From ec34f974a0eb4e4edfee9d01cab4983738da7e31 Mon Sep 17 00:00:00 2001
From: Christopher Bisom <cbisom@flexion.us>
Date: Tue, 27 Aug 2024 14:02:46 -0400
Subject: [PATCH] 10365-bug: remove leading/trailing spaces in password when
 making auth calls

---
 .../actions/Login/submitLoginAction.test.tsx  | 31 +++++++++++++++++++
 .../actions/Login/submitLoginAction.tsx       |  9 ++++--
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/web-client/src/presenter/actions/Login/submitLoginAction.test.tsx b/web-client/src/presenter/actions/Login/submitLoginAction.test.tsx
index 1bee759de49..e4d7df4ae9b 100644
--- a/web-client/src/presenter/actions/Login/submitLoginAction.test.tsx
+++ b/web-client/src/presenter/actions/Login/submitLoginAction.test.tsx
@@ -26,6 +26,37 @@ describe('submitLoginAction', () => {
     };
   });
 
+  it('should ignore leading/trailing spaces in password entry', async () => {
+    applicationContext.getUseCases().loginInteractor.mockResolvedValue({
+      accessToken: testAccessToken,
+      idToken: testIdToken,
+      refreshToken: testRefreshToken,
+    });
+
+    await runAction(submitLoginAction, {
+      modules: {
+        presenter,
+      },
+      state: {
+        authentication: {
+          form: {
+            code: '',
+            confirmPassword: '',
+            email: testEmail,
+            password: ' ' + testPassword + ' ',
+          },
+          tempPassword: '',
+        },
+      },
+    });
+    expect(
+      applicationContext.getUseCases().loginInteractor.mock.calls[0][1],
+    ).toEqual({
+      email: testEmail,
+      password: testPassword,
+    });
+  });
+
   it('should call the success path when user is authenticated successfully', async () => {
     applicationContext.getUseCases().loginInteractor.mockResolvedValue({
       accessToken: testAccessToken,
diff --git a/web-client/src/presenter/actions/Login/submitLoginAction.tsx b/web-client/src/presenter/actions/Login/submitLoginAction.tsx
index 95c81c8f897..99604a96e94 100644
--- a/web-client/src/presenter/actions/Login/submitLoginAction.tsx
+++ b/web-client/src/presenter/actions/Login/submitLoginAction.tsx
@@ -12,17 +12,22 @@ export const submitLoginAction = async ({
 }> => {
   const { email, password } = get(state.authentication.form);
 
+  const cleanedPassword = password.trim();
+
   try {
     const { accessToken, idToken, refreshToken } = await applicationContext
       .getUseCases()
-      .loginInteractor(applicationContext, { email, password });
+      .loginInteractor(applicationContext, {
+        email,
+        password: cleanedPassword,
+      });
 
     return path.success({ accessToken, idToken, refreshToken });
   } catch (err: any) {
     const originalErrorMessage = err?.originalError?.response?.data;
 
     if (originalErrorMessage === 'NewPasswordRequired') {
-      return path.changePassword({ email, tempPassword: password });
+      return path.changePassword({ email, tempPassword: cleanedPassword });
     }
 
     if (originalErrorMessage === 'Invalid Username or Password') {