Mfancher/prev passwords front (#1017)

* install bcrypt on front-end

* store prev passwords on backend

* Check for prev passwords on backend

* Update authUtil.js

* finish my account pw change

* Dont require old password check on register form/wizard

* Finalize password reset screens

* Fixes

* fix on page load

* Bug Fix for reset temp password screen

* Bug Fix on reset password with token

Author: FancMa01

Tombolo/client-reactjs/src/components/application/myAccount/changePasswordModal.jsx

@@ -1,4 +1,4 @@
-import React, { useState, useEffect } from 'react';
+import React, { useState, useEffect, useRef } from 'react';
 import { Modal, Form, Input, Button, Popover, message, Spin } from 'antd';
 import passwordComplexityValidator from '../../common/passwordComplexityValidator';
 import { changeBasicUserPassword } from './utils';
@@ -9,6 +9,40 @@ const ChangePasswordModal = ({ changePasswordModalVisible, setChangePasswordModa
   const [popOverContent, setPopOverContent] = useState(null);
   const [loading, setLoading] = useState(false);
 
+  //ref to track if user is finished typing
+  const finishedTypingRef = useRef(false);
+  const isFirstLoad = useRef(true);
+
+  //need to detect when user is finished typing to run check previous password validator, otherwise perofrmance is too slow
+  useEffect(() => {
+    const timer = setTimeout(() => {
+      if (!isFirstLoad.current) {
+        validatePassword(form.getFieldValue('newPassword'), true);
+        finishedTypingRef.current = true;
+        form.validateFields(['newPassword']);
+      } else {
+        isFirstLoad.current = false;
+      }
+    }, 1000);
+
+    return () => clearTimeout(timer);
+  }, [form.getFieldValue('newPassword')]);
+
+  const validatePassword = (value, checkOldPassword) => {
+    let pw = value;
+    if (!value) {
+      pw = '';
+    }
+
+    if (checkOldPassword) {
+      setPopOverContent(
+        passwordComplexityValidator({ password: pw, generateContent: true, user, oldPasswordCheck: true })
+      );
+    } else {
+      setPopOverContent(passwordComplexityValidator({ password: pw, generateContent: true, user }));
+    }
+  };
+
   const user = getUser();
 
   const handleOk = async () => {
@@ -41,10 +75,6 @@ const ChangePasswordModal = ({ changePasswordModalVisible, setChangePasswordModa
 
   useEffect(() => {}, [popOverContent]);
 
-  const validatePassword = (value) => {
-    setPopOverContent(passwordComplexityValidator({ password: value, generateContent: true, user }));
-  };
-
   return (
     <Modal
       title="Change Password"
@@ -89,8 +119,17 @@ const ChangePasswordModal = ({ changePasswordModalVisible, setChangePasswordModa
                   if (form.getFieldValue('currentPassword') === value) {
                     return Promise.reject(new Error('New password cannot be the same as the current password!'));
                   }
+                  let errors = [];
+
+                  if (finishedTypingRef.current) {
+                    errors = passwordComplexityValidator({ password: value, user, oldPasswordCheck: true });
+                  } else {
+                    errors = passwordComplexityValidator({ password: value, user });
+                  }
+
+                  finishedTypingRef.current = false;
+
                   //passwordComplexityValidator always returns an array with at least one attributes element
-                  const errors = passwordComplexityValidator({ password: value, user });
                   if (!value || errors.length === 1) {
                     return Promise.resolve();
                   } else {
@@ -106,7 +145,10 @@ const ChangePasswordModal = ({ changePasswordModalVisible, setChangePasswordModa
                 validatePassword(e.target.value);
               }}
               onFocus={(e) => {
-                validatePassword(e.target.value);
+                validatePassword(e.target.value, true);
+              }}
+              onBlur={(e) => {
+                validatePassword(e.target.value, true);
               }}
             />
           </Form.Item>

Tombolo/client-reactjs/src/components/common/passwordComplexityValidator.js

@@ -1,25 +1,37 @@
 import React from 'react';
-import { CloseCircleOutlined, CheckCircleOutlined } from '@ant-design/icons';
+import { CloseCircleOutlined, CheckCircleOutlined, LoadingOutlined } from '@ant-design/icons';
+import bcrypt from 'bcryptjs-react';
 
-function passwordComplexityValidator({ password, generateContent, user }) {
+function passwordComplexityValidator({ password, generateContent, user, oldPasswordCheck, newUser }) {
   // Define your password complexity rules here
   const minLength = 8;
   const hasUppercase = /[A-Z]/.test(password);
   const hasLowercase = /[a-z]/.test(password);
   const hasNumber = /[0-9]/.test(password);
   const hasSpecialChar = /[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]/.test(password);
+
   const isNotUserInfo =
     !password.trim().toLowerCase().includes(user?.firstName.trim().toLowerCase()) &&
     !password.includes(user?.lastName.trim().toLowerCase()) &&
     !password.includes(user?.email.trim().toLowerCase());
 
