V2 Settings - Security View #4018
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
joeauyeung
commented
Aug 29, 2022
| @@ -0,0 +1,107 @@ | |||
| import { SyntheticEvent, useState } from "react"; | |||
Contributor
Author
There was a problem hiding this comment.
Copied this file but added V2 components
| @@ -0,0 +1,232 @@ | |||
| import React, { SyntheticEvent, useState } from "react"; | |||
Contributor
Author
There was a problem hiding this comment.
Also copied this file and added V2 components
Contributor
There was a problem hiding this comment.
Heads up, this will change on #3817 let's try to match it first
Comment on lines
+11
to
+63
| export const authRouter = createProtectedRouter().mutation("changePassword", { | ||
| input: z.object({ | ||
| oldPassword: z.string(), | ||
| newPassword: z.string(), | ||
| }), | ||
| async resolve({ input, ctx }) { | ||
| const { oldPassword, newPassword } = input; | ||
|
|
||
| const { user } = ctx; | ||
|
|
||
| if (user.identityProvider !== IdentityProvider.CAL) { | ||
| throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" }); | ||
| } | ||
|
|
||
| const currentPasswordQuery = await prisma.user.findFirst({ | ||
| where: { | ||
| id: user.id, | ||
| }, | ||
| select: { | ||
| password: true, | ||
| }, | ||
| }); | ||
|
|
||
| const currentPassword = currentPasswordQuery?.password; | ||
|
|
||
| if (!currentPassword) { | ||
| throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" }); | ||
| } | ||
|
|
||
| const passwordsMatch = await verifyPassword(oldPassword, currentPassword); | ||
| if (!passwordsMatch) { | ||
| throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" }); | ||
| } | ||
|
|
||
| if (oldPassword === newPassword) { | ||
| throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" }); | ||
| } | ||
|
|
||
| if (!validPassword(newPassword)) { | ||
| throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" }); | ||
| } | ||
|
|
||
| const hashedPassword = await hashPassword(newPassword); | ||
| await prisma.user.update({ | ||
| where: { | ||
| id: user.id, | ||
| }, | ||
| data: { | ||
| password: hashedPassword, | ||
| }, | ||
| }); | ||
| }, | ||
| }); |
Contributor
Author
There was a problem hiding this comment.
Moved changing a password from an API endpoint to tRPC.
Comment on lines
+49
to
+51
| if (!validPassword(newPassword)) { | ||
| throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" }); | ||
| } |
Contributor
Author
There was a problem hiding this comment.
Checks for a valid password that was not present in the API endpoint
Contributor
|
@joeauyeung don't forget to add these pages to the |
3 tasks
zomars
reviewed
Aug 30, 2022
Contributor
zomars
left a comment
zomars
left a comment
There was a problem hiding this comment.
Looking good @joeauyeung let's address some possible changes incoming in #3817 first 🙏🏽
| @@ -0,0 +1,232 @@ | |||
| import React, { SyntheticEvent, useState } from "react"; | |||
Contributor
There was a problem hiding this comment.
Heads up, this will change on #3817 let's try to match it first
| @@ -0,0 +1,107 @@ | |||
| import { SyntheticEvent, useState } from "react"; | |||
Contributor
There was a problem hiding this comment.
Heads up, this will change on #3817 let's try to match it first
| @@ -0,0 +1,33 @@ | |||
| const TwoFactorAuthAPI = { | |||
Contributor
There was a problem hiding this comment.
Heads up, this will change on #3817 let's try to match it first
zomars
approved these changes
Aug 30, 2022
zomars
added a commit
that referenced
this pull request
Aug 30, 2022
* Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <[email protected]>
Udit-takkar
pushed a commit
to Udit-takkar/cal.com
that referenced
this pull request
Aug 30, 2022
* Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (calcom#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <[email protected]>
zomars
added a commit
that referenced
this pull request
Aug 31, 2022
* Fix breadcrumb colors * HorizontalTabs * Team List Item WIP * Horizontal Tabs * Cards * Remove team list item WIP * Login Page * Add welcome back i118n * EventType page work * Update EventType Icons * WIP Availability * Horizontal Tab Work * Add build command for in root * Update build DIr/command * Add Edit Button + change buttons to v2 * Availablitiy page * Fix IPAD * Make mobile look a little nicer * WIP bookingshell * Remove list items from breaking build * Mian bulk of Booking Page. * Few updates to components * Fix chormatic feedback * Fix banner * Fix Empty Screen * Text area + embded window fixes * Semi fix avatar * Troubleshoot container + Active on count * Improve mobile * NITS * Fix padding on input * Fix icons * Starting to move event types settings to tabs * Begin migration to single page form * Single page tabs * Limits Page * Advanced tab * Add RHF to dependancies * Most of advanced tab * Solved RHF mismtach * Build fixes * RHF conditionals fixes * Improved legibility * Major refactor/organisation into optional V2 UI * Portal EditLocationModal * Fix dialoug form * Update imports * Auto Animate + custom inputs WIP * Custom Inputs * WIP Apps * Fixing stories imports * Stripe app * Remove duplicate dialog * Remove duplicate dialog * add Test action button + UI improvements * add test action functionality * Fix embed URL * Fix app toggles + number of active apps * Fix container padding on disabledBorder prop * Removes strict * add confirmation dialog before sending SMS * code clean up * show error