Skip to content

Commit

Permalink
chore: first round of feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@Benmuiruri
Benmuiruri committed Nov 4, 2024
1 parent 8fee9e8 commit 0323df5
Show file tree
Hide file tree
Showing 16 changed files with 69 additions and 55 deletions.
9 changes: 5 additions & 4 deletions api/resources/translations/messages-en.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,12 +400,12 @@ bulkdelete.confirm.title = Delete record?
bulkdelete.confirm.title.plural = Delete selected records?
call = Call
case_id = Case ID
change.password.title = Change your password
change.password.hint = Use uppercase letters, numbers, and special characters.
change.password.new.password = New Password
change.password.confirm.password = Confirm password
change.password.submit = Change password
change.password.hint = Use uppercase letters, numbers, and special characters.
change.password.new.password = New password
change.password.required = Password and Confirm Password fields are required
change.password.submit = Change password
change.password.title = Change your password
child_birth_date = Child birth date
child_birth_outcome = Child birth outcome
child_birth_weight = Child birth weight
Expand Down Expand Up @@ -972,6 +972,7 @@ partner.supporting = Supporting partners
partner.tab.partners = Partners
password.incorrect = Password is not correct.
password.length.minimum = The password must be at least {{minimum}} characters long.
password.must.match = Passwords and confirm password must match
password.update = Update password
password.weak = The password is too easy to guess. Include a range of characters to make it more complex.
patient\ id\ not\ found\ response = Send the following response message if the validations pass but the Medic ID is not located.
Expand Down
9 changes: 5 additions & 4 deletions api/resources/translations/messages-es.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -400,12 +400,12 @@ bulkdelete.confirm.title = ¿Eliminar el registro?
bulkdelete.confirm.title.plural = ¿Eliminar registros seleccionados?
call = Llamar
case_id = Identificación del caso
change.password.title = Cambia tu contraseña
change.password.hint = Utilice letras mayúsculas, números y caracteres especiales..
change.password.confirm.password = Confirmar contraseña
change.password.hint = Utilice letras mayúsculas, números y caracteres especiales.
change.password.new.password = Nueva contraseña
change.password.confirm.password = Confirmar Contraseña
change.password.submit = Cambiar la contraseña
change.password.required = Los campos Contraseña y Confirmar contraseña son obligatorios
change.password.submit = Cambiar la contraseña
change.password.title = Cambiar contraseña
child_birth_date = Fecha de nacimiento del niño
child_birth_outcome = Resultado del nacimiento del niño
child_birth_weight = Peso del niño al nacer
Expand Down Expand Up @@ -972,6 +972,7 @@ partner.supporting = Socios que está apoyando
partner.tab.partners = Socios
password.incorrect = La contraseña no es correcta.
password.length.minimum = La contraseña debe tener al menos {{minimum}} caracteres.
password.must.match = Las contraseñas y la contraseña de confirmación deben coincidir
password.update = Actualizar contraseña
password.weak = La contraseña es demasiado fácil de adivinar. Incluya más variedad de caracteres para hacerlo más complejo.
patient\ id\ not\ found\ response = Enviar el siguiente mensaje de respuesta, sí las validaciones pasan correctamente pero no se encontró el Medic ID.
