Feat(register): add password complexity and hints (#68)

* add specific component to test in template

* adapt password form fields name

use include_asset, add noscript

fix password tests

fix lint

fix unit test

dupplicate PasswordCreationDoubleInput to use custom names and labels

fix lint

add exception in knip for external components

rename component to PasswordDoubleInput

update html forceShowNewPasswordInvalid": false

* update autocomplete field

* deactivate english dictionnary

fix lint

update translation

* update translations

---------

Co-authored-by: mcalinghee <[email protected]>

Author: odelcroi

frontend/knip.config.ts

@@ -11,6 +11,8 @@ export default {
     "src/gql/*",
     "src/routeTree.gen.ts",
     ".storybook/locales.ts",
+    "src/external/**",
+
     "tchap/**", //:tchap: add tchap folder
   ],
   ignoreDependencies: [

frontend/locales/en.json

@@ -29,6 +29,7 @@
     "loading": "Loading…",
     "next": "Next",
     "password": "Password",
+    "password_confirm": "",
     "previous": "Previous",
     "saved": "Saved",
     "saving": "Saving…"

frontend/src/external/mount.tsx

@@ -0,0 +1,44 @@
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { TooltipProvider } from "@vector-im/compound-web";
+import { createElement, StrictMode, Suspense } from "react";
+import ReactDOM from "react-dom/client";
+import { I18nextProvider } from "react-i18next";
+import ErrorBoundary from "../components/ErrorBoundary";
+import i18n, { setupI18n } from "../i18n";
+import "../shared.css";
+
+setupI18n();
+
+export function mountWithProviders(
+  selector: string,
+  Component: React.ComponentType<any>,
+  defaultProps?: Record<string, unknown>,
+) {
+  try {
+    const el = document.querySelector(selector);
+    if (!el) throw new Error(`can not find ${selector} in DOM`);
+    const propsJSON = el.getAttribute("data-props") || "{}";
+    const parsedProps = JSON.parse(propsJSON);
+    const props = { ...(defaultProps ?? {}), ...(parsedProps ?? {}) };
+    const queryClient = new QueryClient();
+    ReactDOM.createRoot(el).render(
+      <StrictMode>
+        <QueryClientProvider client={queryClient}>
+          <ErrorBoundary>
+            <TooltipProvider>
+              <Suspense
+                fallback={<div>{`Chargement du composant ${selector}…`}</div>}
+              >
+                <I18nextProvider i18n={i18n}>
+                  {createElement(Component, props)}
+                </I18nextProvider>
+              </Suspense>
+            </TooltipProvider>
+          </ErrorBoundary>
+        </QueryClientProvider>
+      </StrictMode>,
+    );
+  } catch (err) {
+    console.error(`Cannot mount component on ${selector}:`, err);
+  }
+}

