		Valid: valid,
 	})
 }
 
diff --git a/site/src/api/api.ts b/site/src/api/api.ts
@@ -1326,7 +1326,7 @@ class ApiMethods {
 		password: string,
 	): Promise<boolean> => {
 		const response = await this.axios.post("/api/v2/users/validate-password", { password });
-		return response.data.isValid;
+		return response.data.valid;
 	};
 
 	getRoles = async (): Promise<Array<TypesGen.AssignableRoles>> => {
diff --git a/site/src/pages/CreateUserPage/CreateUserForm.tsx b/site/src/pages/CreateUserPage/CreateUserForm.tsx
@@ -8,7 +8,7 @@ import { FormFooter } from "components/FormFooter/FormFooter";
 import { FullPageForm } from "components/FullPageForm/FullPageForm";
 import { Stack } from "components/Stack/Stack";
 import { type FormikContextType, useFormik } from "formik";
-import type { FC } from "react";
+import { type FC, useEffect } from "react";
 import {
 	displayNameValidator,
 	getFormHelpers,
@@ -63,6 +63,8 @@ export const authMethodLanguage = {
 export interface CreateUserFormProps {
 	onSubmit: (user: TypesGen.CreateUserRequestWithOrgs) => void;
 	onCancel: () => void;
+	onPasswordChange: (password: string) => void;
+	passwordIsValid: boolean;
 	error?: unknown;
 	isLoading: boolean;
 	authMethods?: TypesGen.AuthMethods;
@@ -85,7 +87,7 @@ const validationSchema = Yup.object({
 
 export const CreateUserForm: FC<
 	React.PropsWithChildren<CreateUserFormProps>
-> = ({ onSubmit, onCancel, error, isLoading, authMethods }) => {
+> = ({ onSubmit, onCancel, onPasswordChange, passwordIsValid, error, isLoading, authMethods }) => {
 	const form: FormikContextType<TypesGen.CreateUserRequestWithOrgs> =
 		useFormik<TypesGen.CreateUserRequestWithOrgs>({
 			initialValues: {
@@ -104,6 +106,11 @@ export const CreateUserForm: FC<
 		error,
 	);
 
+	useEffect(() => {
+		onPasswordChange?.(form.values.password);
+	}, [form.values.password]); // Run effect when password changes
+
+
 	const methods = [
 		authMethods?.password.enabled && "password",
 		authMethods?.oidc.enabled && "oidc",
@@ -189,8 +196,10 @@ export const CreateUserForm: FC<
 					<TextField
 						{...getFieldHelpers("password", {
 							helperText:
-								form.values.login_type !== "password" &&
-								"No password required for this login type",
+								(form.values.login_type !== "password" &&
+								"No password required for this login type") ||
+								(!passwordIsValid && "password is not strong.")
+
 						})}
 						autoComplete="current-password"
 						fullWidth
diff --git a/site/src/pages/CreateUserPage/CreateUserPage.tsx b/site/src/pages/CreateUserPage/CreateUserPage.tsx
@@ -1,12 +1,13 @@
-import { authMethods, createUser } from "api/queries/users";
+import { authMethods, createUser, validatePassword } from "api/queries/users";
 import { displaySuccess } from "components/GlobalSnackbar/utils";
 import { Margins } from "components/Margins/Margins";
-import type { FC } from "react";
+import { type FC, useState } from "react";
 import { Helmet } from "react-helmet-async";
 import { useMutation, useQuery, useQueryClient } from "react-query";
 import { useNavigate } from "react-router-dom";
 import { pageTitle } from "utils/page";
 import { CreateUserForm } from "./CreateUserForm";
+import { useDebouncedFunction } from "hooks/debounce";
 
