Asub 8192/captcha2 login

[edwardcho1231]

If you have not filled out the checklist below, the pr is not ready for review.

Description

• Create a new component to handle reCaptcha V2 for signup, signin, magicLink, and checkout

• Add reCaptcha V2 component to login block

Jira Ticket

https://arcpublishing.atlassian.net/browse/ASUB-8192

Acceptance Criteria

• Update BotChallengeProtection component in identity-block

• BotChallengeProtection will accept a challengeIn attribute. This attribute could be one of:
  'signup' || ‘signin’ || ‘magiclink’ || ‘checkout’

• IF !!`${challengeIn}Recaptcha && recaptchaScore between 0 - 1 &&!!recaptchaSiteKey

• THEN render reCaptchaV3. reCaptchaV3 should be initialized by passing the recaptchaSiteKey

• Every time you grab a response token from reCAPTCHA component, store the response in localStorage.

• The BotChallengeProtection should be part of the Login block, and the reCaptcha token should be sent during the call to Identity.login();

• User should be successfully Logged In when reCaptcha v3 is enabled for signin.

• Write the integration tests required to check login is working as expected when signinRechaptcha (reCaptchaV3) is enabled/disabled.

Test Steps

1. Checkout this branch git checkout {branch name}
2. Run fusion repo with linked blocks npx fusion start -f -l @wpmedia/identity-block
3. Enable reCaptcha for login by visiting Subscription admin page of the org and site you want to test in
4. Create a page with login block or visit a site with login block
5. You should see the recaptcha box in the login block

Effect Of Changes

Before

Login block does not contain recaptcha box even when it's enabled for the org/site

After

reCaptcha box should be visible if enabled and required to pass before logging in.

Dependencies or Side Effects

Examples of dependencies or side effects are:

• Manifest pr for new block:
• Feature pack pr for local development:
• How to deploy to news: https://arcpublishing.atlassian.net/wiki/spaces/TI/pages/3138682964/News+Theme+2.0+Migration+Development+Deployment+Notes
• Additional settings that will be required in the blocks.json
• Changes to the custom fields which will require users to reconfigure features
• Dependency on another PR that needs to be merged first

Author Checklist

The author of the PR should fill out the following sections to ensure this PR is ready for review.

• Confirmed all the test steps a reviewer will follow above are working.
• Confirmed there are no linter errors. Please run npm run lint to check for errors. Often, npm run lint:fix will fix those errors and warnings.
• Ran this code locally and checked that there are not any unintended side effects. For example, that a CSS selector is scoped only to a particular block.
• Confirmed this PR has reasonable code coverage. You can run npm run test:coverage to see your progress.
  • Confirmed this PR has unit test files
  • Ran npm run test, made sure all tests are passing
  • If the amount of work to write unit tests for this change are excessive,
    please explain why (so that we can fix it whenever it gets refactored).
• Confirmed relevant documentation has been updated/added.

Reviewer Checklist

The reviewer of the PR should copy-paste this template into the review comments on review.

• Linting code actions have passed.
• Ran the code locally based on the test instructions.
  • I don’t think this is needed to be tested locally. For example, a padding style change (storybook?) or a logic change (write a test).
• I am a member of the engine theme team so that I can approve and merge this. If you're not on the team, you won't have access to approve and merge this pr.
• Looked to see that the new or changed code has code coverage, specifically. We want the global code coverage to keep on going up with targeted testing.

[LauraPinilla]

remove consoleLog

[LauraPinilla]

Looks like some attributes are not being used: error, setError, isAdmin, phrases, ...

[vgalatro]

Is this PR a WIP, or is it ready for review? There's no test instructions, description, or linked ticket. The large amount of changes to our localization files is also concerning, was all of the code up to date before the generate:intl script was run?

[edwardcho1231]

@vgalatro I just put this up for Laura to take a look for now. Once she approves, I was going to ask for a review from the Themes team. I figured that we would do the same thing as how we did it for the 2.0 migration, where the subs team would review functionality, and the themes team would look at things specific to themes.

[LauraPinilla]

useIdentity was defined inside arc-themes-component project. I think it's worth defining this hook there too.

[edwardcho1231]

WPMedia/arc-themes-components#242

[LauraPinilla]

@edwardcho1231 Now It can be removed

[LauraPinilla]

@edwardcho1231 I think you can move L23-L25 into if on L27, thus you call config from identity or sales, depending on challengeIn

[edwardcho1231]

@LauraPinilla Don't we have to call Identity.config even when the challengeIn === 'checkout' since we need the recaptchaSiteKey?

[LauraPinilla]

good point @edwardcho1231 I missed that. Yep for checkout we need to call both

[vgalatro]

This will need to go into 2.3.0 once the branch is created, as we're launching 2.2.1 soon with security hotfixes.

[LauraPinilla]

Hi @edwardcho1231 , As part of the designs we have an additional reCaptcha state when it expires.

[LauraPinilla]

@edwardcho1231 do you mind to use a different cookie name. One less common, something like ArcXP_captchaToken or something like this. We want to avoid another app could overwrite this value

[LauraPinilla]

Checking the reCaptcha documentation if you include onExpired, you will be able to see the error "Verification expired, Check the checkbox again" after two minutes the challenge was completed, once the token is expired

<ReCAPTCHA
  sitekey={siteKey}
  onChange={onChange}
  onExpired 
  />

[LauraPinilla]

@vgalatro this ticket LGTM now. In case you want to start to take a look.
Thanks @edwardcho1231 for all these changes.

[vgalatro]

Only thing I see is the package.json and package-lock.json have some conflicts with the new base branch. The versions of those files in arc-themes-release-version-2.3.0 would be the correct ones.

[vgalatro]

The changes look good now, but there's one last issue. There are failing tests that will prevent the block from being published. Please check them with npm run test:changed-feature-branch. Also do npm run lint:changed-feature-branch to make sure there's no linting errors, as they will also prevent the block publish.

[vgalatro]

@edwardcho1231 , the unit test check is still not passing due to low coverage:

Jest: "global" coverage threshold for branches (66%) not met: 62.5%

It looks like the new /bot-challenge-protection/index.jsx file has the lowest coverage, so improving that should get it over the global minimum.

[vgalatro]

Changes look good, and the test/lint action is passing, approved!

[vgalatro]

@edwardcho1231 , I'll go ahead and merge this in since I'm not sure you'll be able to.