+  //need to only check for old passwords if oldPasswordCheck flag is passed,
+  //this is to avoid performance issues when checking password complexity on the client side
+  let isNotOldPassword = 'loading';
+  if (oldPasswordCheck && !newUser) {
+    isNotOldPassword = user?.metaData?.previousPasswords?.every((oldPassword) => {
+      return !bcrypt.compareSync(password, oldPassword);
+    });
+  }
+
   // Define your error messages here
   const uppercaseMessage = 'Password must contain at least one uppercase letter';
   const lowercaseMessage = 'Password must contain at least one lowercase letter';
   const numberMessage = 'Password must contain at least one number';
   const specialMessage = 'Password must contain at least one special character';
   const lengthMessage = `Password must be at least ${minLength} characters long`;
   const userInfoMessage = 'Password cannot contain your name or email address';
+  const oldPasswordMessage = 'Password cannot be the same as old passwords';
 
   let errors = [];
   errors.push({
@@ -33,6 +45,10 @@ function passwordComplexityValidator({ password, generateContent, user }) {
     ],
   });
 
+  if (!newUser) {
+    errors[0].attributes.push({ name: 'oldPassword', message: oldPasswordMessage });
+  }
+
   //checks if password meets the requirements
   if (!hasUppercase) {
     errors.push({ type: 'uppercase' });
@@ -52,16 +68,32 @@ function passwordComplexityValidator({ password, generateContent, user }) {
   if (!isNotUserInfo) {
     errors.push({ type: 'userInfo' });
   }
+  if (!isNotOldPassword && oldPasswordCheck && !newUser) {
+    errors.push({ type: 'oldPassword' });
+  }
 
   if (generateContent) {
     const passwordComplexityContent = errors[0].attributes.map((error) => {
       const errorExistsForAttribute = errors.some((error2) => error2?.type === error.name);
+
       return (
         <li key={error.name} style={{ marginBottom: '.5rem' }}>
           {errorExistsForAttribute ? (
-            <CloseCircleOutlined style={{ color: 'red', marginRight: '.5rem' }} />
+            <>
+              {error.name === 'oldPassword' && isNotOldPassword === 'loading' ? (
+                <LoadingOutlined style={{ color: 'orange', marginRight: '.5rem' }} />
+              ) : (
+                <CloseCircleOutlined style={{ color: 'red', marginRight: '.5rem' }} />
+              )}
+            </>
           ) : (
-            <CheckCircleOutlined style={{ color: 'green', marginRight: '.5rem' }} />
+            <>
+              {error.name === 'oldPassword' && isNotOldPassword === 'loading' ? (
+                <LoadingOutlined style={{ color: 'orange', marginRight: '.5rem' }} />
+              ) : (
+                <CheckCircleOutlined style={{ color: 'green', marginRight: '.5rem' }} />
+              )}
+            </>
           )}
           <span>{error.message}</span>
         </li>

Tombolo/client-reactjs/src/components/login/ResetPasswordWithToken.js

@@ -1,4 +1,4 @@
-import React, { useEffect, useState } from 'react';
+import React, { useEffect, useState, useRef } from 'react';
 import { Form, Input, Button, Divider, message, Popover } from 'antd';
 import { useParams } from 'react-router-dom';
 import passwordComplexityValidator from '../common/passwordComplexityValidator';
@@ -17,6 +17,47 @@ const ResetPassword = () => {
 
   const [messageApi, contextHolder] = message.useMessage();
 
+  //ref to track if user is finished typing
+  const finishedTypingRef = useRef(false);
+  const isFirstLoad = useRef(true);
+
+  //need to detect when user is finished typing to run check previous password validator, otherwise perofrmance is too slow
+  useEffect(() => {
+    const timer = setTimeout(() => {
+      if (!isFirstLoad.current) {
+        validatePassword(form.getFieldValue('newPassword'), true);
+        finishedTypingRef.current = true;
+        form.validateFields(['newPassword']);
+      } else {
+        isFirstLoad.current = false;
+      }
+    }, 1000);
+
+    return () => clearTimeout(timer);
+  }, [form.getFieldValue('newPassword')]);
+
+  const validatePassword = (value, checkOldPassword) => {
+    let pw = value;
+    if (!value) {
+      pw = '';
+    }
+
+    if (userDetails) {
+      if (checkOldPassword) {
+        setPopOverContent(
+          passwordComplexityValidator({
+            password: pw,
+            generateContent: true,
+            user: userDetails,
+            oldPasswordCheck: true,
+          })
+        );
+      } else {
+        setPopOverContent(passwordComplexityValidator({ password: pw, generateContent: true, user: userDetails }));
+      }
+    }
+  };
+
   const onLoad = async () => {
     //get user details from /api/auth//getUserDetailsWithToken/:token
     try {
@@ -116,9 +157,6 @@ const ResetPassword = () => {
   };
 
   useEffect(() => {}, [popOverContent]);
-  const validatePassword = (value) => {
-    setPopOverContent(passwordComplexityValidator({ password: value, generateContent: true, user: userDetails }));
-  };
 