Expand Down
1 change: 1 addition & 0 deletions api/resources/translations/messages-fr.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -966,6 +966,7 @@ partner.supporting = Partenaires de soutien
partner.tab.partners = Partenaires
password.incorrect = Mot de passe incorrect
password.length.minimum = Le mot de passe doit être au moins {{minimum}} caractères.
password.must.match = Les mots de passe et le mot de passe de confirmation doivent correspondre
password.update = Mettre à jour mot de passe
password.weak = Le mot de passe est trop facile à deviner. Inclure au moins une lettre majuscule, un chiffre et un caractère spécial.
patient\ id\ not\ found\ response = Envoyer cette réponse si les validations passent, mais l'ID du patient n'est pas retrouvé.
Expand Down
1 change: 1 addition & 0 deletions api/resources/translations/messages-id.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -884,6 +884,7 @@ partner.supporting =
partner.tab.partners =
password.incorrect = Kata sandi tidak benar.
password.length.minimum = Kata sandi harus setidaknya {{minimum}} karakter.
password.must.match = Kata sandi dan konfirmasi kata sandi harus cocok
password.update = Perbaharui Kata Sandi
password.weak = Kata sandinya terlalu mudah. Sertakan setidaknya 1 huruf besar, 1 angka, dan 1 karakter khusus.
patient\ id\ not\ found\ response = Kirim pesan respon ini bila lolos validasi tetapi Medic ID tidak ditemukan
Expand Down
7 changes: 7 additions & 0 deletions api/resources/translations/messages-sw.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -402,6 +402,12 @@ bulkdelete.confirm.title = Futa rekodi?
bulkdelete.confirm.title.plural = Ungependa kufuta rekodi ulizochagua?
call = Piga simu
case_id = Kitambulisho cha kesi
change.password.confirm.password = Thibitisha nenosiri
change.password.hint = Tumia herufi kubwa, nambari na herufi maalum.
change.password.new.password = Nenosiri mpya
change.password.required = Nenosiri na uthibitisho wa nenosiri zinahitajika
change.password.submit = Badilisha nenosiri
change.password.title = Badilisha nenosiri lako
child_birth_date = Tarehe ya kuzaliwa mtoto
child_birth_outcome = Matokeo ya mtoto mzaliwa
child_birth_weight = Uzani wa mtoto mzaliwa
Expand Down Expand Up @@ -966,6 +972,7 @@ partner.supporting = Washirika wanaounga mkono
partner.tab.partners = Washirika
password.incorrect = Nenosiri si sahihi
password.length.minimum = Nenosiri inapaswa kuwa na wahusika {{minimum}} kwenda juu
password.must.match = Nenosiri na uthibitisho wa nenosiri lazima zilingane
password.update = Badilisha nenosiri
password.weak = Nywila ni rahisi sana nadhani. Jumuisha anuwai ya herufi ili kuifanya iwe ngumu zaidi.
patient\ id\ not\ found\ response = Tuma ujumbe wa majibu ufuatao kama validations zimepitishwa lakini ID ya mgonjwa haiko
Expand Down
2 changes: 1 addition & 1 deletion api/src/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ module.exports = {
.get(`org.couchdb.user:${auth.userCtx.name}`)
.then(user => ({
...auth.userCtx,
password_change_required: user.password_change_required || false
password_change_required: !!user.password_change_required
}));
}
throw { code: 500, message: 'Failed to authenticate' };
Expand Down
16 changes: 7 additions & 9 deletions api/src/controllers/login.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,7 @@ const rateLimitService = require('../services/rate-limit');
const serverUtils = require('../server-utils');
const passwordTester = require('simple-password-tester');

