🔒 feat: password reset disable option; fix: account email error message (#2327)

* feat: password reset disable option; fix: account email leak * fix(LoginSpec): typo * test: fixed LoginForm test * fix: disable password reset when undefined * refactor: use a helper function * fix: tests * feat: Remove unused error message in password reset process * chore: Update password reset email message * refactor: only allow password reset if explicitly allowed * feat: Add password reset email service configuration check The code changes in `checks.js` add a new function `checkPasswordReset()` that checks if the email service is configured when password reset is enabled. If the email service is not configured, a warning message is logged. This change ensures secure password reset functionality by prompting the user to configure the email service. Co-authored-by: Berry-13 <root@Berry> Co-authored-by: Danny Avila <messagedaniel@protonmail.com> Co-authored-by: Danny Avila <danny@librechat.ai> * chore: remove import order rules * refactor: simplify password reset logic and align against Observable Response Discrepancy * chore: make password reset warning more prominent * chore(AuthService): better logging for password resets, refactor requestPasswordReset to use req object, fix sendEmail error when email config is not present * refactor: fix styling of password reset email message * chore: add missing type for passwordResetEnabled, TStartupConfig * fix(LoginForm): prevent login form flickering * fix(ci): Update login form to use mocked startupConfig for rendering correctly * refactor: Improve password reset UI, applies DRY * chore: Add logging to password reset validation middleware * chore(CONTRIBUTING): Update import order conventions --------- Co-authored-by: Danny Avila <danny@librechat.ai> Co-authored-by: Berry-13 <root@Berry> Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
2026-03-14 19:56:34 +01:00 · 2024-06-06 17:39:36 +02:00 · 2024-06-06 17:39:36 +02:00 · 5452d4c20c
commit 5452d4c20c
parent a7f5b57272
20 changed files with 288 additions and 137 deletions
--- a/client/src/components/Auth/tests/Login.spec.tsx
+++ b/client/src/components/Auth/tests/Login.spec.tsx
@ -51,7 +51,7 @@ const setup = ({
      user: {},
    },
  },
-  useGetStartupCongfigReturnValue = mockStartupConfig,
+  useGetStartupConfigReturnValue = mockStartupConfig,
 } = {}) => {
  const mockUseLoginUser = jest
    .spyOn(mockDataProvider, 'useLoginUserMutation')
@ -64,18 +64,18 @@ const setup = ({
  const mockUseGetStartupConfig = jest
    .spyOn(mockDataProvider, 'useGetStartupConfig')
    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
-    .mockReturnValue(useGetStartupCongfigReturnValue);
+    .mockReturnValue(useGetStartupConfigReturnValue);
  const mockUseRefreshTokenMutation = jest
    .spyOn(mockDataProvider, 'useRefreshTokenMutation')
    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
    .mockReturnValue(useRefreshTokenMutationReturnValue);
  const mockUseOutletContext = jest.spyOn(reactRouter, 'useOutletContext').mockReturnValue({
-    startupConfig: useGetStartupCongfigReturnValue.data,
+    startupConfig: useGetStartupConfigReturnValue.data,
  });
  const renderResult = render(
    <AuthLayout
-      startupConfig={useGetStartupCongfigReturnValue.data as TStartupConfig}
-      isFetching={useGetStartupCongfigReturnValue.isFetching}
+      startupConfig={useGetStartupConfigReturnValue.data as TStartupConfig}
+      isFetching={useGetStartupConfigReturnValue.isFetching}
      error={null}
      startupConfigError={null}
      header={'Welcome back'}
@ -161,7 +161,7 @@ test('Navigates to / on successful login', async () => {
      isError: false,
      isSuccess: true,
    },
-    useGetStartupCongfigReturnValue: {
+    useGetStartupConfigReturnValue: {
      ...mockStartupConfig,
      data: {
        ...mockStartupConfig.data,
--- a/client/src/components/Auth/tests/LoginForm.spec.tsx
+++ b/client/src/components/Auth/tests/LoginForm.spec.tsx
@ -1,17 +1,103 @@
 import { render } from 'test/layout-test-utils';
 import userEvent from '@testing-library/user-event';
+import * as mockDataProvider from 'librechat-data-provider/react-query';
+import type { TStartupConfig } from 'librechat-data-provider';
 import Login from '../LoginForm';

+jest.mock('librechat-data-provider/react-query');
+
 const mockLogin = jest.fn();

+const mockStartupConfig: TStartupConfig = {
+  socialLogins: ['google', 'facebook', 'openid', 'github', 'discord'],
+  discordLoginEnabled: true,
+  facebookLoginEnabled: true,
+  githubLoginEnabled: true,
+  googleLoginEnabled: true,
+  openidLoginEnabled: true,
+  openidLabel: 'Test OpenID',
+  openidImageUrl: 'http://test-server.com',
+  registrationEnabled: true,
+  emailLoginEnabled: true,
+  socialLoginEnabled: true,
+  passwordResetEnabled: true,
+  serverDomain: 'mock-server',
+  appTitle: '',
+  ldapLoginEnabled: false,
+  emailEnabled: false,
+  checkBalance: false,
+  showBirthdayIcon: false,
+  helpAndFaqURL: '',
+};
+
+const setup = ({
+  useGetUserQueryReturnValue = {
+    isLoading: false,
+    isError: false,
+    data: {},
+  },
+  useLoginUserReturnValue = {
+    isLoading: false,
+    isError: false,
+    mutate: jest.fn(),
+    data: {},
+    isSuccess: false,
+  },
+  useRefreshTokenMutationReturnValue = {
+    isLoading: false,
+    isError: false,
+    mutate: jest.fn(),
+    data: {
+      token: 'mock-token',
+      user: {},
+    },
+  },
+  useGetStartupConfigReturnValue = {
+    isLoading: false,
+    isError: false,
+    data: mockStartupConfig,
+  },
+} = {}) => {
+  const mockUseLoginUser = jest
+    .spyOn(mockDataProvider, 'useLoginUserMutation')
+    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
+    .mockReturnValue(useLoginUserReturnValue);
+  const mockUseGetUserQuery = jest
+    .spyOn(mockDataProvider, 'useGetUserQuery')
+    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
+    .mockReturnValue(useGetUserQueryReturnValue);
+  const mockUseGetStartupConfig = jest
+    .spyOn(mockDataProvider, 'useGetStartupConfig')
+    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
+    .mockReturnValue(useGetStartupConfigReturnValue);
+  const mockUseRefreshTokenMutation = jest
+    .spyOn(mockDataProvider, 'useRefreshTokenMutation')
+    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
+    .mockReturnValue(useRefreshTokenMutationReturnValue);
+  return {
+    mockUseLoginUser,
+    mockUseGetUserQuery,
+    mockUseGetStartupConfig,
+    mockUseRefreshTokenMutation,
+  };
+};
+
+beforeEach(() => {
+  setup();
+});
+
 test('renders login form', () => {
-  const { getByLabelText } = render(<Login onSubmit={mockLogin} />);
+  const { getByLabelText } = render(
+    <Login onSubmit={mockLogin} startupConfig={mockStartupConfig} />,
+  );
  expect(getByLabelText(/email/i)).toBeInTheDocument();
  expect(getByLabelText(/password/i)).toBeInTheDocument();
 });

 test('submits login form', async () => {
-  const { getByLabelText, getByRole } = render(<Login onSubmit={mockLogin} />);
+  const { getByLabelText, getByRole } = render(
+    <Login onSubmit={mockLogin} startupConfig={mockStartupConfig} />,
+  );
  const emailInput = getByLabelText(/email/i);
  const passwordInput = getByLabelText(/password/i);
  const submitButton = getByRole('button', { name: /Sign in/i });
@ -24,7 +110,9 @@ test('submits login form', async () => {
 });

 test('displays validation error messages', async () => {
-  const { getByLabelText, getByRole, getByText } = render(<Login onSubmit={mockLogin} />);
+  const { getByLabelText, getByRole, getByText } = render(
+    <Login onSubmit={mockLogin} startupConfig={mockStartupConfig} />,
+  );
  const emailInput = getByLabelText(/email/i);
  const passwordInput = getByLabelText(/password/i);
  const submitButton = getByRole('button', { name: /Sign in/i });
--- a/client/src/components/Auth/tests/Registration.spec.tsx
+++ b/client/src/components/Auth/tests/Registration.spec.tsx
@ -50,7 +50,7 @@ const setup = ({
      user: {},
    },
  },
-  useGetStartupCongfigReturnValue = mockStartupConfig,
+  useGetStartupConfigReturnValue = mockStartupConfig,
 } = {}) => {
  const mockUseRegisterUserMutation = jest
    .spyOn(mockDataProvider, 'useRegisterUserMutation')
@ -63,18 +63,18 @@ const setup = ({
  const mockUseGetStartupConfig = jest
    .spyOn(mockDataProvider, 'useGetStartupConfig')
    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
-    .mockReturnValue(useGetStartupCongfigReturnValue);
+    .mockReturnValue(useGetStartupConfigReturnValue);
  const mockUseRefreshTokenMutation = jest
    .spyOn(mockDataProvider, 'useRefreshTokenMutation')
    //@ts-ignore - we don't need all parameters of the QueryObserverSuccessResult
    .mockReturnValue(useRefreshTokenMutationReturnValue);
  const mockUseOutletContext = jest.spyOn(reactRouter, 'useOutletContext').mockReturnValue({
-    startupConfig: useGetStartupCongfigReturnValue.data,
+    startupConfig: useGetStartupConfigReturnValue.data,
  });
  const renderResult = render(
    <AuthLayout
-      startupConfig={useGetStartupCongfigReturnValue.data as TStartupConfig}
-      isFetching={useGetStartupCongfigReturnValue.isFetching}
+      startupConfig={useGetStartupConfigReturnValue.data as TStartupConfig}
+      isFetching={useGetStartupConfigReturnValue.isFetching}
      error={null}
      startupConfigError={null}
      header={'Create your account'}