BA-2364: change password

[pt-tsl]

Acceptance Criteria

• Given that I am on the Login & Security settings page, when I tap on the "Change Password" option, then the section should expand to reveal the "Old Password," "New Password," and "Confirm New Password" input fields.
• When all fields are filled and the New Password matches the Confirm New Password, then the "Change Password" button should be enabled.
• Display error alerts for:
  • When the old password is incorrect
  • When the new password doesn't follow our current password validation requirements (symbols, numbers, caps, etc.)
  • When the new password doesn't match with confirm new password.
• When I tap on the "Change Password" button, then the system should validate my old password and update my password if the validation is successful.
• Given that I am in the process of changing my password, when I tap the "Cancel" button, then the section should collapse, any entered data should be cleared, and I should return to the default Login & Security settings view.
• By default the input appear in a hidden state, but the user should be able to unhide by clicking the "eye" icon on the right side of the input box.
• This feature is already in the web template, but we need to move the form and the form mutation to the authentication package.

Guardrails
Although the flow in Figma shows a modal asking the user if they want to end all current sessions, we have to check if that functionality was already built by PORG.
So for now just update the password without showing the modal.

Design Link: https://www.figma.com/design/z5ZdVlKEMmGIX4GVnjwfxA/BaseApp---NATIVE?node-id=6046-17914&t=ZYZocuoVLM11VrtX-0

Approvd
https://app.approvd.io/silverlogic/BA/stories/39018

Summary by CodeRabbit

• New Features
  • Upgraded the password change experience with enhanced validation and flexible support for both standard and token-based scenarios.
  • Introduced a revamped API method for smoother password updates.
  • Added a new alert icon to improve visual cues and consistency in the design system.
• Bug Fixes
  • Improved error handling in the password change process.
• Style
  • Updated alignment for error messages to enhance presentation.
• Chores
  • Refactored password change functionality for improved clarity and usability.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4b91e05

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The pull request refactors the password change functionality by replacing the useChangeExpiredPassword hook with a more general useChangePassword approach. This includes updates to associated types, validation schemas, and tests to accommodate both general and token-based password change flows. A new API method for changing passwords is introduced, along with a new SVG icon component, AlertTriangleIcon, added to the design system.

Changes

Files	Change Summary
packages/authentication/modules/access/index.ts packages/authentication/modules/access/useChangePassword/index.ts packages/authentication/modules/access/useChangePassword/constants.ts packages/authentication/modules/access/useChangePassword/types.ts packages/authentication/modules/access/useChangePassword/__tests__/useChangePassword.test.tsx	Renamed functions, interfaces, and types from useChangeExpiredPassword to useChangePassword. Updated type signatures, validation schemas, and tests to support both general and token-based password change flows.
packages/authentication/services/auth.ts packages/authentication/types/auth.ts	Introduced a new changePassword API method and updated the request/response interfaces, renaming the original ChangeExpiredPasswordRequest and adding a token-based variant.
packages/design-system/components/native/icons/AlertTriangleIcon/index.tsx packages/design-system/components/native/icons/index.ts	Added the new AlertTriangleIcon React component using react-native-svg and included it in the icon exports.
packages/design-system/components/native/inputs/TextInput/styles.ts packages/design-system/components/native/inputs/TextInput/index.tsx	Introduced a new dynamic width management for the error container in the TextInput component, allowing for better layout handling of error messages.

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant H as useChangePassword Hook
    participant A as AuthApi
    U->>H: Submit current & new password (optional token)
    alt Token is provided
      H->>A: Call changeExpiredPassword(token, newPassword)
    else No token provided
      H->>A: Call changePassword(currentPassword, newPassword)
    end
    A-->>H: Return API response
    H->>U: Trigger onSuccess callback

Loading

Possibly related PRs

• BA-2362 Add validations to reset change password #238: The changes in the main PR, which involve renaming and restructuring password change functionality, are directly related to the modifications in the retrieved PR that update the validation schema for the password fields, as both PRs focus on the same password change functionality and its associated types.