 export const Language = {
 	unknownError: "Oops, an unknown error occurred.",
@@ -17,6 +18,19 @@ export const CreateUserPage: FC = () => {
 	const queryClient = useQueryClient();
 	const createUserMutation = useMutation(createUser(queryClient));
 	const authMethodsQuery = useQuery(authMethods());
+	const validatePasswordMutation = useMutation(validatePassword());
+
+	const [passwordIsValid, setPasswordIsValid] = useState(false);
+
+	const validateUserPassword = async (password: string) => {
+		validatePasswordMutation.mutate(password, {
+			onSuccess: (data) => {
+				setPasswordIsValid(data);
+			},
+		})
+	};
+
+	const { debounced: debouncedValidateUserPassword } = useDebouncedFunction(validateUserPassword, 500);
 
 	return (
 		<Margins>
@@ -35,6 +49,8 @@ export const CreateUserPage: FC = () => {
 				onCancel={() => {
 					navigate("..", { relative: "path" });
 				}}
+				onPasswordChange={debouncedValidateUserPassword}
+				passwordIsValid={passwordIsValid}
 				isLoading={createUserMutation.isLoading}
 			/>
 		</Margins>
diff --git a/site/src/pages/SetupPage/SetupPage.tsx b/site/src/pages/SetupPage/SetupPage.tsx
@@ -6,7 +6,7 @@ import { useAuthContext } from "contexts/auth/AuthProvider";
 import { useEmbeddedMetadata } from "hooks/useEmbeddedMetadata";
 import { type FC, useEffect, useState } from "react";
 import { Helmet } from "react-helmet-async";
-import { useMutation, useQuery, useQueryClient } from "react-query";
+import { useMutation, useQuery } from "react-query";
 import { Navigate, useNavigate } from "react-router-dom";
 import { pageTitle } from "utils/page";
 import { sendDeploymentEvent } from "utils/telemetry";
@@ -27,7 +27,6 @@ export const SetupPage: FC = () => {
 	const setupIsComplete = !isConfiguringTheFirstUser;
 	const { metadata } = useEmbeddedMetadata();
 	const buildInfoQuery = useQuery(buildInfo(metadata["build-info"]));
-	const queryClient = useQueryClient();
 	const navigate = useNavigate();
 
 	const [passwordIsValid, setPasswordIsValid] = useState(false);
@@ -56,7 +55,7 @@ export const SetupPage: FC = () => {
 	}
 
 	const validateUserPassword = async (password: string) => {
-		const isValid = validatePasswordMutation.mutate(password, {
+		validatePasswordMutation.mutate(password, {
 			onSuccess: (data) => {
 				setPasswordIsValid(data);
 			},
diff --git a/site/src/pages/SetupPage/SetupPageView.tsx b/site/src/pages/SetupPage/SetupPageView.tsx
@@ -183,7 +183,7 @@ export const SetupPageView: FC<SetupPageViewProps> = ({
 						id="password"
 						label={Language.passwordLabel}
 						type="password"
-						helperText={!passwordIsValid ? "Password is not strong enough." : ""} // Provide feedback
+						helperText={!passwordIsValid ? "Password is not strong." : ""} // Provide feedback
 					/>
 					<label
 						htmlFor="trial"
diff --git a/site/src/pages/UserSettingsPage/SecurityPage/SecurityForm.tsx b/site/src/pages/UserSettingsPage/SecurityPage/SecurityForm.tsx
@@ -7,6 +7,7 @@ import { type FormikContextType, useFormik } from "formik";
 import type { FC } from "react";
 import { getFormHelpers } from "utils/formUtils";
 import * as Yup from "yup";
+import { useEffect } from "react";
 
 interface SecurityFormValues {
 	old_password: string;
@@ -30,10 +31,7 @@ export const Language = {
 const validationSchema = Yup.object({
 	old_password: Yup.string().trim().required(Language.oldPasswordRequired),
 	password: Yup.string()
-		.trim()
-		.min(8, Language.passwordMinLength)
-		.max(64, Language.passwordMaxLength)
-		.required(Language.newPasswordRequired),
+		.trim().required(Language.newPasswordRequired),
 	confirm_password: Yup.string()
 		.trim()
 		.test("passwords-match", Language.confirmPasswordMatch, function (value) {
@@ -44,13 +42,17 @@ const validationSchema = Yup.object({
 export interface SecurityFormProps {
 	disabled: boolean;
 	isLoading: boolean;
+	onPasswordChange: (password: string) => void;
+	passwordIsValid: boolean,
 	onSubmit: (values: SecurityFormValues) => void;
 	error?: unknown;
 }
 
 export const SecurityForm: FC<SecurityFormProps> = ({
 	disabled,
 	isLoading,
+	onPasswordChange,
+	passwordIsValid,
 	onSubmit,
 	error,
 }) => {
@@ -74,6 +76,10 @@ export const SecurityForm: FC<SecurityFormProps> = ({
 		);
 	}
 