frontend/src/external/register/PasswordCreationDoubleInput.tsx

@@ -0,0 +1,159 @@
+// Copyright 2024, 2025 New Vector Ltd.
+// Copyright 2024 The Matrix.org Foundation C.I.C.
+//
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
+
+import { Form, Progress } from "@vector-im/compound-web";
+import { useDeferredValue, useEffect, useRef, useState } from "react";
+import { useTranslation } from "react-i18next";
+
+import { type FragmentType, graphql, useFragment } from "../../gql";
+import type { PasswordComplexity } from "../../utils/password_complexity";
+
+const CONFIG_FRAGMENT = graphql(/* GraphQL */ `
+  fragment PasswordCreationDoubleInput_siteConfig on SiteConfig {
+    id
+    minimumPasswordComplexity
+  }
+`);
+
+// This will load the password complexity module lazily,
+// so that it doesn't block the initial render and can be code-split
+const loadPromise = import("../../utils/password_complexity").then(
+  ({ estimatePasswordComplexity }) => estimatePasswordComplexity,
+);
+
+const usePasswordComplexity = (password: string): PasswordComplexity => {
+  const { t } = useTranslation();
+  const [result, setResult] = useState<PasswordComplexity>({
+    score: 0,
+    scoreText: t("frontend.password_strength.placeholder"),
+    improvementsText: [],
+  });
+  const deferredPassword = useDeferredValue(password);
+
+  useEffect(() => {
+    if (deferredPassword === "") {
+      setResult({
+        score: 0,
+        scoreText: t("frontend.password_strength.placeholder"),
+        improvementsText: [],
+      });
+    } else {
+      loadPromise
+        .then((estimatePasswordComplexity) =>
+          estimatePasswordComplexity(deferredPassword, t),
+        )
+        .then((response) => setResult(response));
+    }
+  }, [deferredPassword, t]);
+
+  return result;
+};
+
+//:tchap: this compoenent has been duplicated from src/frontend/components/PasswordCreationDoubleInput
+//:tchap: it should be reusing this component with possibilities to customize names and labels
+export default function PasswordCreationDoubleInput({
+  siteConfig,
+  forceShowNewPasswordInvalid,
+}: {
+  siteConfig: FragmentType<typeof CONFIG_FRAGMENT>;
+  forceShowNewPasswordInvalid: boolean;
+}): React.ReactElement {
+  const { t } = useTranslation();
+  const { minimumPasswordComplexity } = useFragment(
+    CONFIG_FRAGMENT,
+    siteConfig,
+  );
+
+  const newPasswordRef = useRef<HTMLInputElement>(null);
+  const newPasswordAgainRef = useRef<HTMLInputElement>(null);
+  const [newPassword, setNewPassword] = useState("");
+
+  const passwordComplexity = usePasswordComplexity(newPassword);
+  let passwordStrengthTint: "red" | "orange" | "lime" | "green" | undefined;
+  if (newPassword === "") {
+    passwordStrengthTint = undefined;
+  } else {
+    passwordStrengthTint = (["red", "red", "orange", "lime", "green"] as const)[
+      passwordComplexity.score
+    ];
+  }
+
+  return (
+    <>
+      <Form.Field name="password">
+        <Form.Label>{t("common.password")}</Form.Label>
+
+        <Form.PasswordControl
+          required
+          autoComplete="new-password"
+          ref={newPasswordRef}
+          onBlur={() =>
+            newPasswordAgainRef.current?.value &&
+            newPasswordAgainRef.current?.reportValidity()
+          }
+          onChange={(e) => setNewPassword(e.target.value)}
+        />
+
+        <Progress
+          size="sm"
+          getValueLabel={() => passwordComplexity.scoreText}
+          tint={passwordStrengthTint}
+          max={4}
+          value={passwordComplexity.score}
+        />
+
+        {passwordComplexity.improvementsText.map((suggestion) => (
+          <Form.HelpMessage key={suggestion}>{suggestion}</Form.HelpMessage>
+        ))}
+
+        {passwordComplexity.score < minimumPasswordComplexity && (
+          <Form.ErrorMessage match={() => true}>
+            {t("frontend.password_strength.too_weak")}
+          </Form.ErrorMessage>
+        )}
+
+        <Form.ErrorMessage match="valueMissing">
+          {t("frontend.errors.field_required")}
+        </Form.ErrorMessage>
+
+        {forceShowNewPasswordInvalid && (
+          <Form.ErrorMessage>
+            {t(
+              "frontend.password_change.failure.description.invalid_new_password",
+            )}
+          </Form.ErrorMessage>
+        )}
+      </Form.Field>
+
+      <Form.Field name="password_confirm">
+        {/*
+        TODO This field has validation defects,
+        some caused by Radix-UI upstream bugs.
+        https://github.com/matrix-org/matrix-authentication-service/issues/2855
+      */}
+        <Form.Label>{t("common.password_confirm")}</Form.Label>
+
+        <Form.PasswordControl
+          required
+          ref={newPasswordAgainRef}
+          autoComplete="new-password"
+        />
+
+        <Form.ErrorMessage match="valueMissing">
+          {t("frontend.errors.field_required")}
+        </Form.ErrorMessage>
+
+        <Form.ErrorMessage match={(v, form) => v !== form.get("password")}>
+          {t("frontend.password_change.passwords_no_match")}
+        </Form.ErrorMessage>
+
+        <Form.SuccessMessage match="valid">
+          {t("frontend.password_change.passwords_match")}
+        </Form.SuccessMessage>
+      </Form.Field>
+    </>
+  );
+}