Suggested labels

needs review, needs changes

Suggested reviewers

• priscilladeroode
• deboracosilveira
• anicioalexandre
• tsl-ps2

Poem

In the burrow of code, I happily skip,
Changing passwords with a clever new flip.
The old ways retired, a new hook in play,
Tests and types dancing in bright array.
An icon appears with a radiant gleam,
Celebrating change like a joyful dream.
Hop on, my friend – code sings, and rabbits beam!

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/authentication/modules/access/index.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

Error: Cannot read config file: /packages/authentication/.eslintrc.js
Error: Cannot find module '@baseapp-frontend/config/.eslintrc.js'
Require stack:

• /packages/authentication/.eslintrc.js
• /node_modules/.pnpm/@eslint+eslintrc@2.1.4/node_modules/@eslint/eslintrc/dist/eslintrc.cjs
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli-engine/cli-engine.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/eslint.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/index.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/bin/eslint.js
  at Module._resolveFilename (node:internal/modules/cjs/loader:1248:15)
  at Module._load (node:internal/modules/cjs/loader:1074:27)
  at TracingChannel.traceSync (node:diagnostics_channel:315:14)
  at wrapModuleLoad (node:internal/modules/cjs/loader:217:24)
  at Module.require (node:internal/modules/cjs/loader:1339:12)
  at require (node:internal/modules/helpers:135:16)
  at Object. (/packages/authentication/.eslintrc.js:1:18)
  at Module._compile (node:internal/modules/cjs/loader:1546:14)
  at Module._extensions..js (node:internal/modules/cjs/loader:1691:10)
  at Module.load (node:internal/modules/cjs/loader:1317:32)

packages/authentication/modules/access/useChangePassword/index.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

Error: Cannot read config file: /packages/authentication/.eslintrc.js
Error: Cannot find module '@baseapp-frontend/config/.eslintrc.js'
Require stack:

• /packages/authentication/.eslintrc.js
• /node_modules/.pnpm/@eslint+eslintrc@2.1.4/node_modules/@eslint/eslintrc/dist/eslintrc.cjs
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli-engine/cli-engine.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/eslint.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/index.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/bin/eslint.js
  at Module._resolveFilename (node:internal/modules/cjs/loader:1248:15)
  at Module._load (node:internal/modules/cjs/loader:1074:27)
  at TracingChannel.traceSync (node:diagnostics_channel:315:14)
  at wrapModuleLoad (node:internal/modules/cjs/loader:217:24)
  at Module.require (node:internal/modules/cjs/loader:1339:12)
  at require (node:internal/modules/helpers:135:16)
  at Object. (/packages/authentication/.eslintrc.js:1:18)
  at Module._compile (node:internal/modules/cjs/loader:1546:14)
  at Module._extensions..js (node:internal/modules/cjs/loader:1691:10)
  at Module.load (node:internal/modules/cjs/loader:1317:32)

packages/authentication/modules/access/useChangePassword/constants.ts

Oops! Something went wrong! :(

ESLint: 8.57.1

Error: Cannot read config file: /packages/authentication/.eslintrc.js
Error: Cannot find module '@baseapp-frontend/config/.eslintrc.js'
Require stack:

• /packages/authentication/.eslintrc.js
• /node_modules/.pnpm/@eslint+eslintrc@2.1.4/node_modules/@eslint/eslintrc/dist/eslintrc.cjs
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli-engine/cli-engine.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/eslint.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/eslint/index.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/lib/cli.js
• /node_modules/.pnpm/eslint@8.57.1/node_modules/eslint/bin/eslint.js
  at Module._resolveFilename (node:internal/modules/cjs/loader:1248:15)
  at Module._load (node:internal/modules/cjs/loader:1074:27)
  at TracingChannel.traceSync (node:diagnostics_channel:315:14)
  at wrapModuleLoad (node:internal/modules/cjs/loader:217:24)
  at Module.require (node:internal/modules/cjs/loader:1339:12)
  at require (node:internal/modules/helpers:135:16)
  at Object. (/packages/authentication/.eslintrc.js:1:18)
  at Module._compile (node:internal/modules/cjs/loader:1546:14)
  at Module._extensions..js (node:internal/modules/cjs/loader:1691:10)
  at Module.load (node:internal/modules/cjs/loader:1317:32)

