first blacklist testing and removing account create examples

IABTechLab · Dec 20, 2024 · 92b9792 · 92b9792
1 parent 5224864
commit 92b9792
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 8 deletions.
diff --git a/keycloak/themes/uid2-theme/login/login-update-password.ftl b/keycloak/themes/uid2-theme/login/login-update-password.ftl
@@ -1,9 +1,10 @@
 <#import "template.ftl" as layout>
+
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('password','password-confirm'); section>
     <#if section = "header">
         ${msg("updatePasswordTitle")}
     <#elseif section = "form">
-        <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post">
+        <form id="kc-passwd-update-form" class="${properties.kcFormClass!}" action="${url.loginAction}" method="post" onsubmit="return checkPassword()">
             <input type="text" id="username" name="username" value="${username}" autocomplete="username"
                    readonly="readonly" style="display:none;"/>
             <input type="password" id="password" name="password" autocomplete="current-password" style="display:none;"/>
@@ -63,6 +64,33 @@
                     </#if>
                 </div>
             </div>
+
+
+        <script type="text/javascript">
+            // List of blacklisted passwords (can be expanded or fetched from an API)
+            const blacklistedPasswords = [
+                'password123', 'admin', 'qwerty', '123456', 'letmein'
+            ];
+
+            // Function to check if the entered password is blacklisted
+            function checkPassword() {
+                var password = document.getElementById("password-new").value;
+                
+                if (blacklistedPasswords.includes(password)) {
+                    alert("This password is blacklisted. Please choose a different one.");
+                    return false; // Prevent form submission
+                }
+
+                var confirmPassword = document.getElementById("password-confirm").value;
+                
+                if (password !== confirmPassword) {
+                    alert("Passwords do not match.");
+                    return false; // Prevent form submission
+                }
+                
+                return true; // Allow form submission
+            }
+        </script>
         </form>
     </#if>
 </@layout.registrationLayout>
diff --git a/src/web/App.tsx b/src/web/App.tsx
@@ -29,7 +29,7 @@ function AppContent() {
   if (LoggedInUser?.user?.participants!.length === 0) {
     return <ErrorView message='You do not have access to any participants.' />;
   }
-  if (location.pathname !== '/account/create' && LoggedInUser && !participant) {
+  if (LoggedInUser && !participant) {
     return <NoParticipantAccessView user={LoggedInUser?.user} />;
   }
 

diff --git a/src/web/contexts/CurrentUserProvider.tsx b/src/web/contexts/CurrentUserProvider.tsx
@@ -41,12 +41,6 @@ function CurrentUserProvider({ children }: Readonly<{ children: ReactNode }>) {
     }
   }, [keycloak, throwError]);
 
-  useEffect(() => {
-    if (LoggedInUser && !LoggedInUser.user && location.pathname !== '/account/create') {
-      navigate('/account/create');
-    }
-  }, [LoggedInUser, location.pathname, navigate]);
-
   useEffect(() => {
     if (keycloak.token) {
       loadUser();