From a13bdf00d628805fbd84690eef9356ad754662f2 Mon Sep 17 00:00:00 2001
From: Tulio Casagrande <tcasagra@thoughtworks.com>
Date: Mon, 3 Apr 2017 15:35:23 -0300
Subject: [#934] Add front-end password validation

---
 web-ui/app/locales/en_US/translation.json          |  6 +-
 web-ui/app/locales/pt_BR/translation.json          |  6 +-
 .../new_password_form/new_password_form.js         | 52 ++++++++++---
 .../new_password_form/new_password_form.spec.js    | 89 +++++++++++++++++++++-
 4 files changed, 138 insertions(+), 15 deletions(-)

(limited to 'web-ui')

diff --git a/web-ui/app/locales/en_US/translation.json b/web-ui/app/locales/en_US/translation.json
index 160e71ff..6ca72283 100644
--- a/web-ui/app/locales/en_US/translation.json
+++ b/web-ui/app/locales/en_US/translation.json
@@ -101,7 +101,11 @@
         "image-description": "New Password - Step 3 of 4",
         "title": "Now, create a new password",
         "input-label1": "create new password",
-        "input-label2": "confirm your new password"
+        "input-label2": "confirm your new password",
+        "error": {
+          "invalid-password": "A better password has at least 8 characters",
+          "invalid-confirm-password": "Password and confirmation don't match"
+        }
       },
       "backup-account-step": {
         "image-description": "Backup Account - Step 4 of 4",
diff --git a/web-ui/app/locales/pt_BR/translation.json b/web-ui/app/locales/pt_BR/translation.json
index b7cac507..1baf9b07 100644
--- a/web-ui/app/locales/pt_BR/translation.json
+++ b/web-ui/app/locales/pt_BR/translation.json
@@ -101,7 +101,11 @@
         "image-description": "Nova Senha - Passo 3 de 4",
         "title": "Agora, crie uma nova senha",
         "input-label1": "digite a nova senha",
-        "input-label2": "confirme a nova senha"
+        "input-label2": "confirme a nova senha",
+        "error": {
+          "invalid-password": "Uma senha boa tem pelo menos 8 caracteres",
+          "invalid-confirm-password": "Senha e confirmação não são iguais"
+        }
       },
       "backup-account-step": {
         "image-description": "E-mail de Recuperação - Passo 4 de 4",
diff --git a/web-ui/src/account_recovery/new_password_form/new_password_form.js b/web-ui/src/account_recovery/new_password_form/new_password_form.js
index e7f689e8..346c1eb8 100644
--- a/web-ui/src/account_recovery/new_password_form/new_password_form.js
+++ b/web-ui/src/account_recovery/new_password_form/new_password_form.js
@@ -18,6 +18,7 @@
 import 'isomorphic-fetch';
 import React from 'react';
 import { translate } from 'react-i18next';
+import validator from 'validator';
 
 import { submitForm } from 'src/common/util';
 import InputField from 'src/common/input_field/input_field';
@@ -27,22 +28,51 @@ import BackLink from 'src/common/back_link/back_link';
 import './new_password_form.scss';
 
 export class NewPasswordForm extends React.Component {
+
+  constructor(props) {
+    super(props);
+    this.state = {
+      submitButtonDisabled: true,
+      password: '',
+      errorPassword: '',
+      confirmPassword: '',
+      errorConfirmPassword: ''
+    };
+  }
+
   submitHandler = (event) => {
     event.preventDefault();
     submitForm(event, '/account-recovery', {
       userCode: this.props.userCode,
       password: this.state.password,
-      confirmation: this.state.confirmation
+      confirmPassword: this.state.confirmPassword
     }).then(() => this.props.next());
   }
 
-  handlePasswordChange = (event) => {
+  handleChangePassword = (event) => {
     this.setState({ password: event.target.value });
-  }
+    this.validatePassword(event.target.value, this.state.confirmPassword);
+  };
 
-  handlePasswordConfirmationChange = (event) => {
-    this.setState({ confirmation: event.target.value });
-  }
+  handleChangeConfirmPassword = (event) => {
+    this.setState({ confirmPassword: event.target.value });
+    this.validatePassword(this.state.password, event.target.value);
+  };
+
+  validatePassword = (password, confirmPassword) => {
+    const emptyPassword = validator.isEmpty(password);
+    const validPassword = validator.isLength(password, { min: 8, max: undefined });
+    const emptyConfirmPassword = validator.isEmpty(confirmPassword);
+    const validConfirmPassword = confirmPassword === password;
+
+    const t = this.props.t;
+
+    this.setState({
+      errorPassword: !emptyPassword && !validPassword ? t('account-recovery.new-password-form.error.invalid-password') : '',
+      errorConfirmPassword: !emptyConfirmPassword && !validConfirmPassword ? t('account-recovery.new-password-form.error.invalid-confirm-password') : '',
+      submitButtonDisabled: !validPassword || !validConfirmPassword
+    });
+  };
 