const PASSWORD_MINIMUM_LENGTH = 8;
const PASSWORD_MINIMUM_SCORE = 50;
const { PASSWORD_MINIMUM_LENGTH, PASSWORD_MINIMUM_SCORE } = require('@medic/user-management/src/users');

const templates = {
login: {
Expand Down Expand Up @@ -69,7 +68,7 @@ const templates = {
'change.password.required',
'password.weak',
'password.length.minimum',
'Passwords must match'
'password.must.match'
],
}
};
Expand Down Expand Up @@ -240,8 +239,7 @@ const setCookies = (req, res, sessionRes) => {
}
})
.then(() => {
const selectedLocale = req.body.locale
|| config.get('locale');
const selectedLocale = req.body.locale || config.get('locale');
cookie.setLocale(res, selectedLocale);
return {
userCtx,
Expand Down Expand Up @@ -384,7 +382,8 @@ const login = async (req, res) => {
const sessionRes = await validateSession(req);
const { userCtx, redirectUrl } = await setCookies(req, res, sessionRes);

if (!(await skipPasswordChange(userCtx)) && userCtx.password_change_required){
const redirectPasswordReset = !await skipPasswordChange(userCtx);
if (redirectPasswordReset){
return res.status(302).send('/medic/password-reset');
}

Expand Down Expand Up @@ -433,7 +432,7 @@ module.exports = {
});
},

passwordResetGet: (req, res, next) => {
getPasswordReset: (req, res, next) => {
return renderPasswordReset(req)
.then(body => {
res.setHeader(
Expand All @@ -446,7 +445,7 @@ module.exports = {
})
.catch(next);
},
passwordResetPost: async (req, res) => {
resetPassword: async (req, res) => {
const limited = await rateLimitService.isLimited(req);
if (limited) {
return serverUtils.rateLimited(req, res);
Expand Down Expand Up @@ -475,7 +474,6 @@ module.exports = {
user: user.name,
password: req.body.password,
locale: req.body.locale,
password_updated: true,
};

const sessionRes = await createSessionRetry(req);
Expand Down
6 changes: 3 additions & 3 deletions api/src/public/login/auth-utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,9 @@ const replaceTranslationPlaceholders = (text, translateValues) => {

try {
const values = JSON.parse(translateValues);
console.log(values);
return Object.entries(values).reduce((result, [key, value]) =>
result.replace(new RegExp(`{{${key}}}`, 'g'), value),
return Object
.entries(values)
.reduce((result, [key, value]) => result.replace(new RegExp(`{{${key}}}`, 'g'), value),
text
);
} catch (e) {
Expand Down
10 changes: 4 additions & 6 deletions api/src/public/login/password-reset.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,10 @@ const displayPasswordValidationError = (serverResponse) => {
const { error, params } = JSON.parse(serverResponse);
setState(error);

if (params?.minimum) {
const passwordError = document.querySelector('.error.password-short');
if (passwordError) {
passwordError.setAttribute('translate-values', JSON.stringify(params));
baseTranslate(selectedLocale, translations);
}
const passwordError = document.querySelector('.error.password-short');
if (params?.minimum && passwordError) {
passwordError.setAttribute('translate-values', JSON.stringify(params));
baseTranslate(selectedLocale, translations);
}
};

Expand Down
4 changes: 2 additions & 2 deletions api/src/routing.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,9 +290,9 @@ app.get(routePrefix + 'login', login.get);
app.get(routePrefix + 'login/identity', login.getIdentity);
app.postJson(routePrefix + 'login', login.post);
app.get(routePrefix + 'login/token/:token?', login.tokenGet);
app.get(routePrefix + 'password-reset', login.passwordResetGet);
app.postJson(routePrefix + 'password-reset', login.passwordResetPost);
app.postJson(routePrefix + 'login/token/:token?', login.tokenPost);
app.get(routePrefix + 'password-reset', login.getPasswordReset);
app.postJson(routePrefix + 'password-reset', login.resetPassword);
app.get(routePrefix + 'privacy-policy', privacyPolicyController.get);

// authorization for `_compact`, `_view_cleanup`, `_revs_limit` endpoints is handled by CouchDB
Expand Down
2 changes: 1 addition & 1 deletion api/src/templates/login/password-reset.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<input id="confirm-password" name="confirm-password" type="password"/>
</div>

