Adding fields to sign in page (#564)

* Adding fields to catch invalid inputs.
bitwarden · Apr 18, 2024 · 68d84de · 68d84de
1 parent db7e927
commit 68d84de
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/src/AdminConsole/Pages/Organization/Create.cshtml b/src/AdminConsole/Pages/Organization/Create.cshtml
@@ -6,6 +6,17 @@
     ViewData["Title"] = "Create an organization";
 }
 
+<style>
+    .passkey-info {
+        opacity: 0;
+        position: absolute;
+        top: 0;
+        left: 0;
+        height: 0;
+        width: 0;
+        z-index: -1;
+    }
+</style>
 
 <div class="sm:w-full sm:max-w-xl">
     <div class="bg-white py-8 px-4 shadow sm:rounded-lg sm:px-10">
@@ -94,6 +105,17 @@
                     <label asp-for="Form.AcceptsTermsAndPrivacy" class="font-medium text-gray-900">I agree to the <a href="https://bitwarden.com/terms/" class="link-blue" target="_blank">Terms and Conditions</a> and the <a href="https://bitwarden.com/privacy/" class="link-blue" target="_blank">Privacy Policy</a></label>
                 </div>
             </div>
+
+            <label class="passkey-info" asp-for="Form.OrgPurpose">
+                What is the purpose of your organization?
+                <input class="passkey-info" autocomplete="off" type="text" asp-for="Form.OrgPurpose" tabindex="-1"/>
+            </label>
+
+            <label class="passkey-info" asp-for="Form.UsePasskeys">
+                Would you like to use passkeys?
+                <input class="passkey-info" autocomplete="off" type="checkbox" asp-for="Form.UsePasskeys" tabindex="-1" />
+            </label>
+
             <span asp-validation-for="Form.AcceptsTermsAndPrivacy"></span>
 
             <div asp-validation-summary="ModelOnly"></div>

diff --git a/src/AdminConsole/Pages/Organization/Create.cshtml.cs b/src/AdminConsole/Pages/Organization/Create.cshtml.cs
@@ -18,20 +18,23 @@ public class Create : PageModel
     private readonly IMailService _mailService;
     private readonly MagicLinkSignInManager<ConsoleAdmin> _magicLinkSignInManager;
     private readonly IEventLogger _eventLogger;
+    private readonly ILogger<Create> _logger;
 
     public CreateModel Form { get; set; }
 
     public Create(IDataService dataService,
         UserManager<ConsoleAdmin> userManager,
         IMailService mailService,
         MagicLinkSignInManager<ConsoleAdmin> magicLinkSignInManager,
-        IEventLogger eventLogger)
+        IEventLogger eventLogger,
+        ILogger<Create> logger)
     {
         _dataService = dataService;
         _userManager = userManager;
         _mailService = mailService;
         _magicLinkSignInManager = magicLinkSignInManager;
         _eventLogger = eventLogger;
+        _logger = logger;
     }
 
     public IActionResult OnGet()
@@ -51,12 +54,20 @@ public async Task<IActionResult> OnPost(CreateModel form, CancellationToken canc
             return Page();
         }
 
+        if (!string.IsNullOrWhiteSpace(form.OrgPurpose) || form.UsePasskeys)
+        {
+            await Task.Delay(Random.Shared.Next(100, 300), cancellationToken);
+            _logger.LogInformation("Hidden field submitted from Create");
+            return RedirectToPage("/Organization/Verify");
+        }
+
         // Check if admin email is already used? (Use UserManager)
         var existingUser = await _userManager.FindByEmailAsync(form.AdminEmail);
 
         if (existingUser != null)
         {
-            await _mailService.SendEmailIsAlreadyInUseAsync(existingUser.Email);
+            //await _mailService.SendEmailIsAlreadyInUseAsync(existingUser.Email);
+            _logger.LogInformation("Duplicate user ({email}) submission from Create", form.AdminEmail);
             return RedirectToPage("/Organization/Verify");
         }
 
@@ -105,4 +116,7 @@ public record CreateModel
     public string AdminName { get; set; }
     [Required]
     public bool AcceptsTermsAndPrivacy { get; set; }
+
+    public string? OrgPurpose { get; set; }
+    public bool UsePasskeys { get; set; }
 }