Revert private key policy error handling in WebUI (Redo)

web/packages/shared/services/index.ts

@@ -13,5 +13,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-export * from './consts';
 export * from './types';

web/packages/shared/services/types.ts

@@ -14,8 +14,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { privateKeyEnablingPolicies } from './consts';
-
 export type AuthProviderType = 'oidc' | 'saml' | 'github';
 
 export type Auth2faType = 'otp' | 'off' | 'optional' | 'on' | 'webauthn';
@@ -44,7 +42,3 @@ export type AuthProvider = {
   type: AuthProviderType;
   url: string;
 };
-
-export type PrivateKeyPolicy =
-  | 'none'
-  | typeof privateKeyEnablingPolicies[number];

web/packages/shared/utils/errorType.ts

@@ -14,12 +14,6 @@
  * limitations under the License.
  */
 
-import { privateKeyEnablingPolicies } from 'shared/services';
-
-export function isPrivateKeyRequiredError(err: Error) {
-  return privateKeyEnablingPolicies.some(p => err.message.includes(p));
-}
-
 // getErrMessage first checks if the error is of type Error
 // before attempting to access the error message field.
 // Used with try catch blocks, where the error caught

web/packages/teleport/src/Login/Login.story.tsx

@@ -51,7 +51,6 @@ const sample: State = {
   clearAttempt: () => null,
   isPasswordlessEnabled: false,
   primaryAuthType: 'local',
-  privateKeyPolicyEnabled: false,
   motd: '',
   showMotd: false,
   acknowledgeMotd: () => null,

web/packages/teleport/src/Login/Login.test.tsx

@@ -16,7 +16,6 @@
 
 import React from 'react';
 import { render, fireEvent, screen, waitFor } from 'design/utils/testing';
-import { privateKeyEnablingPolicies } from 'shared/services/consts';
 
 import auth from 'teleport/services/auth/auth';
 import history from 'teleport/services/history';
@@ -79,41 +78,6 @@ test('login with SSO', () => {
   );
 });
 
-test('login with private key policy enabled through cluster wide', () => {
-  jest
-    .spyOn(cfg, 'getPrivateKeyPolicy')
-    .mockImplementation(() => 'hardware_key');
-
-  render(<Login />);
-
-  expect(screen.queryByPlaceholderText(/username/i)).not.toBeInTheDocument();
-  expect(screen.getByText(/login disabled/i)).toBeInTheDocument();
-});
-
-test('login with private key policy enabled through role setting', async () => {
-  // Just needs any of these enabling keywords in error message
-  jest
-    .spyOn(auth, 'login')
-    .mockRejectedValue(new Error(privateKeyEnablingPolicies[0]));
-
-  render(<Login />);
-
-  // Fill form.
-  const username = screen.getByPlaceholderText(/username/i);
-  const password = screen.getByPlaceholderText(/password/i);
-  fireEvent.change(username, { target: { value: 'username' } });
-  fireEvent.change(password, { target: { value: '123' } });
-
-  // Test logging in with private key error return renders private policy error.
-  fireEvent.click(screen.getByText('Sign In'));
-  await waitFor(() => {
-    expect(auth.login).toHaveBeenCalledWith('username', '123', '');
-  });
-
-  expect(screen.queryByPlaceholderText(/username/i)).not.toBeInTheDocument();
-  expect(screen.getByText(/login disabled/i)).toBeInTheDocument();
-});
-
 describe('test MOTD', () => {
   test('show motd only if motd is set', async () => {
     // default login form

web/packages/teleport/src/Login/Login.tsx

@@ -41,7 +41,6 @@ export function Login({
   clearAttempt,
   isPasswordlessEnabled,
   primaryAuthType,
-  privateKeyPolicyEnabled,
   motd,
   showMotd,
   acknowledgeMotd,
@@ -65,7 +64,6 @@ export function Login({
           clearAttempt={clearAttempt}
           isPasswordlessEnabled={isPasswordlessEnabled}
           primaryAuthType={primaryAuthType}
-          privateKeyPolicyEnabled={privateKeyPolicyEnabled}
         />
       )}
     </>

web/packages/teleport/src/Login/useLogin.ts

@@ -17,23 +17,13 @@
 import { useState } from 'react';
 import { useAttempt } from 'shared/hooks';
 import { AuthProvider } from 'shared/services';
-import { isPrivateKeyRequiredError } from 'shared/utils/errorType';
 
 import history from 'teleport/services/history';
 import cfg from 'teleport/config';
 import auth, { UserCredentials } from 'teleport/services/auth';
 
 export default function useLogin() {
   const [attempt, attemptActions] = useAttempt({ isProcessing: false });
-  // privateKeyPolicyEnabled can be enabled through cluster wide config,
-  // or through a role setting.
-  // Cluster wide config takes precedence and the user will not
-  // see a login form which prevents login attempts.
-  // Role setting requires the user to try a successful
-  // attempt at logging in to determine if private key policy was enabled.
-  const [privateKeyPolicyEnabled, setPrivateKeyPolicyEnabled] = useState(
-    cfg.getPrivateKeyPolicy() != 'none'
-  );
 
   const authProviders = cfg.getAuthProviders();
   const auth2faType = cfg.getAuth2faType();
@@ -58,10 +48,6 @@ export default function useLogin() {
       .login(email, password, token)
       .then(onSuccess)
       .catch(err => {
-        if (isPrivateKeyRequiredError(err)) {
-          setPrivateKeyPolicyEnabled(true);
-          return;
-        }
         attemptActions.error(err);
       });
   }
@@ -72,10 +58,6 @@ export default function useLogin() {
       .loginWithWebauthn(creds)
       .then(onSuccess)
       .catch(err => {
-        if (isPrivateKeyRequiredError(err)) {
-          setPrivateKeyPolicyEnabled(true);
-          return;
-        }
         attemptActions.error(err);
       });
   }
@@ -99,7 +81,6 @@ export default function useLogin() {
     clearAttempt: attemptActions.clear,
     isPasswordlessEnabled: cfg.isPasswordlessEnabled(),
     primaryAuthType: cfg.getPrimaryAuthType(),
-    privateKeyPolicyEnabled,
     motd,
     showMotd,
     acknowledgeMotd,

