From 70c031d04ba1b057173b9743a06aaab298ac11f2 Mon Sep 17 00:00:00 2001
From: jawelton74 <103591340+jawelton74@users.noreply.github.com>
Date: Mon, 23 Oct 2023 12:04:19 -0700
Subject: [PATCH] Check for accounts that are restricted from connection string
 login. (#1673)

* Call Portal Backend to check for accounts that are restricted from
connection string login.

* Remove debug logging and revert to actual backend endpoint.

* Use React hooks for displaying error message.

* Move accountrestrictions route under guest.

* Check restrictions before resource token check.

* Revert test changes.
---
 .../Hosted/Components/ConnectExplorer.tsx     | 29 ++++++++++++++++---
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/Platform/Hosted/Components/ConnectExplorer.tsx b/src/Platform/Hosted/Components/ConnectExplorer.tsx
index 3ee72246e..624137030 100644
--- a/src/Platform/Hosted/Components/ConnectExplorer.tsx
+++ b/src/Platform/Hosted/Components/ConnectExplorer.tsx
@@ -30,6 +30,18 @@ export const fetchEncryptedToken = async (connectionString: string): Promise<str
   return decodeURIComponent(result.readWrite || result.read);
 };
 
+export const isAccountRestrictedForConnectionStringLogin = async (connectionString: string): Promise<boolean> => {
+  const headers = new Headers();
+  headers.append(HttpHeaders.connectionString, connectionString);
+  const url = configContext.BACKEND_ENDPOINT + "/api/guest/accountrestrictions/checkconnectionstringlogin";
+  const response = await fetch(url, { headers, method: "POST" });
+  if (!response.ok) {
+    throw response;
+  }
+
+  return (await response.text()) === "True";
+};
+
 export const ConnectExplorer: React.FunctionComponent<Props> = ({
   setEncryptedToken,
   login,
@@ -38,6 +50,7 @@ export const ConnectExplorer: React.FunctionComponent<Props> = ({
   setConnectionString,
 }: Props) => {
   const [isFormVisible, { setTrue: showForm }] = useBoolean(false);
+  const [errorMessage, setErrorMessage] = React.useState("");
   const enableConnectionStringLogin = !userContext.features.disableConnectionStringLogin;
 
   return (
@@ -53,6 +66,12 @@ export const ConnectExplorer: React.FunctionComponent<Props> = ({
               id="connectWithConnectionString"
               onSubmit={async (event) => {
                 event.preventDefault();
+                setErrorMessage("");
+
+                if (await isAccountRestrictedForConnectionStringLogin(connectionString)) {
+                  setErrorMessage("This account has been blocked from connection-string login.");
+                  return;
+                }
 
                 if (isResourceTokenConnectionString(connectionString)) {
                   setAuthType(AuthType.ResourceToken);
@@ -76,10 +95,12 @@ export const ConnectExplorer: React.FunctionComponent<Props> = ({
                     setConnectionString(event.target.value);
                   }}
                 />
-                <span className="errorDetailsInfoTooltip" style={{ display: "none" }}>
-                  <img className="errorImg" src={ErrorImage} alt="Error notification" />
-                  <span className="errorDetails"></span>
-                </span>
+                {errorMessage.length > 0 && (
+                  <span className="errorDetailsInfoTooltip">
+                    <img className="errorImg" src={ErrorImage} alt="Error notification" />
+                    <span className="errorDetails">{errorMessage}</span>
+                  </span>
+                )}
               </p>
               <p className="connectExplorerContent">
                 <input className="filterbtnstyle" type="submit" value="Connect" />