• 8 others

Tip

⚡🧪 Multi-step agentic review comment chat (experimental)

• We're introducing multi-step agentic chat in review comments. This experimental feature enhances review discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments.
  - To enable this feature, set early_access to true under in the settings.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/design-system/components/native/inputs/TextInput/index.tsx (1)

42-44: Consider avoiding hard-coded padding values.

While the comments explain the rationale for subtracting 12px, hard-coding this value creates a potential maintenance issue if the padding changes in the future.

- // Had to do this adjustment to the error container width because the error text was overflowing the container
- // The 12px subtraction is to account for the padding of the error container
- <View style={[styles.errorContainer, { width: errorContainerWidth - 12 }]}>
+ // Adjust width to account for the error container's horizontal padding
+ <View style={[styles.errorContainer, { width: errorContainerWidth - (styles.errorContainer.paddingHorizontal * 2 || 12) }]}>

Alternatively, if the padding is defined elsewhere and not accessible here:

+ // Define padding constant at the top of the file
+ const ERROR_CONTAINER_PADDING = 12;
...
- // Had to do this adjustment to the error container width because the error text was overflowing the container
- // The 12px subtraction is to account for the padding of the error container
- <View style={[styles.errorContainer, { width: errorContainerWidth - 12 }]}>
+ // Adjust width to account for the error container's horizontal padding
+ <View style={[styles.errorContainer, { width: errorContainerWidth - ERROR_CONTAINER_PADDING }]}>

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7198523 and af76b46.

📒 Files selected for processing (2)

• packages/design-system/components/native/inputs/TextInput/index.tsx (3 hunks)
• packages/design-system/components/native/inputs/TextInput/styles.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/design-system/components/native/inputs/TextInput/styles.ts

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Component Test Packages

🔇 Additional comments (4)

packages/design-system/components/native/inputs/TextInput/index.tsx (4)

4-4: Good addition for handling layout events.

The import of LayoutChangeEvent from 'react-native' is necessary for the new layout measurement functionality. This is a clean approach to enable dynamic width calculations.

---

18-18: LGTM: State for dynamic width management.

Adding a state variable to track the error container width helps ensure that error messages display properly without overflowing. The initial value of 0 is appropriate as it will be updated after the first layout measurement.

---

21-24: Clean implementation of layout handling.

The onLayout function follows React Native best practices for capturing and responding to component dimensions. This is a good approach to dynamically measure the container width.

---

33-33: Good use of onLayout event.

Adding the onLayout prop to the container View ensures that width measurements are captured whenever the layout changes, which supports responsive design.

[sonarqubecloud]

Quality Gate failed

Failed conditions
2 Security Hotspots

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

packages/authentication/modules/access/useChangePassword/__tests__/useChangePassword.test.tsx (3)

166-215: Good addition of token-based test suite.

The new test suite for token-based password changes properly verifies that the refactored hook maintains backward compatibility with the expired password flow, which is an important part of the refactoring strategy.

Consider adding additional test cases to ensure all edge cases are covered for the token flow, such as error scenarios and validation issues, similar to the main test suite.

---

176-177: Consider enhancing the test comment for clarity.

While the comment explains that this test ensures the token-based flow has the same behavior, it would be helpful to be more specific about what aspects of the behavior should remain the same.

- // This is just to ensure that running with token has the same behavior as running without token
+ // This test ensures that the success callback is properly executed when using a token for expired passwords, 
+ // maintaining backward compatibility with the previous implementation

---

166-215: Consider reducing duplication between test suites.

There's significant duplication in setup and assertions between the two test suites. Consider extracting common testing utilities or using beforeEach hooks to reduce repetition.