   return (
     <Form onFinish={onFinish} layout="vertical" form={form}>
@@ -137,12 +175,29 @@ const ResetPassword = () => {
             { max: 64, message: 'Maximum of 64 characters allowed' },
             () => ({
               validator(_, value) {
+                if (!value) {
+                  return Promise.reject();
+                }
+                //make sure it doesn't equal current password
+                if (form.getFieldValue('currentPassword') === value) {
+                  return Promise.reject(new Error('New password cannot be the same as the current password!'));
+                }
+                let errors = [];
+
+                if (finishedTypingRef.current) {
+                  errors = passwordComplexityValidator({ password: value, user: userDetails, oldPasswordCheck: true });
+                } else {
+                  errors = passwordComplexityValidator({ password: value, user: userDetails });
+                }
+
+                finishedTypingRef.current = false;
+
                 //passwordComplexityValidator always returns an array with at least one attributes element
-                const errors = passwordComplexityValidator({ password: value, user: userDetails });
                 if (!value || errors.length === 1) {
                   return Promise.resolve();
+                } else {
+                  return Promise.reject(new Error('Password does not meet complexity requirements!'));
                 }
-                return Promise.reject(new Error('Password does not meet complexity requirements!'));
               },
             }),
           ]}>
@@ -153,7 +208,10 @@ const ResetPassword = () => {
               validatePassword(e.target.value);
             }}
             onFocus={(e) => {
-              validatePassword(e.target.value);
+              validatePassword(e.target.value, true);
+            }}
+            onBlur={(e) => {
+              validatePassword(e.target.value, true);
             }}
           />
         </Form.Item>

Tombolo/client-reactjs/src/components/login/ResetTempPassword.js

@@ -1,4 +1,4 @@
-import React, { useState, useEffect } from 'react';
+import React, { useState, useEffect, useRef } from 'react';
 import { Form, Input, Button, Spin, message, Popover } from 'antd';
 import { resetTempPassword } from './utils';
 import passwordComplexityValidator from '../common/passwordComplexityValidator';
@@ -12,11 +12,52 @@ function ResetTempPassword() {
   const [userDetails, setUserDetails] = useState(null);
   const [form] = Form.useForm();
 
-  // For password validator pop over
-  const validatePassword = (value) => {
-    setPopOverContent(passwordComplexityValidator({ password: value, generateContent: true, user: userDetails }));
-  };
+  //ref to track if user is finished typing
+  const finishedTypingRef = useRef(false);
+  const isFirstLoad = useRef(true);
+
+  //need to detect when user is finished typing to run check previous password validator, otherwise perofrmance is too slow
+  useEffect(() => {
+    const timer = setTimeout(() => {
+      if (!isFirstLoad.current) {
+        validatePassword(form.getFieldValue('password'), true);
+        finishedTypingRef.current = true;
+        form.validateFields(['password']);
+      } else {
+        isFirstLoad.current = false;
+      }
+    }, 1000);
 
+    return () => clearTimeout(timer);
+  }, [form.getFieldValue('password')]);
+
+  const validatePassword = (value, checkOldPassword) => {
+    let pw = value;
+    if (!value) {
+      pw = '';
+    }
+
+    if (checkOldPassword) {
+      setPopOverContent(
+        passwordComplexityValidator({
+          password: pw,
+          generateContent: true,
+          user: userDetails,
+          oldPasswordCheck: true,
+          newUser: userDetails.newUser,
+        })
+      );
+    } else {
+      setPopOverContent(
+        passwordComplexityValidator({
+          password: pw,
+          generateContent: true,
+          user: userDetails,
+          newUser: userDetails.newUser,
+        })
+      );
+    }
+  };
   // On component load, get the token from the URL
   useEffect(() => {
     const url = window.location.href;
@@ -120,12 +161,38 @@ function ResetTempPassword() {
             },
             () => ({
               validator(_, value) {
+                if (!value) {
+                  return Promise.reject();
+                }
+                //make sure it doesn't equal current password
+                if (form.getFieldValue('currentPassword') === value) {
+                  return Promise.reject(new Error('New password cannot be the same as the current password!'));
+                }
+                let errors = [];
+
+                if (finishedTypingRef.current) {
+                  errors = passwordComplexityValidator({
+                    password: value,
+                    user: userDetails,
+                    oldPasswordCheck: true,
+                    newUser: userDetails.newUser,
+                  });
+                } else {
+                  errors = passwordComplexityValidator({
+                    password: value,
+                    user: userDetails,
+                    newUser: userDetails.newUser,
+                  });
+                }
+
+                finishedTypingRef.current = false;
+
                 //passwordComplexityValidator always returns an array with at least one attributes element
-                const errors = passwordComplexityValidator({ password: value, user: userDetails });
                 if (!value || errors.length === 1) {
                   return Promise.resolve();
+                } else {
+                  return Promise.reject(new Error('Password does not meet complexity requirements!'));
                 }
-                return Promise.reject(new Error('Password does not meet complexity requirements!'));
               },
             }),
           ]}>
@@ -136,7 +203,10 @@ function ResetTempPassword() {
               validatePassword(e.target.value);
             }}
             onFocus={(e) => {
-              validatePassword(e.target.value);
+              validatePassword(e.target.value, true);
+            }}
+            onBlur={(e) => {
+              validatePassword(e.target.value, true);
             }}
           />
         </Form.Item>