web/packages/teleport/src/Welcome/NewCredentials/NewCredentials.story.test.tsx

@@ -57,14 +57,6 @@ test('story.SuccessReset', () => {
   const { container } = render(<story.SuccessReset />);
   expect(container.firstChild).toMatchSnapshot();
 });
-test('story.SuccessAndPrivateKeyEnabledRegister', () => {
-  const { container } = render(<story.SuccessAndPrivateKeyEnabledRegister />);
-  expect(container.firstChild).toMatchSnapshot();
-});
-test('story.SuccessAndPrivateKeyEnabledReset', () => {
-  const { container } = render(<story.SuccessAndPrivateKeyEnabledReset />);
-  expect(container.firstChild).toMatchSnapshot();
-});
 test('story.SuccessRegisterDashboard', () => {
   const { container } = render(<story.SuccessRegisterDashboard />);
   expect(container.firstChild).toMatchSnapshot();

web/packages/teleport/src/Welcome/NewCredentials/NewCredentials.story.tsx

@@ -137,19 +137,6 @@ export const SuccessReset = () =>
     resetMode: true,
   });
 
-export const SuccessAndPrivateKeyEnabledRegister = () =>
-  renderNewCredentials({
-    success: true,
-    privateKeyPolicyEnabled: true,
-  });
-
-export const SuccessAndPrivateKeyEnabledReset = () =>
-  renderNewCredentials({
-    success: true,
-    resetMode: true,
-    privateKeyPolicyEnabled: true,
-  });
-
 export const SuccessRegisterDashboard = () =>
   renderNewCredentials({
     success: true,
@@ -198,7 +185,6 @@ const makeNewCredProps = (
       success: false,
       finishedRegister: () => null,
       recoveryCodes: null,
-      privateKeyPolicyEnabled: false,
       resetToken: {
         user: 'john@example.com',
         tokenId: 'test123',

web/packages/teleport/src/Welcome/NewCredentials/NewCredentials.test.tsx

@@ -28,7 +28,6 @@ import { makeTestUserContext } from 'teleport/User/testHelpers/makeTestUserConte
 const attempt: Attempt = { status: '' };
 const failedAttempt: Attempt = { status: 'failed' };
 const processingAttempt: Attempt = { status: 'processing' };
-const successAttempt: Attempt = { status: 'success', statusText: 'hey' };
 
 const resetToken: ResetToken = {
   tokenId: 'tokenId',
@@ -54,7 +53,6 @@ const makeProps = (): NewCredentialsProps => {
     redirect: () => {},
     success: false,
     finishedRegister: () => {},
-    privateKeyPolicyEnabled: false,
     resetMode: false,
     isDashboard: false,
   };
@@ -80,32 +78,9 @@ test.each(nullCases)('renders $attempt as null', testCase => {
   expect(container).toBeEmptyDOMElement();
 });
 
-test('renders Reset Complete for success and private key policy enabled during reset', () => {
-  const props = makeProps();
-  props.fetchAttempt = successAttempt;
-  props.success = true;
-  props.privateKeyPolicyEnabled = true;
-  props.resetMode = true;
-  render(<NewCredentials {...props} />);
-
-  expect(screen.getByText(/Reset Complete/i)).toBeInTheDocument();
-});
-
-test('renders Registration Complete for success and private key policy enabled during registration', () => {
-  const props = makeProps();
-  props.fetchAttempt = { status: 'success' };
-  props.success = true;
-  props.privateKeyPolicyEnabled = true;
-  props.resetMode = false;
-  render(<NewCredentials {...props} />);
-
-  expect(screen.getByText(/Registration Complete/i)).toBeInTheDocument();
-});
-
 test('renders Register Success on success', () => {
   const props = makeProps();
   props.fetchAttempt = { status: 'success' };
-  props.privateKeyPolicyEnabled = false;
   props.recoveryCodes = undefined;
   props.success = true;
   render(<NewCredentials {...props} />);

web/packages/teleport/src/Welcome/NewCredentials/NewCredentials.tsx

@@ -22,7 +22,6 @@ import { OnboardCard } from 'design/Onboard/OnboardCard';
 import { Box } from 'design';
 
 import RecoveryCodes from 'teleport/components/RecoveryCodes';
-import { PrivateKeyLoginDisabledCard } from 'teleport/components/PrivateKeyPolicy';
 import cfg from 'teleport/config';
 
 import { loginFlows } from 'teleport/Welcome/NewCredentials/constants';
@@ -61,7 +60,6 @@ export function NewCredentials(props: NewCredentialsProps) {
     primaryAuthType,
     success,
     finishedRegister,
-    privateKeyPolicyEnabled,
     isDashboard,
     displayOnboardingQuestionnaire = false,
     setDisplayOnboardingQuestionnaire = false,
@@ -86,14 +84,6 @@ export function NewCredentials(props: NewCredentialsProps) {
     return null;
   }
 
-  if (success && privateKeyPolicyEnabled) {
-    return (
-      <PrivateKeyLoginDisabledCard
-        title={resetMode ? 'Reset Complete' : 'Registration Complete'}
-      />
-    );
-  }
-
   if (
     success &&
     !resetMode &&