<p class="error password-mismatch" translate="Passwords must match"></p>
<p class="error password-mismatch" translate="password.must.match"></p>
<p class="error password-weak" translate="password.weak"></p>
<p class="error password-short" translate="password.length.minimum" translate-values=""></p>
<p class="error password-required" translate="change.password.required"></p>
Expand Down
28 changes: 14 additions & 14 deletions config/default/app_settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@
"can_access_gateway_api": [
"gateway"
],
"can_aggregate_targets": [
"chw_supervisor"
],
"can_bulk_delete_reports": [
"program_officer",
"chw_supervisor",
Expand Down Expand Up @@ -122,6 +125,7 @@
"can_create_users": [
"program_officer"
],
"can_default_facility_filter": [],
"can_delete_contacts": [
"program_officer",
"chw_supervisor",
Expand Down Expand Up @@ -156,6 +160,9 @@
"chw_supervisor",
"chw"
],
"can_export_devices_details": [
"national_admin"
],
"can_export_all": [
"program_officer",
"crfo"
Expand All @@ -174,7 +181,9 @@
"chw_supervisor",
"chw"
],
"can_have_multiple_places": [],
"can_log_out_on_android": [],
"can_skip_password_change": [],
"can_update_places": [
"program_officer",
"chw_supervisor",
Expand All @@ -188,6 +197,9 @@
"can_update_users": [
"program_officer"
],
"can_upgrade": [
"program_officer"
],
"can_export_dhis": [
"national_admin",
"crfo"
Expand Down Expand Up @@ -264,6 +276,7 @@
"can_view_tasks_group": [
"chw"
],
"can_view_old_navigation": [],
"can_view_unallocated_data_records": [
"gateway",
"program_officer",
Expand All @@ -273,20 +286,7 @@
"can_view_users": [
"program_officer"
],
"can_write_wealth_quintiles": [],
"can_aggregate_targets": [
"chw_supervisor"
],
"can_upgrade": [
"program_officer"
],
"can_view_old_navigation": [],
"can_default_facility_filter": [],
"can_have_multiple_places": [],
"can_skip_password_change": [],
"can_export_devices_details": [
"national_admin"
]
"can_write_wealth_quintiles": []
},
"uhc": {
"contacts_default_sort": "",
Expand Down
21 changes: 11 additions & 10 deletions config/demo/app_settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,9 @@
"can_access_gateway_api": [
"gateway"
],
"can_aggregate_targets": [
"chw_supervisor"
],
"can_bulk_delete_reports": [
"program_officer",
"chw_supervisor",
Expand Down Expand Up @@ -162,6 +165,9 @@
"chw_supervisor",
"chw"
],
"can_export_dhis": [
"crfo"
],
"can_export_feedback": [
"program_officer"
],
Expand All @@ -172,6 +178,7 @@
"chw"
],
"can_log_out_on_android": [],
"can_skip_password_change": [],
"can_update_places": [
"program_officer",
"chw_supervisor",
Expand All @@ -185,8 +192,8 @@
"can_update_users": [
"program_officer"
],
"can_export_dhis": [
"crfo"
"can_upgrade": [
"program_officer"
],
"can_verify_reports": [
"program_officer",
Expand Down Expand Up @@ -269,14 +276,8 @@
"can_view_users": [
"program_officer"
],
"can_write_wealth_quintiles": [],
"can_aggregate_targets": [
"chw_supervisor"
],
"can_upgrade": [
"program_officer"
],
"can_view_old_navigation": []
"can_view_old_navigation": [],
"can_write_wealth_quintiles": []
},
"uhc": {
"contacts_default_sort": "",
Expand Down
4 changes: 4 additions & 0 deletions shared-libs/user-management/src/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1177,6 +1177,10 @@ module.exports = {
*/
parseCsv,

PASSWORD_MINIMUM_LENGTH,

PASSWORD_MINIMUM_SCORE,

createMultiFacilityUser,

checkPayloadFacilityCount,
Expand Down
1 change: 1 addition & 0 deletions webapp/src/js/bootstrapper/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@

if (showPasswordUI) {
setUiStatus('PASSWORD_CHANGE_SUCCESS');
document.cookie = 'passwordUpdated=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/';

Check warning

Code scanning / CodeQL

Clear text transmission of sensitive cookie Medium

Sensitive cookie sent without enforcing SSL encryption.
}

if (hasFullDataAccess(userCtx)) {
Expand Down
3 changes: 2 additions & 1 deletion webapp/src/js/bootstrapper/translator.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ const TRANSLATIONS = {
en: {
FETCH_INFO: ({ count, total }) => `Fetching info (${count} of ${total} docs )…`,
LOAD_APP: 'Loading app…',
PASSWORD_CHANGE_SUCCESS: 'Password Change successfully',
PASSWORD_CHANGE_SUCCESS: 'Password change successfully',
PURGE_INIT: 'Checking data…',
PURGE_INFO: ({ count }) => `Cleaned ${count} documents…`,
PURGE_META: 'Cleaning metadata…',
Expand All @@ -26,6 +26,7 @@ const TRANSLATIONS = {
es: {
FETCH_INFO: ({ count, total }) => `Obteniendo información (${count} de ${total} docs)…`,
LOAD_APP: 'Cargando aplicación…',
PASSWORD_CHANGE_SUCCESS: 'Cambio de contraseña exitoso',
PURGE_INIT: 'Verificación de datos…',
PURGE_INFO: ({ count }) => `Limpiado ${count} documentos…`,
PURGE_META: 'Limpieza de metadatos…',
Expand Down

0 comments on commit 0323df5

Please sign in to comment.