   render() {
     const { t, previous } = this.props;
@@ -55,16 +85,16 @@ export class NewPasswordForm extends React.Component {
         />
         <h1>{t('account-recovery.new-password-form.title')}</h1>
         <InputField
-          type='password' name='new-password'
+          type='password' name='new-password' value={this.state.password}
           label={t('account-recovery.new-password-form.input-label1')}
-          onChange={this.handlePasswordChange}
+          errorText={this.state.errorPassword} onChange={this.handleChangePassword}
         />
         <InputField
-          type='password' name='confirm-password'
+          type='password' name='confirm-password' value={this.state.confirmPassword}
           label={t('account-recovery.new-password-form.input-label2')}
-          onChange={this.handlePasswordConfirmationChange}
+          errorText={this.state.errorConfirmPassword} onChange={this.handleChangeConfirmPassword}
         />
-        <SubmitButton buttonText={t('account-recovery.button-next')} />
+        <SubmitButton buttonText={t('account-recovery.button-next')} disabled={this.state.submitButtonDisabled} />
         <BackLink text={t('account-recovery.back')} onClick={previous} />
       </form>
     );
diff --git a/web-ui/src/account_recovery/new_password_form/new_password_form.spec.js b/web-ui/src/account_recovery/new_password_form/new_password_form.spec.js
index b57dd42e..c29487a7 100644
--- a/web-ui/src/account_recovery/new_password_form/new_password_form.spec.js
+++ b/web-ui/src/account_recovery/new_password_form/new_password_form.spec.js
@@ -65,8 +65,93 @@ describe('NewPasswordForm', () => {
       expect(fetchMock.lastOptions('/account-recovery').body).toContain('"password":"123"');
     });
 
-    it('sends password confirmation as content', () => {
-      expect(fetchMock.lastOptions('/account-recovery').body).toContain('"confirmation":"456"');
+    it('sends confirm password as content', () => {
+      expect(fetchMock.lastOptions('/account-recovery').body).toContain('"confirmPassword":"456"');
+    });
+  });
+
+  describe('Password validation', () => {
+    let newPasswordFormInstance;
+
+    beforeEach(() => {
+      newPasswordFormInstance = newPasswordForm.instance();
+    });
+
+    it('verifies initial state', () => {
+      expect(newPasswordFormInstance.state.errorPassword).toEqual('');
+      expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('');
+      expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(true);
+    });
+
+    context('with valid fields', () => {
+      beforeEach(() => {
+        newPasswordFormInstance.validatePassword('12345678', '12345678');
+      });
+
+      it('does not set error in state', () => {
+        expect(newPasswordFormInstance.state.errorPassword).toEqual('');
+        expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('');
+      });
+
+      it('enables submit button', () => {
+        expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(false);
+      });
+    });
+
+    context('with invalid password', () => {
+      beforeEach(() => {
+        newPasswordFormInstance.validatePassword('1234', '');
+      });
+
+      it('sets password error in state', () => {
+        expect(newPasswordFormInstance.state.errorPassword).toEqual('account-recovery.new-password-form.error.invalid-password');
+      });
+
+      it('disables submit button', () => {
+        expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(true);
+      });
+    });
+
+    context('with invalid confirm password', () => {
+      beforeEach(() => {
+        newPasswordFormInstance.validatePassword('12345678', '1234');
+      });
+
+      it('sets confirm password error in state', () => {
+        expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('account-recovery.new-password-form.error.invalid-confirm-password');
+      });
+
+      it('disables submit button', () => {
+        expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(true);
+      });
+    });
+
+    context('with empty fields', () => {
+      it('does not set error in state if both empty', () => {
+        newPasswordFormInstance.validatePassword('', '');
+        expect(newPasswordFormInstance.state.errorPassword).toEqual('');
+        expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('');
+      });
+
+      it('does not set confirm password error in state if empty', () => {
+        newPasswordFormInstance.validatePassword('12345678', '');
+        expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('');
+      });
+
+      it('sets confirm password error in state if not empty', () => {
+        newPasswordFormInstance.validatePassword('', '12345678');
+        expect(newPasswordFormInstance.state.errorConfirmPassword).toEqual('account-recovery.new-password-form.error.invalid-confirm-password');
+      });
+
+      it('disables submit button if empty confirm password', () => {
+        newPasswordFormInstance.validatePassword('12345678', '');
+        expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(true);
+      });
+
+      it('disables submit button if empty password', () => {
+        newPasswordFormInstance.validatePassword('', '12345678');
+        expect(newPasswordForm.find('SubmitButton').props().disabled).toBe(true);
+      });
     });
 
     it('calls next handler on success', () => {
-- 
cgit v1.2.3