frontend/src/external/register/PasswordDoubleInput.tsx

@@ -0,0 +1,54 @@
+import { queryOptions, useSuspenseQuery } from "@tanstack/react-query";
+import { Form } from "@vector-im/compound-web";
+import { graphql } from "../../gql";
+import { graphqlRequest } from "../../graphql";
+import { mountWithProviders } from "../mount";
+import "../../shared.css";
+import PasswordCreationDoubleInput from "./PasswordCreationDoubleInput";
+
+const HTML_ID = "#password-double-input";
+
+const QUERY = graphql(/* GraphQL */ `
+  query PasswordChange {
+    viewer {
+      __typename
+      ... on Node {
+        id
+      }
+    }
+
+    siteConfig {
+      ...PasswordCreationDoubleInput_siteConfig
+    }
+  }
+`);
+
+const query = queryOptions({
+  queryKey: ["passwordChange"],
+  queryFn: ({ signal }) => graphqlRequest({ query: QUERY, signal }),
+});
+
+type PasswordDoubleInputProps = { forceShowNewPasswordInvalid: boolean };
+
+function PasswordDoubleInput({
+  forceShowNewPasswordInvalid,
+}: PasswordDoubleInputProps) {
+  const {
+    data: { siteConfig },
+  } = useSuspenseQuery(query);
+  return (
+    // Form.Root is needed because Form.Field requires to be included into a Form
+    // asChild allows to replace Form.Root component by the child, the <form> used is in the password.html
+    <Form.Root asChild>
+      <div>
+        <PasswordCreationDoubleInput
+          siteConfig={siteConfig}
+          forceShowNewPasswordInvalid={forceShowNewPasswordInvalid}
+        />
+      </div>
+    </Form.Root>
+  );
+}
+
+// Allow mounting under either the new specific id or the legacy #view
+mountWithProviders(HTML_ID, PasswordDoubleInput);

