Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement minimum length for passwords in account creation #4353

Merged
merged 12 commits into from
Aug 13, 2024

Conversation

cerdo03
Copy link
Contributor

@cerdo03 cerdo03 commented Dec 8, 2023

Summary

Description of the change(s) you made

Fixes #4142
I have implemented password length validation on password1 field. Password should be at least 8 characters long otherwise it would throw an error that "Password should be atleast 8 characters long".

Manual verification steps performed

  1. Go the the create account page
  2. If the password that you enter is smaller than 8 characters, it will show an error.

Comments

Does the validation need to implemented on backend as well?


Contributor's Checklist

PR process:

  • If this is an important user-facing change, PR or related issue the CHANGELOG label been added to this PR. Note: items with this label will be added to the CHANGELOG at a later time
  • If this includes an internal dependency change, a link to the diff is provided
  • The docs label has been added if this introduces a change that needs to be updated in the user docs?
  • If any Python requirements have changed, the updated requirements.txt files also included in this PR
  • Opportunities for using Google Analytics here are noted
  • Migrations are safe for a large db

Studio-specifc:

  • All user-facing strings are translated properly
  • The notranslate class been added to elements that shouldn't be translated by Google Chrome's automatic translation feature (e.g. icons, user-generated text)
  • All UI components are LTR and RTL compliant
  • Views are organized into pages, components, and layouts directories as described in the docs
  • Users' storage used is recalculated properly on any changes to main tree files
  • If there new ways this uses user data that needs to be factored into our Privacy Policy, it has been noted.

Testing:

  • Code is clean and well-commented
  • Contributor has fully tested the PR manually
  • If there are any front-end changes, before/after screenshots are included
  • Critical user journeys are covered by Gherkin stories
  • Any new interactions have been added to the QA Sheet
  • Critical and brittle code paths are covered by unit tests

Reviewer's Checklist

This section is for reviewers to fill out.

  • Automated test coverage is satisfactory
  • PR is fully functional
  • PR has been tested for accessibility regressions
  • External dependency files were updated if necessary (yarn and pip)
  • Documentation is updated
  • Contributor is in AUTHORS.md

Copy link
Member

@akolson akolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @cerdo03! Generally the code looks good and works as expected, thanks. However it appears that one of the scenarios specified on the issue will fail

.....In development mode, the password a should still work.

@bjester will clarify on this.

Also, noting that there are a few failing tests that will need fixing before a merge.

Copy link
Member

@bjester bjester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see some print statements and a lot of commented code.

@MisRob
Copy link
Member

MisRob commented Feb 15, 2024

Hello @cerdo03, are you still planning to follow-up here or would it be better to close the pull request?

@bjester
Copy link
Member

bjester commented Feb 16, 2024

@cerdo03 Thank you for taking this on. You got it most of the way there, and I wrapped it up. Some of the backend code was quite confusing in how it worked.

@bjester bjester changed the title password validation implemented in frontend Implement minimum length for passwords in account creation Feb 16, 2024
@@ -291,10 +310,12 @@
];
},
usageRules() {
return [() => (this.form.uses.length ? true : this.$tr('fieldRequiredMessage'))];
/* eslint-disable-next-line kolibri/vue-no-undefined-string-uses */
Copy link
Member

@akolson akolson Feb 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is nolonger necessary as fieldRequired exists. There's a few other places to clean this up too.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, this is required. The linting rule does not properly understand this is an external translator

Copy link
Member

@akolson akolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, the implemenation looks correct to me. There seem to be a few linting comments that may require cleanup too. Unless it is deliberate to have them, we should be good to go. Also, the failing test needs to be looked into before the merge.

@akolson
Copy link
Member

akolson commented Aug 1, 2024

Hi @cerdo03! Are you still interested in contributing to this pr, or we should reassign it?

@akolson akolson self-assigned this Aug 1, 2024
Copy link
Member

@akolson akolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, the implementation looks correct to me. Manual QA also checkouts. However, it looks like

In development mode, the password a should still work.

is still missing. @bjester is still a requirement for this pr?

@bjester
Copy link
Member

bjester commented Aug 12, 2024

Generally, the implementation looks correct to me. Manual QA also checkouts. However, it looks like

In development mode, the password a should still work.

is still missing. @bjester is still a requirement for this pr?

My comment there was a bit ambiguous. I meant that it should still work for login. That should still be the case

Copy link
Member

@akolson akolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AlexVelezLl adding a little blocker so that the issue here can be address too!

@bjester
Copy link
Member

bjester commented Aug 13, 2024

@AlexVelezLl adding a little blocker so that the issue here can be address too!

@akolson I just tested this and the [email protected] + a login is working. There should be no blockers?

@bjester bjester requested a review from akolson August 13, 2024 14:10
Copy link
Member

@akolson akolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving this after a chat with Blaine. The context of this was based on how historical data should be handled, and the pr addresses this. Thanks again @AlexVelezLl for finishing this off!

@akolson akolson merged commit e01dcb5 into learningequality:unstable Aug 13, 2024
13 checks passed
@akolson akolson mentioned this pull request Aug 13, 2024
@akolson akolson mentioned this pull request Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Passwords do not have any length or character requirements
5 participants