feat(clerk-js,localizations,shared,types): Prompt user to reset pwned… #3034
Conversation
🦋 Changeset detectedLatest commit: a95a202 The changes in this PR will be included in the next version bump. This PR includes changesets to release 14 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
| @@ -135,6 +138,10 @@ export function _SignInFactorOne(): JSX.Element { | |||
| }} | |||
| onForgotPasswordMethodClick={resetPasswordFactor ? toggleForgotPasswordStrategies : toggleAllStrategies} | |||
| onShowAlternativeMethodsClick={toggleAllStrategies} | |||
| onPasswordPwned={() => { | |||
| setIsPasswordPwned(true); | |||
| toggleForgotPasswordStrategies(); | |||
There was a problem hiding this comment.
We could potentially also trigger the reset flow to start, but preferred to allow them to click it themselves.
| @@ -40,12 +41,13 @@ const usePasswordControl = (props: SignInFactorOnePasswordProps) => { | |||
| : onShowAlternativeMethodsClick | |||
| ? onShowAlternativeMethodsClick | |||
| : () => null, | |||
| // onPasswordPwned, | |||
There was a problem hiding this comment.
Assumed I would need to include it here as were, but this causes the following error:
Warning: Unknown event handler property onPasswordPwned. It will be ignored.
There was a problem hiding this comment.
not sure why you need it here?
There was a problem hiding this comment.
Me neither :-D
There was a problem hiding this comment.
@desiprisg do we not need to export is like the other handlers?
There was a problem hiding this comment.
Seems like we don't need it, can we remove the comment ?
| @@ -58,6 +60,7 @@ export const SignInFactorOnePasswordCard = (props: SignInFactorOnePasswordProps) | |||
| const clerk = useClerk(); | |||
|
|
|||
| const goBack = () => { | |||
| card.setError(undefined); | |||
There was a problem hiding this comment.
This doesn't work, the error is not cleared.
There was a problem hiding this comment.
Never mind, this was not the correct location to do it.
| @@ -83,6 +86,14 @@ export const SignInFactorOnePasswordCard = (props: SignInFactorOnePasswordProps) | |||
| return clerk.__internal_navigateWithError('..', err.errors[0]); | |||
| } | |||
|
|
|||
| if (isPasswordPwnedError(err)) { | |||
| if (onPasswordPwned) { | |||
| card.setError({ ...err.errors[0], code: err.errors[0].code + '__sign_in' }); | |||
There was a problem hiding this comment.
Need to add a suffix to target the l10n key we want.
There was a problem hiding this comment.
I'd say just hardcode it here since the type will always be the same.
yourtallness
force-pushed
the
yourtallness/hibp_on_sign_in
branch
from
7b91a29
to
8a2a243
Compare
| @@ -83,6 +86,14 @@ export const SignInFactorOnePasswordCard = (props: SignInFactorOnePasswordProps) | |||
| return clerk.__internal_navigateWithError('..', err.errors[0]); | |||
| } | |||
|
|
|||
| if (isPasswordPwnedError(err)) { | |||
| if (onPasswordPwned) { | |||
| card.setError({ ...err.errors[0], code: err.errors[0].code + '__sign_in' }); | |||
There was a problem hiding this comment.
I'd say just hardcode it here since the type will always be the same.
| @@ -58,6 +60,7 @@ export const SignInFactorOnePasswordCard = (props: SignInFactorOnePasswordProps) | |||
| const clerk = useClerk(); | |||
|
|
|||
| const goBack = () => { | |||
| card.setError(undefined); | |||
There was a problem hiding this comment.
Maybe we ignore undefined ? Or maybe there's a function to clear the error? Could you check the implementation?
There was a problem hiding this comment.
It worked when I moved it to the proper back handlers.
| @@ -40,12 +41,13 @@ const usePasswordControl = (props: SignInFactorOnePasswordProps) => { | |||
| : onShowAlternativeMethodsClick | |||
| ? onShowAlternativeMethodsClick | |||
| : () => null, | |||
| // onPasswordPwned, | |||
There was a problem hiding this comment.
not sure why you need it here?
| @@ -135,6 +138,10 @@ export function _SignInFactorOne(): JSX.Element { | |||
| }} | |||
| onForgotPasswordMethodClick={resetPasswordFactor ? toggleForgotPasswordStrategies : toggleAllStrategies} | |||
| onShowAlternativeMethodsClick={toggleAllStrategies} | |||
| onPasswordPwned={() => { | |||
| setIsPasswordPwned(true); | |||
| toggleForgotPasswordStrategies(); | |||
yourtallness
force-pushed
the
yourtallness/hibp_on_sign_in
branch
2 times, most recently
from
e98fd3d
to
2503592
Compare
yourtallness
force-pushed
the
yourtallness/hibp_on_sign_in
branch
2 times, most recently
from
2982469
to
f5198a2
Compare
I have added 2 tests (phone + pwned, email + pwned), can you recommend more scenarios? |
| @@ -40,12 +41,13 @@ const usePasswordControl = (props: SignInFactorOnePasswordProps) => { | |||
| : onShowAlternativeMethodsClick | |||
| ? onShowAlternativeMethodsClick | |||
| : () => null, | |||
| // onPasswordPwned, | |||
There was a problem hiding this comment.
Seems like we don't need it, can we remove the comment ?
| @@ -67,6 +67,10 @@ export function isUserLockedError(err: any) { | |||
| return isClerkAPIResponseError(err) && err.errors?.[0]?.code === 'user_locked'; | |||
| } | |||
|
|
|||
| export function isPasswordPwnedError(err: any) { | |||
| return isClerkAPIResponseError(err) && err.errors?.[0]?.code === 'form_password_pwned'; | |||
There was a problem hiding this comment.
How come we use the first error item ? Will this always be the case from FAPI ? I see that we are doing the same above, just asking tho.
… password at sign-in
yourtallness
force-pushed
the
yourtallness/hibp_on_sign_in
branch
from
0060707
to
a95a202
Compare
… password at sign-in
Description
If admin has enabled
password_settings.enforce_on_sign_inand HIBP is enabled, then a password could potentially be detected as pwned at a subsequent sign-in.The API will respond with error code
form_password_pwned, in which case we will show a corresponding error and show the alternative method list, prompting them to reset their password.Checklist
npm testruns as expected.npm run buildruns as expected.Type of change