@W-20890250 Handle request limit and monthly quota error states for passwordless and reset password

[hajinsuha1]

Description

Adds a new "Too many requests" error message when /passwordless/login or /password/reset return a 400 response:

{
  "status_code" : "400 BAD_REQUEST",
  "message" : "Too many login requests were made. Please try again later."
}

/passwordless/login returns too many requests error:

/password/reset returns too many requests error:

Also updated Email Confirmation page to display errors if form has any set. This ensures if the "Too many requests" error is returned, when a user spams the "Resend Link" button, the error is displayed.

Full list of API error to UI error message mapping can be found here

Types of Changes

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Documentation update
• Breaking change (could cause existing functionality to not work as expected)
• Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

• Removing a public function or component or prop
• Adding a required argument to a function
• Changing the data type of a function parameter or return value
• Adding a new peer dependency to package.json

Changes

• display errors in Email Confirmation page
• added new auth-utils.js that contains utility methods for mapping passwordless and reset password API error messages to user-friendly error messages
• added mapping of the following API error messages:
  • "no callback_uri is registered for client" -> "This feature is not currently available"
  • "Too many login requests were made. Please try again later." -> Too many requests. For your security, please wait 10 ** minutes before trying again.
  • "Monthly quota for passwordless login mode email has been exceeded" -> "This feature is not currently available"

How to Test-Drive This PR

Too many requests error

1. Navigate to https://wasatch-mrt-feature-private.mrt-storefront-staging.com/us/en-us
2. Open the developer console
3. Click on the profile icon on the top right, enter your email, click the Continue button. Then click Resend Link button 6 times in 10 minutes.
4. Verify Too many requests. For your security, please wait 10 minutes before trying again. error is displayed
   
5. Close and reopen the auth modal, enter your email, click the Continue button.
6. Verify Too many requests. For your security, please wait 10 minutes before trying again. error is displayed
   
7. Click Password button, click Forgot Password link. Click Reset Password and repeat this 3 more times to trigger the too many requests error
8. Verify Too many requests. For your security, please wait 10 minutes before trying again. error is displayed
   
9. Repeat these steps in the login page: https://wasatch-mrt-feature-private.mrt-storefront-staging.com/us/en-us/login
   
   
   

no callback_uri is registered for client error

1. Navigate to https://wasatch-mrt-passwordless-poc.mrt-storefront-staging.com/us/en-us
2. Click on the profile icon on the top right, enter your email, click the Continue button.
3. Verify This feature is not currently available. error is displayed
   
4. Click Password button, click Forgot Password link. Click Reset Password.
5. Verify This feature is not currently available. error is displayed
   
6. Repeat these steps in the login page: https://wasatch-mrt-passwordless-poc.mrt-storefront-staging.com/us/en-us/login

Checklists

General

• Changes are covered by test cases
• CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

• There are no changes to UI

or...

• Changes were tested with a Screen Reader (iOS VoiceOver or Android Talkback) and had no issues
• Changes comply with WCAG 2.0 guidelines levels A and AA
• Changes to common UI patterns and interactions comply with WAI-ARIA best practices

Localization

• Changes include a UI text update in the Retail React App (which requires translation)

[cc-prodsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[hajinsuha1]

calling getPasswordResetToken(options, true) returns the rawResponse which was need to pass the error message to retail-react-app for determining which error message to display

[hajinsuha1]

This has been added to the email confirmation page now that we need to display a "Too many requests" error

[hajinsuha1]

this has been moved to auth-utils.js above and renamed to PASSWORDLESS_FEATURE_UNAVAILABLE_ERRORS as it is only used there