From c66a9851cc83cbe2564fd9307be54c559c0d9985 Mon Sep 17 00:00:00 2001
From: binwiederhier <pheckel@datto.com>
Date: Sat, 21 Jan 2023 20:07:39 -0500
Subject: [PATCH] Re-add password confirmation

---
 server/server.go             |  1 -
 web/src/components/Signup.js | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/server/server.go b/server/server.go
index cceb7d86..42216531 100644
--- a/server/server.go
+++ b/server/server.go
@@ -41,7 +41,6 @@ TODO
 UAT results (round 1):
 - Security: Account re-creation leads to terrible behavior. Use user ID instead of user name for (a) visitor map, (b) messages.user column, (c) Stripe checkout session
 - Account: Changing password should confirm the old password (Thorben)
-- Signup: Re-add password confirmation (Thorben & deadcade)
 - Reservation: Kill existing subscribers when topic is reserved (deadcade)
 - Reservation (UI): Show "This topic is reserved" error message when trying to reserve a reserved topic (Thorben)
 - Reservation (UI): Ask for confirmation when removing reservation (deadcade)
diff --git a/web/src/components/Signup.js b/web/src/components/Signup.js
index 9665bd46..c5cbaf04 100644
--- a/web/src/components/Signup.js
+++ b/web/src/components/Signup.js
@@ -20,7 +20,10 @@ const Signup = () => {
     const [error, setError] = useState("");
     const [username, setUsername] = useState("");
     const [password, setPassword] = useState("");
+    const [confirm, setConfirm] = useState("");
     const [showPassword, setShowPassword] = useState(false);
+    const [showConfirm, setShowConfirm] = useState(false);
+
     const handleSubmit = async (event) => {
         event.preventDefault();
         const user = { username, password };
@@ -43,6 +46,7 @@ const Signup = () => {
             }
         }
     };
+
     if (!config.enable_signup) {
         return (
             <AvatarBox>
@@ -50,6 +54,7 @@ const Signup = () => {
             </AvatarBox>
         );
     }
+
     return (
         <AvatarBox>
             <Typography sx={{ typography: 'h6' }}>
@@ -75,7 +80,7 @@ const Signup = () => {
                     label={t("signup_form_password")}
                     type={showPassword ? "text" : "password"}
                     id="password"
-                    autoComplete="current-password"
+                    autoComplete="new-password"
                     value={password}
                     onChange={ev => setPassword(ev.target.value.trim())}
                     InputProps={{
@@ -93,11 +98,37 @@ const Signup = () => {
                         )
                     }}
                 />
+                <TextField
+                    margin="dense"
+                    required
+                    fullWidth
+                    name="password"
+                    label={t("signup_form_confirm_password")}
+                    type={showConfirm ? "text" : "password"}
+                    id="confirm"
+                    autoComplete="new-password"
+                    value={confirm}
+                    onChange={ev => setConfirm(ev.target.value.trim())}
+                    InputProps={{
+                        endAdornment: (
+                            <InputAdornment position="end">
+                                <IconButton
+                                    aria-label={t("signup_form_toggle_password_visibility")}
+                                    onClick={() => setShowConfirm(!showConfirm)}
+                                    onMouseDown={(ev) => ev.preventDefault()}
+                                    edge="end"
+                                >
+                                    {showConfirm ? <VisibilityOff /> : <Visibility />}
+                                </IconButton>
+                            </InputAdornment>
+                        )
+                    }}
+                />
                 <Button
                     type="submit"
                     fullWidth
                     variant="contained"
-                    disabled={username === "" || password === ""}
+                    disabled={username === "" || password === "" || password !== confirm}
                     sx={{mt: 2, mb: 2}}
                 >
                     {t("signup_form_button_submit")}