Merge pull request #13870 from Expensify/arosiclair-two-factor-valida…

…tion Add validation for two factor codes
Expensify · Jan 3, 2023 · 466b027 · 466b027
2 parents 82f64b1 + 1ad0dc6
commit 466b027
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 5 deletions.
diff --git a/src/CONST.js b/src/CONST.js
@@ -760,6 +760,7 @@ const CONST = {
  EMOJI_NAME: /:[\w+-]+:/g,
  EMOJI_SUGGESTIONS: /:[a-zA-Z]{1,20}(\s[a-zA-Z]{0,20})?$/,
  AFTER_FIRST_LINE_BREAK: /\n.*/g,
+ CODE_2FA: /^\d{6}$/,
  },
 
  PRONOUNS: {

diff --git a/src/libs/ValidationUtils.js b/src/libs/ValidationUtils.js
@@ -274,6 +274,14 @@ function isValidPassword(password) {
  return password.match(CONST.PASSWORD_COMPLEXITY_REGEX_STRING);
 }
 
+/**
+ * @param {String} code
+ * @returns {Boolean}
+ */
+function isValidTwoFactorCode(code) {
+ return Boolean(code.match(CONST.REGEX.CODE_2FA));
+}
+
 /**
  * @param {String} input
  * @returns {Boolean}
@@ -409,6 +417,7 @@ export {
  isValidURL,
  validateIdentity,
  isValidPassword,
+ isValidTwoFactorCode,
  isPositiveInteger,
  isNumericWithSpecialChars,
  isValidPaypalUsername,

diff --git a/src/pages/signin/PasswordForm.js b/src/pages/signin/PasswordForm.js
@@ -114,31 +114,40 @@ class PasswordForm extends React.Component {
  * Check that all the form fields are valid, then trigger the submit callback
  */
  validateAndSubmitForm() {
- if (!this.state.password.trim() && this.props.account.requiresTwoFactorAuth && !this.state.twoFactorAuthCode.trim()) {
+ const password = this.state.password.trim();
+ const twoFactorCode = this.state.twoFactorAuthCode.trim();
+ const requiresTwoFactorAuth = this.props.account.requiresTwoFactorAuth;
+
+ if (!password && requiresTwoFactorAuth && !twoFactorCode) {
  this.setState({formError: 'passwordForm.pleaseFillOutAllFields'});
  return;
  }
 
- if (!this.state.password.trim()) {
+ if (!password) {
  this.setState({formError: 'passwordForm.pleaseFillPassword'});
  return;
  }
 
- if (!ValidationUtils.isValidPassword(this.state.password)) {
+ if (!ValidationUtils.isValidPassword(password)) {
  this.setState({formError: 'passwordForm.error.incorrectPassword'});
  return;
  }
 
- if (this.props.account.requiresTwoFactorAuth && !this.state.twoFactorAuthCode.trim()) {
+ if (requiresTwoFactorAuth && !twoFactorCode) {
  this.setState({formError: 'passwordForm.pleaseFillTwoFactorAuth'});
  return;
  }
 
+ if (requiresTwoFactorAuth && !ValidationUtils.isValidTwoFactorCode(twoFactorCode)) {
+ this.setState({formError: 'passwordForm.error.incorrect2fa'});
+ return;
+ }
+
  this.setState({
  formError: null,
  });
 
- Session.signIn(this.state.password, this.state.twoFactorAuthCode);
+ Session.signIn(password, twoFactorCode);
  }
 
  render() {

diff --git a/tests/unit/ValidationUtilsTest.js b/tests/unit/ValidationUtilsTest.js
@@ -0,0 +1,25 @@
+const ValidationUtils = require('../../src/libs/ValidationUtils');
+
+describe('ValidationUtils', () => {
+ describe('isValidTwoFactorCode', () => {
+ test('numeric two factor code', () => {
+ expect(ValidationUtils.isValidTwoFactorCode('123456')).toBe(true);
+ });
+
+ test('numeric two factor code with leading zeroes', () => {
+ expect(ValidationUtils.isValidTwoFactorCode('000001')).toBe(true);
+ });
+
+ test('alphanumeric two factor code', () => {
+ expect(ValidationUtils.isValidTwoFactorCode('abc123')).toBe(false);
+ });
+
+ test('special characters two factor code', () => {
+ expect(ValidationUtils.isValidTwoFactorCode('!@#$%^')).toBe(false);
+ });
+
+ test('partial special characters two factor code', () => {
+ expect(ValidationUtils.isValidTwoFactorCode('123$%^')).toBe(false);
+ });
+ });
+});