frontend/src/gql/gql.ts

@@ -49,6 +49,7 @@ type Documents = {
     "\n  fragment UserEmailList_user on User {\n    hasPassword\n  }\n": typeof types.UserEmailList_UserFragmentDoc,
     "\n  fragment UserEmailList_siteConfig on SiteConfig {\n    emailChangeAllowed\n    passwordLoginEnabled\n  }\n": typeof types.UserEmailList_SiteConfigFragmentDoc,
     "\n  fragment BrowserSessionsOverview_user on User {\n    id\n\n    browserSessions(first: 0, state: ACTIVE) {\n      totalCount\n    }\n  }\n": typeof types.BrowserSessionsOverview_UserFragmentDoc,
+    "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n": typeof types.PasswordChangeDocument,
     "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          ...AddEmailForm_user\n          ...UserEmailList_user\n          ...AccountDeleteButton_user\n          hasPassword\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      accountDeactivationAllowed\n      ...AddEmailForm_siteConfig\n      ...UserEmailList_siteConfig\n      ...PasswordChange_siteConfig\n      ...AccountDeleteButton_siteConfig\n    }\n  }\n": typeof types.UserProfileDocument,
     "\n  query PlanManagementTab {\n    siteConfig {\n      planManagementIframeUri\n    }\n  }\n": typeof types.PlanManagementTabDocument,
     "\n  query BrowserSessionList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n    $lastActive: DateFilter\n  ) {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n\n        user {\n          id\n\n          browserSessions(\n            first: $first\n            after: $after\n            last: $last\n            before: $before\n            lastActive: $lastActive\n            state: ACTIVE\n          ) {\n            totalCount\n\n            edges {\n              cursor\n              node {\n                id\n                ...BrowserSession_session\n              }\n            }\n\n            pageInfo {\n              hasNextPage\n              hasPreviousPage\n              startCursor\n              endCursor\n            }\n          }\n        }\n      }\n    }\n  }\n": typeof types.BrowserSessionListDocument,
@@ -62,7 +63,6 @@ type Documents = {
     "\n  mutation DoVerifyEmail($id: ID!, $code: String!) {\n    completeEmailAuthentication(input: { id: $id, code: $code }) {\n      status\n    }\n  }\n": typeof types.DoVerifyEmailDocument,
     "\n  mutation ResendEmailAuthenticationCode($id: ID!, $language: String!) {\n    resendEmailAuthenticationCode(input: { id: $id, language: $language }) {\n      status\n    }\n  }\n": typeof types.ResendEmailAuthenticationCodeDocument,
     "\n  mutation ChangePassword(\n    $userId: ID!\n    $oldPassword: String!\n    $newPassword: String!\n  ) {\n    setPassword(\n      input: {\n        userId: $userId\n        currentPassword: $oldPassword\n        newPassword: $newPassword\n      }\n    ) {\n      status\n    }\n  }\n": typeof types.ChangePasswordDocument,
-    "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n": typeof types.PasswordChangeDocument,
     "\n  mutation RecoverPassword($ticket: String!, $newPassword: String!) {\n    setPasswordByRecovery(\n      input: { ticket: $ticket, newPassword: $newPassword }\n    ) {\n      status\n    }\n  }\n": typeof types.RecoverPasswordDocument,
     "\n  mutation ResendRecoveryEmail($ticket: String!) {\n    resendRecoveryEmail(input: { ticket: $ticket }) {\n      status\n      progressUrl\n    }\n  }\n": typeof types.ResendRecoveryEmailDocument,
     "\n  fragment RecoverPassword_userRecoveryTicket on UserRecoveryTicket {\n    username\n    email\n  }\n": typeof types.RecoverPassword_UserRecoveryTicketFragmentDoc,
@@ -106,6 +106,7 @@ const documents: Documents = {
     "\n  fragment UserEmailList_user on User {\n    hasPassword\n  }\n": types.UserEmailList_UserFragmentDoc,
     "\n  fragment UserEmailList_siteConfig on SiteConfig {\n    emailChangeAllowed\n    passwordLoginEnabled\n  }\n": types.UserEmailList_SiteConfigFragmentDoc,
     "\n  fragment BrowserSessionsOverview_user on User {\n    id\n\n    browserSessions(first: 0, state: ACTIVE) {\n      totalCount\n    }\n  }\n": types.BrowserSessionsOverview_UserFragmentDoc,
+    "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n": types.PasswordChangeDocument,