+	useEffect(() => {
+		onPasswordChange(form.values.password);
+	}, [form.values.password]);
+
 	return (
 		<>
 			<Form onSubmit={form.handleSubmit}>
@@ -91,6 +97,7 @@ export const SecurityForm: FC<SecurityFormProps> = ({
 						autoComplete="password"
 						fullWidth
 						label={Language.newPasswordLabel}
+						helperText={!passwordIsValid ? "Password is not strong." : ""} // Provide feedback
 						type="password"
 					/>
 					<TextField
diff --git a/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx b/site/src/pages/UserSettingsPage/SecurityPage/SecurityPage.tsx
@@ -1,28 +1,42 @@
 import { API } from "api/api";
-import { authMethods, updatePassword } from "api/queries/users";
+import { authMethods, updatePassword, validatePassword } from "api/queries/users";
 import { displaySuccess } from "components/GlobalSnackbar/utils";
 import { Loader } from "components/Loader/Loader";
 import { Stack } from "components/Stack/Stack";
 import { useAuthenticated } from "contexts/auth/RequireAuth";
-import type { ComponentProps, FC } from "react";
+import { type ComponentProps, FC, useState } from "react";
 import { useMutation, useQuery } from "react-query";
 import { Section } from "../Section";
 import { SecurityForm } from "./SecurityForm";
 import {
 	SingleSignOnSection,
 	useSingleSignOnSection,
 } from "./SingleSignOnSection";
+import { useDebouncedFunction } from "hooks/debounce";
 
 export const SecurityPage: FC = () => {
 	const { user: me } = useAuthenticated();
 	const updatePasswordMutation = useMutation(updatePassword());
+	const validatePasswordMutation = useMutation(validatePassword());
 	const authMethodsQuery = useQuery(authMethods());
 	const { data: userLoginType } = useQuery({
 		queryKey: ["loginType"],
 		queryFn: API.getUserLoginType,
 	});
 	const singleSignOnSection = useSingleSignOnSection();
 
+	const [passwordIsValid, setPasswordIsValid] = useState(false);
+
+	const validateUserPassword = async (password: string) => {
+		validatePasswordMutation.mutate(password, {
+			onSuccess: (data) => {
+				setPasswordIsValid(data);
+			},
+		})
+	};
+
+	const { debounced: debouncedValidateUserPassword } = useDebouncedFunction(validateUserPassword, 500);
+
 	if (!authMethodsQuery.data || !userLoginType) {
 		return <Loader />;
 	}
@@ -34,6 +48,8 @@ export const SecurityPage: FC = () => {
 					disabled: userLoginType.login_type !== "password",
 					error: updatePasswordMutation.error,
 					isLoading: updatePasswordMutation.isLoading,
+					onPasswordChange: debouncedValidateUserPassword,
+					passwordIsValid: passwordIsValid,
 					onSubmit: async (data) => {
 						await updatePasswordMutation.mutateAsync({
 							userId: me.id,
diff --git a/site/src/pages/UserSettingsPage/SecurityPage/SecurityPageView.stories.tsx b/site/src/pages/UserSettingsPage/SecurityPage/SecurityPageView.stories.tsx
@@ -15,6 +15,8 @@ const defaultArgs: ComponentProps<typeof SecurityPageView> = {
 			error: undefined,
 			isLoading: false,
 			onSubmit: action("onSubmit"),
+			onPasswordChange: (password: string) => {},
+			passwordIsValid: false,
 		},
 	},
 	oidc: {