For example, you could extract a common test function:

const testHookBehavior = (
  options: {
    url: string;
    password: string;
    token?: string;
    mockResponse?: Record<string, any>;
  }
) => {
  const { url, password, token, mockResponse = {} } = options;
  const currentPassword = '1234';

  test('should run onSuccess', async () => {
    mockFetch(url, {
      method: 'POST',
      status: 200,
      response: {
        currentPassword,
        newPassword: password,
        ...(token && { token }),
        ...mockResponse,
      },
    });

    let hasOnSuccessRan = false;

    const { result } = renderHook(
      () =>
        useChangePassword({
          ...(token && { token }),
          defaultValues: {
            currentPassword,
            newPassword: password,
            confirmNewPassword: password,
          },
          options: {
            onSuccess: () => {
              hasOnSuccessRan = true;
            },
          },
        }),
      {
        wrapper: ComponentWithProviders,
      },
    );

    await result.current.form.handleSubmit();

    expect(hasOnSuccessRan).toBe(true);
  });
};

Then use it in each describe block:

describe('useChangePassword', () => {
  // ... setup code ...
  
  testHookBehavior({
    url: changePasswordUrl,
    password,
  });
  
  // ... other tests ...
});

describe('useChangePassword with token for expired passwords', () => {
  // ... setup code ...
  
  testHookBehavior({
    url: changePasswordUrl,
    password,
    token,
  });
});

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de369b0 and 4b91e05.

📒 Files selected for processing (11)

• packages/authentication/modules/access/index.ts (1 hunks)
• packages/authentication/modules/access/useChangePassword/__tests__/useChangePassword.test.tsx (6 hunks)
• packages/authentication/modules/access/useChangePassword/constants.ts (2 hunks)
• packages/authentication/modules/access/useChangePassword/index.ts (4 hunks)
• packages/authentication/modules/access/useChangePassword/types.ts (1 hunks)
• packages/authentication/services/auth.ts (2 hunks)
• packages/authentication/types/auth.ts (1 hunks)
• packages/design-system/components/native/icons/AlertTriangleIcon/index.tsx (1 hunks)
• packages/design-system/components/native/icons/index.ts (1 hunks)
• packages/design-system/components/native/inputs/TextInput/index.tsx (3 hunks)
• packages/design-system/components/native/inputs/TextInput/styles.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (10)

• packages/design-system/components/native/inputs/TextInput/styles.ts
• packages/design-system/components/native/icons/index.ts
• packages/design-system/components/native/icons/AlertTriangleIcon/index.tsx
• packages/authentication/modules/access/index.ts
• packages/authentication/modules/access/useChangePassword/constants.ts
• packages/design-system/components/native/inputs/TextInput/index.tsx
• packages/authentication/modules/access/useChangePassword/index.ts
• packages/authentication/types/auth.ts
• packages/authentication/services/auth.ts
• packages/authentication/modules/access/useChangePassword/types.ts

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Component Test Packages

🔇 Additional comments (5)

packages/authentication/modules/access/useChangePassword/__tests__/useChangePassword.test.tsx (5)

10-15: Import and test suite renamed successfully.

The renaming from useChangeExpiredPassword to useChangePassword and updating the API endpoint reflect the move to a more general password change implementation, which aligns with the PR objectives for implementing the password change feature within Login & Security settings.

---

36-47: Hook implementation updated correctly.

The hook usage has been successfully updated in this test case to use the new useChangePassword hook with the appropriate parameters, maintaining the expected behavior while making it more flexible for different scenarios.

---

66-77: Error case testing maintained.

The error handling test has been properly updated to use the new hook name while preserving the same functionality, ensuring that error conditions are still properly handled after the refactor.

---

100-111: Password mismatch validation test preserved.

The test for validation when passwords don't match has been correctly updated to use the new hook name while maintaining the same functionality, which is crucial for the password change feature.

---

146-154: Custom validation support preserved.

The test verifying support for custom validation schemas has been properly updated to use the new hook name, ensuring that this flexibility is maintained in the refactored implementation.