     "\n  query UserProfile {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n        user {\n          ...AddEmailForm_user\n          ...UserEmailList_user\n          ...AccountDeleteButton_user\n          hasPassword\n          emails(first: 0) {\n            totalCount\n          }\n        }\n      }\n    }\n\n    siteConfig {\n      emailChangeAllowed\n      passwordLoginEnabled\n      accountDeactivationAllowed\n      ...AddEmailForm_siteConfig\n      ...UserEmailList_siteConfig\n      ...PasswordChange_siteConfig\n      ...AccountDeleteButton_siteConfig\n    }\n  }\n": types.UserProfileDocument,
     "\n  query PlanManagementTab {\n    siteConfig {\n      planManagementIframeUri\n    }\n  }\n": types.PlanManagementTabDocument,
     "\n  query BrowserSessionList(\n    $first: Int\n    $after: String\n    $last: Int\n    $before: String\n    $lastActive: DateFilter\n  ) {\n    viewerSession {\n      __typename\n      ... on BrowserSession {\n        id\n\n        user {\n          id\n\n          browserSessions(\n            first: $first\n            after: $after\n            last: $last\n            before: $before\n            lastActive: $lastActive\n            state: ACTIVE\n          ) {\n            totalCount\n\n            edges {\n              cursor\n              node {\n                id\n                ...BrowserSession_session\n              }\n            }\n\n            pageInfo {\n              hasNextPage\n              hasPreviousPage\n              startCursor\n              endCursor\n            }\n          }\n        }\n      }\n    }\n  }\n": types.BrowserSessionListDocument,
@@ -119,7 +120,6 @@ const documents: Documents = {
     "\n  mutation DoVerifyEmail($id: ID!, $code: String!) {\n    completeEmailAuthentication(input: { id: $id, code: $code }) {\n      status\n    }\n  }\n": types.DoVerifyEmailDocument,
     "\n  mutation ResendEmailAuthenticationCode($id: ID!, $language: String!) {\n    resendEmailAuthenticationCode(input: { id: $id, language: $language }) {\n      status\n    }\n  }\n": types.ResendEmailAuthenticationCodeDocument,
     "\n  mutation ChangePassword(\n    $userId: ID!\n    $oldPassword: String!\n    $newPassword: String!\n  ) {\n    setPassword(\n      input: {\n        userId: $userId\n        currentPassword: $oldPassword\n        newPassword: $newPassword\n      }\n    ) {\n      status\n    }\n  }\n": types.ChangePasswordDocument,
-    "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n": types.PasswordChangeDocument,
     "\n  mutation RecoverPassword($ticket: String!, $newPassword: String!) {\n    setPasswordByRecovery(\n      input: { ticket: $ticket, newPassword: $newPassword }\n    ) {\n      status\n    }\n  }\n": types.RecoverPasswordDocument,
     "\n  mutation ResendRecoveryEmail($ticket: String!) {\n    resendRecoveryEmail(input: { ticket: $ticket }) {\n      status\n      progressUrl\n    }\n  }\n": types.ResendRecoveryEmailDocument,
     "\n  fragment RecoverPassword_userRecoveryTicket on UserRecoveryTicket {\n    username\n    email\n  }\n": types.RecoverPassword_UserRecoveryTicketFragmentDoc,
@@ -265,6 +265,10 @@ export function graphql(source: "\n  fragment UserEmailList_siteConfig on SiteCo
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export function graphql(source: "\n  fragment BrowserSessionsOverview_user on User {\n    id\n\n    browserSessions(first: 0, state: ACTIVE) {\n      totalCount\n    }\n  }\n"): typeof import('./graphql').BrowserSessionsOverview_UserFragmentDoc;
+/**
+ * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
+ */
+export function graphql(source: "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n"): typeof import('./graphql').PasswordChangeDocument;
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
@@ -317,10 +321,6 @@ export function graphql(source: "\n  mutation ResendEmailAuthenticationCode($id:
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
 export function graphql(source: "\n  mutation ChangePassword(\n    $userId: ID!\n    $oldPassword: String!\n    $newPassword: String!\n  ) {\n    setPassword(\n      input: {\n        userId: $userId\n        currentPassword: $oldPassword\n        newPassword: $newPassword\n      }\n    ) {\n      status\n    }\n  }\n"): typeof import('./graphql').ChangePasswordDocument;
-/**
- * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
- */
-export function graphql(source: "\n  query PasswordChange {\n    viewer {\n      __typename\n      ... on Node {\n        id\n      }\n    }\n\n    siteConfig {\n      ...PasswordCreationDoubleInput_siteConfig\n    }\n  }\n"): typeof import('./graphql').PasswordChangeDocument;
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */