Merge branch 'main' into oidc-basepath-fix

Signed-off-by: Craig Perkins <[email protected]>

package.json

@@ -43,7 +43,8 @@
   "dependencies": {
     "@hapi/cryptiles": "5.0.0",
     "@hapi/wreck": "^17.1.0",
-    "html-entities": "1.3.1"
+    "html-entities": "1.3.1",
+    "zxcvbn": "^4.4.2"
   },
   "resolutions": {
     "selenium-webdriver": "4.10.0",

public/apps/account/password-reset-panel.tsx

@@ -19,6 +19,9 @@ import {
   EuiButtonEmpty,
   EuiCallOut,
   EuiFieldPassword,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
   EuiModal,
   EuiModalBody,
   EuiModalFooter,
@@ -33,6 +36,7 @@ import { PASSWORD_INSTRUCTION } from '../apps-constants';
 import { constructErrorMessageAndLog } from '../error-utils';
 import { validateCurrentPassword } from '../../utils/login-utils';
 import { getDashboardsInfo } from '../../utils/dashboards-info-utils';
+import { PasswordStrengthBar } from '../configuration/utils/password-strength-bar';
 
 interface PasswordResetPanelProps {
   coreStart: CoreStart;
@@ -121,22 +125,30 @@ export function PasswordResetPanel(props: PasswordResetPanelProps) {
               isInvalid={isCurrentPasswordInvalid}
             />
           </FormRow>
+          <EuiSpacer />
 
-          <FormRow
-            headerText="New password"
-            helpText={passwordHelpText}
-            isInvalid={isNewPasswordInvalid}
-          >
-            <EuiFieldPassword
-              data-test-subj="new-password"
-              onChange={function (e: React.ChangeEvent<HTMLInputElement>) {
-                setNewPassword(e.target.value);
-                setIsNewPasswordInvalid(false);
-                setIsRepeatNewPasswordInvalid(repeatNewPassword !== newPassword);
-              }}
-              isInvalid={isNewPasswordInvalid}
-            />
-          </FormRow>
+          <EuiFlexGroup direction="row">
+            <EuiFlexItem grow={false}>
+              <FormRow
+                headerText="New password"
+                helpText={passwordHelpText}
+                isInvalid={isNewPasswordInvalid}
+              >
+                <EuiFieldPassword
+                  data-test-subj="new-password"
+                  onChange={function (e: React.ChangeEvent<HTMLInputElement>) {
+                    setNewPassword(e.target.value);
+                    setIsNewPasswordInvalid(false);
+                    setIsRepeatNewPasswordInvalid(repeatNewPassword !== newPassword);
+                  }}
+                  isInvalid={isNewPasswordInvalid}
+                />
+              </FormRow>
+              <EuiFormRow>
+                <PasswordStrengthBar password={newPassword} />
+              </EuiFormRow>
+            </EuiFlexItem>
+          </EuiFlexGroup>
 
           <FormRow
             headerText="Re-enter new password"

public/apps/configuration/utils/password-edit-panel.tsx

@@ -15,10 +15,11 @@
 
 import React from 'react';
 import { CoreStart } from 'opensearch-dashboards/public';
-import { EuiFieldText, EuiIcon } from '@elastic/eui';
+import { EuiFieldText, EuiFlexGroup, EuiFlexItem, EuiFormRow, EuiIcon } from '@elastic/eui';
 import { FormRow } from './form-row';
 import { PASSWORD_INSTRUCTION } from '../../apps-constants';
 import { getDashboardsInfo } from '../../../utils/dashboards-info-utils';
+import { PasswordStrengthBar } from './password-strength-bar';
 
 export function PasswordEditPanel(props: {
   coreStart: CoreStart;
@@ -61,14 +62,21 @@ export function PasswordEditPanel(props: {
 
   return (
     <>
-      <FormRow headerText="Password" helpText={passwordHelpText}>
-        <EuiFieldText
-          data-test-subj="password"
-          prepend={<EuiIcon type="lock" />}
-          type="password"
-          onChange={passwordChangeHandler}
-        />
-      </FormRow>
+      <EuiFlexGroup direction="row">
+        <EuiFlexItem grow={false}>
+          <FormRow headerText="Password" helpText={passwordHelpText}>
+            <EuiFieldText
+              data-test-subj="password"
+              prepend={<EuiIcon type="lock" />}
+              type="password"
+              onChange={passwordChangeHandler}
+            />
+          </FormRow>
+          <EuiFormRow>
+            <PasswordStrengthBar password={password} />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
 
       <FormRow
         headerText="Re-enter password"

public/apps/configuration/utils/password-strength-bar.tsx

@@ -0,0 +1,78 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { EuiFlexGroup, EuiFlexItem, EuiProgress, EuiSpacer, EuiText } from '@elastic/eui';
+import React from 'react';
+import zxcvbn from 'zxcvbn';
+
+interface PasswordStrengthBarProps {
+  password: string;
+}
+
+export const PasswordStrengthBar = (props: PasswordStrengthBarProps) => {
+  const { password } = props;
+  const passwordStrength = zxcvbn(password);
+  const strength = passwordStrength.score;
+  let message;
+  let color;
+  switch (strength) {
+    case 0:
+      message = 'Very weak';
+      color = 'danger';
+      break;
+    case 1:
+      message = 'Weak';
+      color = 'danger';
+      break;
+    case 2:
+      message = 'Ok';
+      color = 'warning';
+      break;
+    case 3:
+      message = 'Strong';
+      color = 'success';
+      break;
+    case 4:
+      message = 'Very strong';
+      color = 'success';
+      break;
+  }
+
+  return (
+    password && (
+      <EuiFlexGroup direction="column" gutterSize="xs">
+        <EuiFlexItem>
+          <EuiProgress
+            value={strength}
+            max={4}
+            size="m"
+            color={color}
+            valueText={message}
+            label={'Password strength'}
+            data-test-subj="password-strength-progress"
+          />
+        </EuiFlexItem>
+        {passwordStrength.feedback.suggestions && (
+          <EuiFlexItem>
+            <EuiText size="xs" data-test-subj="password-strength-feedback-suggestions">
+              {passwordStrength.feedback.suggestions}
+            </EuiText>
+          </EuiFlexItem>
+        )}
+        <EuiSpacer size="s" />
+      </EuiFlexGroup>
+    )
+  );
+};

public/apps/configuration/utils/test/__snapshots__/password-strength-bar.test.tsx.snap

@@ -0,0 +1,31 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Password strength bar tests renders 1`] = `
+<EuiFlexGroup
+  direction="column"
+  gutterSize="xs"
+>
+  <EuiFlexItem>
+    <EuiProgress
+      color="danger"
+      data-test-subj="password-strength-progress"
+      label="Password strength"
+      max={4}
+      size="m"
+      value={0}
+      valueText="Very weak"
+    />
+  </EuiFlexItem>
+  <EuiFlexItem>
+    <EuiText
+      data-test-subj="password-strength-feedback-suggestions"
+      size="xs"
+    >
+      Add another word or two. Uncommon words are better.
+    </EuiText>
+  </EuiFlexItem>
+  <EuiSpacer
+    size="s"
+  />
+</EuiFlexGroup>
+`;

public/apps/configuration/utils/test/password-strength-bar.test.tsx

@@ -0,0 +1,79 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { render, shallow } from 'enzyme';
+import React from 'react';
+import { PasswordStrengthBar } from '../password-strength-bar';
+
+describe('Password strength bar tests', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders', () => {
+    const component = shallow(<PasswordStrengthBar password="test" />);
+    expect(component).toMatchSnapshot();
+  });
+
+  it('verifies feedback, warning for very weak password', () => {
+    const component = render(<PasswordStrengthBar password="test" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('0'); // test is considered very weak
+  });
+
+  it('verifies feedback, warning for weak password', () => {
+    const component = render(<PasswordStrengthBar password="test12" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('1'); // test12 is considered weak
+  });
+
+  it('verifies feedback, warning for an ok password', () => {
+    const component = render(<PasswordStrengthBar password="test124My" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('2'); // test124My is considered ok
+  });
+
+  it('verifies feedback, warning for a strong password', () => {
+    const component = render(<PasswordStrengthBar password="test124MyTable" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('3'); // test124MyTable is considered strong
+  });
+
+  it('verifies feedback, warning for very strong password', () => {
+    const component = render(<PasswordStrengthBar password="myStrongPassword123!" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('4'); // myStrongPassword123! is considered very strong
+  });
+});

