From 58753c7bf7435c989c9315c8c0d0b1d5e69f5921 Mon Sep 17 00:00:00 2001 From: Bo Motlagh Date: Wed, 4 Oct 2023 16:41:23 -0400 Subject: [PATCH] ensuring that the password reset screen displays an appropriate message if password policy fails --- package.json | 2 +- src/api/accounts/account.js | 2 +- views/forgotpassword/forgotSend.js | 26 +++++++++++++++++++++++--- 3 files changed, 25 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 5af636cd..d7893134 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "ue-auth", "altName": "UE-Auth", - "version": "1.36.0", + "version": "1.36.1", "description": "UE Auth is a multi-tenant OIDC Provider, User Management, B2B Product Access, and Roles/Permissions Management system intended to create a single hybrid solution to serve as Identity and Access for both self-registered B2C Apps and Enterprise B2B Solutions", "private": false, "license": "SEE LICENSE IN ./LICENSE.md", diff --git a/src/api/accounts/account.js b/src/api/accounts/account.js index 88d95595..34394361 100644 --- a/src/api/accounts/account.js +++ b/src/api/accounts/account.js @@ -82,7 +82,7 @@ export default { if(!policy.test(password)) { const message = (custom) ? 'Password must follow the policy. Contact your administrator' : `Password must follow the policy: At least ${p.pattern.characters} characters${(p.pattern.caps) ? ', at least one capital' : ''}${(p.pattern.number) ? ', at least one number' : ''}${(p.pattern.special) ? ', at least one special character' : ''}.`; - throw Boom.badRequest(message); + throw Boom.expectationFailed(message); } } }, diff --git a/views/forgotpassword/forgotSend.js b/views/forgotpassword/forgotSend.js index 7b962525..2ae3bd7a 100644 --- a/views/forgotpassword/forgotSend.js +++ b/views/forgotpassword/forgotSend.js @@ -13,7 +13,18 @@ window.addEventListener( 'load', function () { if (event.target.status !== 204) { document.getElementById('message').classList.add('error'); document.getElementById('title').innerHTML = 'Uh oh...'; - document.getElementById('message').innerHTML = 'Verification or reset was not successful. Your reset or verification window may have expired. Click below to resend the email'; + let innerHtml = 'Verification or reset was not successful. Your reset or verification window may have expired. Click below to resend the email'; + if(event.target.status === 417) { + let responseMessage; + try { + responseMessage = JSON.parse(event.target.response); + innerHtml = `Password reset was not successful. ${responseMessage?.message}`; + } catch(e) { + innerHtml = 'Password reset was not successful. You must adhere to the password policy. Contact your admin for details.'; + } + } + console.info(event); + document.getElementById('message').innerHTML = innerHtml; form.remove(); document.getElementById('tryAgain').classList.remove('invisible'); } else { @@ -49,10 +60,19 @@ window.addEventListener( 'load', function () { XHR.addEventListener( 'load', function(event) { hideSpinner(); if (event.target.status !== 204) { - console.info('error'); + let innerHtml = 'There may be a problem. Try again later or contact the admin.'; + if(event.target.status === 417) { + let responseMessage; + try { + responseMessage = JSON.parse(event.target.response); + innerHtml = `Password reset was not successful. ${responseMessage?.message}`; + } catch(e) { + innerHtml = 'Password reset was not successful. You must adhere to the password policy. Contact your admin for details.'; + } + } document.getElementById('message').classList.add('error'); document.getElementById('title').innerHTML = 'Uh oh...'; - document.getElementById('message').innerHTML = 'There may be a problem. Try again later or contact the admin.'; + document.getElementById('message').innerHTML = innerHtml; } else { document.getElementById('title').innerHTML = 'Check Your Email or Mobile Device'; const m1 = document.getElementById('message');