message if test action fails * disable test action button in edit mode * fixes SMS testing * use updated values * fix wrongly updated data in useEffect * fix typo * code clean up * EventType Team page WIP * Fix embed * NIT * Add Darkmode gray color * V2 Shell WIP * setup folders for v2 * add lost translations from merge * add all files to v2 + redesign /workflows * use custom template as default template * add first version of v2 for workflow editing page * Fix headings on shell V2 * Fix mobile layout with V2 shell * V2 create event type button * Checked Team Select * Hidden to happen on save - not on toggle * Team Attendee Select animation * Fix scheduling type and remove multi select label * Fix overflow on teams url * use fi icon for down arrow * add v2 shell * add trigger badge * Even Type move order handles * fix save button * enable editing of workflow name * improve delete workflow functionality * adjust empty screen * make trigger start with uppercase * change trash icon * Fix Embed TS errors * Fix TS errors * Fix Eslint errors * Fix TS errors for UI * Fix ESLINT error * create component for time and timeUnit input/dropdown * add workflows to v2 early access middleware * fix type issues * added SidebarCard for promo to v2 and storybook (#3906) Co-authored-by: Julian Benegas <[email protected]> Co-authored-by: Alan <[email protected]> Co-authored-by: sean-brydon <[email protected]> * Tooltip Provider - Wrapper due to dep upgrade * public event type list darkmode * V2 Color changes to public booking * adjust delete and edit button * create custom empty screen for worklows * add workflow examples to empty page * add loading state to button when creating first workflow * Show action as workflow name when no name exists * if no input leave name empty when updating workflow * use reminder template when creating workflow * improve time unit dropdown * Remove unused component * Fix typecheck * add loading state to new workflow button * add label before action dropdown * fixing badges in worflow list * use lighter color for untitled workflows * fix not showing nr of active eventtypes in workflow list * add workflows to event types * implement v2 desing for AddActionDialog * improve phone input * rounded borders for phoneInput in add action dialog * improve message input * fix mobile view for editing page * use md breakpoint for mobile view * finish workflows in event type settings * code cleanup * code cleanup * fix bug in testing workflow action * add v2 design for addition inputs as variables dialog * add V2 design for add variable dropdown * add notification icons to trigger badge * improve mobile version of workflows in eventtypes * remove ring from time before input * fix bug when workflow has no steps * Final UI improvements/fixes * code clean-up * code clean-up * code clean-up * use v2 design for license required * fix translation issues * fix adding variables in different language in old design * limit for pro users only for now * fix import * fix mobile view for empty screen * ues destructive button color for deleting workfow * remove padding at button of creation dialog * V2 Settings - Security View (#4018) * Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <[email protected]> * fix: rate limit auth (#3820) * fix: rate limit auth * fix: replace lru-cache w memory-cache * remove comments * fix: yarn.lock * fix: remove changes yarn lock * fix: add missing EOL empty liune * fix: move rate limiter so it kicks the last, limit to 10 tries per minute * fix: move limiter w rest of code * test: trying fix onboardong * fix: undo changes in globalSetup.ts * test: fix disable login for onboarding * fix: use username instead of email for token check * fix: tests * fix: don't run on test * fix: add missing comma * fix: remove uniqueTokenPerInterval * fix: add errorcode to packages lib auth * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <[email protected]> * Update packages/lib/rateLimit.ts fix: no unnecessary any Co-authored-by: Omar López <[email protected]> * Update packages/lib/rateLimit.ts fix: improve readability Co-authored-by: Omar López <[email protected]> * fix: rename interval -> intervalInMs * fix: check user.email not username which could be empty * fix: rateLimit update all naming Co-authored-by: Agusti Fernandez Pardo <[email protected]> Co-authored-by: Omar López <[email protected]> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Peer Richelsen <[email protected]> * Adds deprecation comments Co-authored-by: sean-brydon <[email protected]> Co-authored-by: Peer Richelsen <[email protected]> Co-authored-by: zomars <[email protected]> Co-authored-by: CarinaWolli <[email protected]> Co-authored-by: Hariom Balhara <[email protected]> Co-authored-by: Julian Benegas <[email protected]> Co-authored-by: Alan <[email protected]> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Joe Au-Yeung <[email protected]> Co-authored-by: Agusti Fernandez Pardo <[email protected]> Co-authored-by: Agusti Fernandez Pardo <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR adds two screens to the security section of the settings for V2.
Note that the settings shell is still a WIP so the pages will be missing headers.
Fixes #3784
Environment: Staging(main branch) / Production
Type of change
How should this be tested?
Visit http://localhost:3000/v2/settings/security/password
Visit http://localhost:3000/v2/settings/security/two-factor-auth
Checklist