[#2622] Makes forgot-password link removable

[vins01-4science]

References

• Fixes Make forgot-password link removable #2622
• Requires [#9192] Makes forgot-password link removable DSpace#9194

Description

Introduces a new check to show the forgot-password link that uses the related AuthorizationFeature

Instructions for Reviewers

Try to enable the additional configuration:

user.forgot-password = false

inside the authentication-password.cfg and check that it is not shown inside the login-component, in both:

• dropdown login menu
• login page

Checklist

• My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
• My PR passes ESLint validation using yarn lint
• My PR doesn't introduce circular dependencies (verified via yarn check-circ-deps)
• My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
• My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
• If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
• If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
• If my PR fixes an issue ticket, I've linked them together.

[vins01-4science]

The e2e tests are failing due to the changes introduced in the login-component.
Once the #9194 backend PR will be merged, this test will pass without any problem.

[github-actions]

Hi @vins01-4science,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!

[tdonohue]

@vins01-4science : Could you resolve the merge conflicts in this PR to make it easier to review?

[vins01-4science]

@vins01-4science : Could you resolve the merge conflicts in this PR to make it easier to review?

Yes, sorry I forgot to address your comment.
I will update it shortly.

Thank you.

[tdonohue]

@vins01-4science : Gave this a test & review today. Overall it looks good.

I've also verified that the e2e test failure in this PR only occurs because the backend PR isn't merged yet. Once the backend PR & this one are merged, this e2e test should succeed (I've verified it succeeds for me locally with both the frontend & backend PRs installed).

All that said, I noticed a few small issues that would be nice to fix if possible:

• Even when user.forgot-password = false is set on the backend, I can still access the Forgot Password page by typing in the "/forgot" path in my browser address bar (e.g. http://localhost:4000/forgot) The good news is that when I submit it, I do receive an expected error. But, ideally, I should not be allow to access this page. Can we place some sort of "guard' in front of it that makes it inaccessible when disabled?
• Although it appears to not be related to this PR... I'm noticing that user.registration = false no longer works properly (at least via yarn build:prod; yarn serve:ssr). The "Click here to register" link always appears in the login dropdown even if that config is set to false. (NOTE: This appears to also be a bug on main. But, if you find time to fix it in this PR, feel free. Otherwise, I can log it as a separate bug ticket and look for a volunteer.)

[vins01-4science]

@vins01-4science : Gave this a test & review today. Overall it looks good.

I've also verified that the e2e test failure in this PR only occurs because the backend PR isn't merged yet. Once the backend PR & this one are merged, this e2e test should succeed (I've verified it succeeds for me locally with both the frontend & backend PRs installed).

All that said, I noticed a few small issues that would be nice to fix if possible:

* Even when `user.forgot-password = false` is set on the backend, I can still access the Forgot Password page by typing in the "/forgot" path in my browser address bar (e.g. `http://localhost:4000/forgot`)  The good news is that when I submit it, I do receive an expected error.  But, ideally, I should not be allow to access this page.  Can we place some sort of "guard' in front of it that makes it inaccessible when disabled?

* Although it appears to not be related to this PR... I'm noticing that `user.registration = false` no longer works properly (at least via `yarn build:prod; yarn serve:ssr`).  The "Click here to register" link _always_ appears in the login dropdown even if that config is set to false.  (NOTE: This appears to also be a bug on `main`. But, if you find time to fix it in this PR, feel free.  Otherwise, I can log it as a separate bug ticket and look for a volunteer.)

@tdonohue Thank you, everything have been addressed.

For the user.registration issue I was not able to reproduce it, so probably it needs more investigation.

The guard issue has been addressed, so let me know if you find something else!

[tdonohue]

👍 Thanks @vins01-4science ! Re-reviewed and retested today. All prior issues are fixed/addressed. I'll merge this after the backend PR is merged so that the e2e tests will succeed once merged.

I also verified that the user.registration configuration is working properly. I must have made a mistake in my earlier testing, as I can no longer reproduce that issue either.