release-notes/opensearch-security-dashboards-plugin.release-notes-2.14.0.0.md

@@ -0,0 +1,21 @@
+## Version 2.14.0.0
+
+Compatible with OpenSearch-Dashboards 2.14.0
+
+### Enhancements
+* Adds Multiple Datasources Support for Security Dashboards Plugin ([#1888](https://github.com/opensearch-project/security-dashboards-plugin/pull/1888)) 
+* Adds flow-framework transport action permissions to the static dropdown list ([#1908](https://github.com/opensearch-project/security-dashboards-plugin/pull/1908)) 
+* Update copy for tenancy tab ([#1881](https://github.com/opensearch-project/security-dashboards-plugin/pull/1881))
+* Clear session storage on auto-logout & remove unused saml function ([#1872](https://github.com/opensearch-project/security-dashboards-plugin/pull/1872))
+* Create a password strength UI for security dashboards plugin ([#1762](https://github.com/opensearch-project/security-dashboards-plugin/pull/1762))
+
+### Bug Fixes
+* Fixes saml login flow to work with anonymous auth ([#1839](https://github.com/opensearch-project/security-dashboards-plugin/pull/1839))
+* Fixes issue with multi-tenancy and default route to use corresponding default route for the selected tenant ([#1820](https://github.com/opensearch-project/security-dashboards-plugin/pull/1820))
+* Fix oidc cypress test and remove doc link ([#1923](https://github.com/opensearch-project/security-dashboards-plugin/pull/1923))
+* Add fix for data source disabled plugin should work ([#1916](https://github.com/opensearch-project/security-dashboards-plugin/pull/1916))
+
+### Maintenance
+* Add husky pre commit and lint files ([#1859](https://github.com/opensearch-project/security-dashboards-plugin/pull/1859))
+* Remove implicit dependency to admin as password ([#1855](https://github.com/opensearch-project/security-dashboards-plugin/pull/1855))
+* Bump jose from 4.11.2 to 5.2.4 ([#1902](https://github.com/opensearch-project/security-dashboards-plugin/pull/1902))

server/auth/types/authentication_type.ts

@@ -114,7 +114,6 @@ export abstract class AuthenticationType implements IAuthenticationType {
     let cookie: SecuritySessionCookie | null | undefined;
     let authInfo: any | undefined;
     // if this is an REST API call, suppose the request includes necessary auth header
-    // see https://www.elastic.co/guide/en/opensearch-dashboards/master/using-api.html
     if (this.requestIncludesAuthInfo(request)) {
       try {
         const additionalAuthHeader = await this.getAdditionalAuthHeader(request);

test/cypress/e2e/oidc/oidc_auth_test.spec.js

@@ -65,7 +65,7 @@ describe('Log in via OIDC', () => {
     localStorage.setItem('opendistro::security::tenant::saved', '""');
     localStorage.setItem('home:newThemeModal:show', 'false');
 
-    cy.get('a').contains('Dev Tools').should('be.visible');
+    cy.get('a[data-test-subj="breadcrumb first last"]').contains('Dev Tools').should('be.visible');
   });
 
   it('Login to Dashboard with Hash', () => {

yarn.lock

@@ -5161,3 +5161,8 @@ yauzl@^2.10.0:
   dependencies:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
+
+zxcvbn@^4.4.2:
+  version "4.4.2"
+  resolved "https://registry.yarnpkg.com/zxcvbn/-/zxcvbn-4.4.2.tgz#28ec17cf09743edcab056ddd8b1b06262cc73c30"
+  integrity sha512-Bq0B+ixT/DMyG8kgX2xWcI5jUvCwqrMxSFam7m0lAf78nf04hv6lNCsyLYdyYTrCVMqNDY/206K7eExYCeSyUQ==