Use password message from /dashboardsinfo

[cwperks]

Description

Companion Security PR: opensearch-project/security#2949

This PR uses the message from /_plugins/_security/dashboardsinfo to get the password message from the backend if its configured in opensearch.yml. If the setting is not set, the backend will return the default.

Category

[Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation]

Bug fix

Issues Resolved

#1501

Testing

Jest tests and manual dashboard testing of both password reset and password edit

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

qq. Why add data-test-subj?

[cwperks]

I removed that, I was trying to write a test to verify the text after a state update in the password-edit-panel but opted instead to assert that setState with the custom message had been called.

[DarshitChanpura]

Is this still need even though it is mocked above?

[cwperks]

It is not, I removed this and also removed creating the shallow component in beforeEach and moved it into each individual test. The first test needs mount(...) instead of shallow(...) to test the logic in React.useEffect(...)

[DarshitChanpura]

Is this mock needed?

[cwperks]

Looks like this was made redundant by the block above:

jest.mock('../../../../utils/dashboards-info-utils', () => ({
  getDashboardsInfo: jest.fn().mockImplementation(() => {
    return mockDashboardsInfo;
  }),
}));

I removed this redundant mock. Thanks for pointing that out.

[codecov]

Codecov Report

Merging #1503 (c3db9d4) into main (5fd8018) will decrease coverage by 0.06%.
The diff coverage is 57.14%.

@@            Coverage Diff             @@
##             main    #1503      +/-   ##
==========================================
- Coverage   66.11%   66.06%   -0.06%     
==========================================
  Files          93       93              
  Lines        2314     2328      +14     
  Branches      310      310              
==========================================
+ Hits         1530     1538       +8     
- Misses        716      722       +6     
  Partials       68       68              

Impacted Files	Coverage Δ
...n/panels/internal-user-edit/internal-user-edit.tsx	80.48% <ø> (ø)
public/apps/account/password-reset-panel.tsx	84.61% <28.57%> (-12.26%)	⬇️
...c/apps/configuration/utils/password-edit-panel.tsx	95.23% <85.71%> (-4.77%)	⬇️

[RyanL1997]

Hi @cwperks, thank you for this work and it looks good to me in general.

[RyanL1997]

For this PASSWORD_INSTRUCTION, should we also update it so that it has the new password rules that introduced by the strong password validation feature?

[RyanL1997]

Just like this password_validation_error_message :

'Password must be minimum 5 characters long and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character.'

[cwperks]

That's a good point and needs to be updated on the backend as well. I'll adjust it according to the description on the PR that introduced password strength: opensearch-project/security#2557

plugins.security.restapi.password_min_length - minimum password length, default and minimum is 8

[cwperks]

This is already properly set: https://github.com/opensearch-project/security-dashboards-plugin/blob/main/public/apps/apps-constants.tsx

Note: This default is duplicated and the frontend and backend. I decided to keep the value in the frontend, but it could certainly be removed from the frontend codebase in favor of just keeping a single reference on the backend.

[stephen-crawford]

Let's do this as a follow up PR to unblock your change.

[stephen-crawford]

This went in the 2.9 release not 2.10 so removing the label.