#1348 | Disallow login to webapp in non prod environments if old defa…

…ult password is used
avniproject · Sep 27, 2024 · 60f9969 · 60f9969
1 parent 46865ba
commit 60f9969
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 20 deletions.
diff --git a/src/rootApp/CognitoSignIn.js b/src/rootApp/CognitoSignIn.js
@@ -1,6 +1,8 @@
 import React from "react";
 import { SignIn } from "aws-amplify-react";
 import SignInView from "./views/SignInView";
+import { isProdEnv } from "../common/constants";
+import { isDisallowedPassword } from "./utils";
 
 class CognitoSignIn extends SignIn {
   constructor(props) {
@@ -17,7 +19,13 @@ class CognitoSignIn extends SignIn {
     return (
       <SignInView
         notifyInputChange={this.handleInputChange}
-        onSignIn={() => super.signIn()}
+        onSignIn={() => {
+          if (!isProdEnv && isDisallowedPassword(this.inputs.password)) {
+            alert("Password change required.");
+          } else {
+            super.signIn();
+          }
+        }}
         onForgotPassword={() => super.changeState("forgotPassword")}
         loading={this.state.loading}
       />

diff --git a/src/rootApp/utils.js b/src/rootApp/utils.js
@@ -11,15 +11,13 @@ export const configureAuth = config => {
 };
 
 export const customAmplifyErrorMsgs = msg => {
-  if (
-    /null failed with error Generate ch?allenges lambda cannot be called/i.test(
-      msg
-    )
-  )
-    return "Password cannot be empty";
+  if (/null failed with error Generate ch?allenges lambda cannot be called/i.test(msg)) return "Password cannot be empty";
 
-  if (/Cannot read property 'username' of undefined/.test(msg))
-    return "Username cannot be empty";
+  if (/Cannot read property 'username' of undefined/.test(msg)) return "Username cannot be empty";
 
   return msg;
 };
+
+export function isDisallowedPassword(password) {
+  return password === "password";
+}
diff --git a/src/rootApp/views/KeycloakSignInView.js b/src/rootApp/views/KeycloakSignInView.js
@@ -7,24 +7,30 @@ import { connect } from "react-redux";
 import { setAuthSession } from "../ducks";
 import IdpDetails from "../security/IdpDetails";
 import BaseAuthSession from "../security/BaseAuthSession";
+import { isProdEnv } from "../../common/constants";
+import { isDisallowedPassword } from "../utils";
 
 function KeycloakSignInView({ setAuthSession }) {
   const [username, setUsername] = useState("");
   const [password, setPassword] = useState("");
   const [error, setError] = useState(null);
 
   function onSignIn() {
-    const [url, request] = httpClient.idp.getAuthRequest(username, password);
-    httpClient
-      .postUrlEncoded(url, request)
-      .then(x => x.data)
-      .then(data => {
-        httpClient.idp.setAccessToken(data["access_token"]);
-        setAuthSession(BaseAuthSession.AuthStates.SignedIn, null, IdpDetails.keycloak);
-      })
-      .catch(error => {
-        setError(`${error.response.statusText}: ${error.response.data["error_description"]}`);
-      });
+    if (!isProdEnv && isDisallowedPassword(password)) {
+      alert("Password change required.");
+    } else {
+      const [url, request] = httpClient.idp.getAuthRequest(username, password);
+      httpClient
+        .postUrlEncoded(url, request)
+        .then(x => x.data)
+        .then(data => {
+          httpClient.idp.setAccessToken(data["access_token"]);
+          setAuthSession(BaseAuthSession.AuthStates.SignedIn, null, IdpDetails.keycloak);
+        })
+        .catch(error => {
+          setError(`${error.response.statusText}: ${error.response.data["error_description"]}`);
+        });
+    }
   }
 
   function inputFieldChanged(e) {