Skip to content

Commit

Permalink
Merge pull request #60 from SocialGouv/feat/login-protection
Browse files Browse the repository at this point in the history
feat: add rate limit protection on login and handle client login error
  • Loading branch information
ClementNumericite authored Sep 25, 2023
2 parents e498895 + 55c3901 commit 4f4e483
Show file tree
Hide file tree
Showing 6 changed files with 600 additions and 5,658 deletions.
63 changes: 46 additions & 17 deletions webapp-next/components/login/FormLogin.tsx
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import {
Alert,
AlertDescription,
AlertIcon,
AlertTitle,
Box,
Expand Down Expand Up @@ -35,7 +36,7 @@ async function auth<T>(url: string, { arg }: { arg: T }) {
method: 'POST',
body: JSON.stringify(arg),
headers: { 'Content-Type': 'application/json' }
}).then(res => res.json());
});
}

export const FormLogin = () => {
Expand All @@ -55,6 +56,8 @@ export const FormLogin = () => {
const [isLoading, setIsLoading] = useState(false);
const [showCodeForm, setShowCodeForm] = useState(false);

const [remaningRequests, setRemaningRequests] = useState(0);

const [timer, setTimer] = useState(30);
const intervalRef = useRef<NodeJS.Timeout | undefined>();

Expand Down Expand Up @@ -113,22 +116,26 @@ export const FormLogin = () => {
const handleCodeSubmit = async (e: any) => {
e.preventDefault();
if (code) {
try {
setIsLoading(true);
const result = await triggerVerify({
username: username,
code: code.toString()
});
setIsLoading(true);

const res = (await triggerVerify({
username: username,
code: code.toString()
})) as any;

if (res.ok) {
const result = await res.json();
if (result.firstLogin) {
setCm2dApiKeyEncoded(result.apiKey.encoded);
onOpenTerms();
} else {
cookie.set(ELASTIC_API_KEY_NAME, result.apiKey.encoded);
router.push('/bo');
}
} catch (e) {
} else {
setFormError(true);
}

setIsLoading(false);
}
};
Expand All @@ -137,21 +144,26 @@ export const FormLogin = () => {
e.preventDefault();
setFormError(false);
if (username !== '' && password !== '') {
try {
setIsLoading(true);
const result = await triggerLogin({ username, password });
setIsLoading(true);
const res = (await triggerLogin({ username, password })) as any;
if (res.ok) {
const result = await res.json();
if (process.env.NODE_ENV === 'development') {
cookie.set(ELASTIC_API_KEY_NAME, result.encoded);
router.push('/bo');
}
startTimer();
setShowCodeForm(true);
} catch (e) {
console.log(e);
setFormError(true);
setIsLoading(false);
} else {
setTimeout(() => {
setRemaningRequests(
parseInt(res.headers.get('X-RateLimit-Remaining') as string) || 0
);
setFormError(true);
setIsLoading(false);
}, 1000);
}

setIsLoading(false);
}
};

Expand Down Expand Up @@ -299,7 +311,24 @@ export const FormLogin = () => {
<Box mb={4}>
<Alert status="error">
<AlertIcon />
<AlertTitle>Erreurs dans les identifiants !</AlertTitle>
<Box>
<AlertTitle>
{remaningRequests === 0
? 'Taux de limite atteint'
: 'Erreurs dans les identifiants !'}
</AlertTitle>
{remaningRequests === 0 ? (
<AlertDescription>
Vous avez atteint le nombre maximum de tentatives, veuillez
réessayer dans 1 minute.
</AlertDescription>
) : (
<AlertDescription>
Il vous reste {remaningRequests} essai
{remaningRequests > 1 && 's'} !
</AlertDescription>
)}
</Box>
</Alert>
</Box>
)}
Expand Down
Loading

0 comments on commit 4f4e483

Please sign in to comment.