From f2a1b49d48d554c1862874600f17c404a3fac9aa Mon Sep 17 00:00:00 2001
From: Brian Gough <briangough@users.noreply.github.com>
Date: Thu, 21 Mar 2024 18:23:13 +0000
Subject: [PATCH] Merge pull request #17593 from
 overleaf/bg-account-security-update-hibp-links

Update haveibeenpwnd links to use the password check form

GitOrigin-RevId: f67b1ed689c851ad3684becc38cd5eb82b0018a2
---
 .../app/src/Features/Authentication/AuthenticationController.js | 2 +-
 services/web/app/views/user/login.pug                           | 2 +-
 services/web/app/views/user/setPassword.pug                     | 2 +-
 .../js/features/settings/components/password-section.tsx        | 2 +-
 services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js      | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/services/web/app/src/Features/Authentication/AuthenticationController.js b/services/web/app/src/Features/Authentication/AuthenticationController.js
index 3fa161ebd1..db8c0629c9 100644
--- a/services/web/app/src/Features/Authentication/AuthenticationController.js
+++ b/services/web/app/src/Features/Authentication/AuthenticationController.js
@@ -233,7 +233,7 @@ const AuthenticationController = {
                       'password_compromised_try_again_or_use_known_device_or_reset'
                     )
                     .replace('<0>', '')
-                    .replace('</0>', ' (https://haveibeenpwned.com)')
+                    .replace('</0>', ' (https://haveibeenpwned.com/passwords)')
                     .replace('<1>', '')
                     .replace(
                       '</1>',
diff --git a/services/web/app/views/user/login.pug b/services/web/app/views/user/login.pug
index f390bdfe49..7e4148bcad 100644
--- a/services/web/app/views/user/login.pug
+++ b/services/web/app/views/user/login.pug
@@ -16,7 +16,7 @@ block content
 								span.sr-only(id='resetPasswordDescription')
 									| #{translate('reset_password_link')}
 							+customValidationMessage('password-compromised')
-								| !{translate('password_compromised_try_again_or_use_known_device_or_reset', {}, [{name: 'a', attrs: {href: 'https://haveibeenpwned.com', rel: 'noopener noreferrer', target: '_blank'}}, {name: 'a', attrs: {href: '/user/password/reset', target: '_blank'}}])}.
+								| !{translate('password_compromised_try_again_or_use_known_device_or_reset', {}, [{name: 'a', attrs: {href: 'https://haveibeenpwned.com/passwords', rel: 'noopener noreferrer', target: '_blank'}}, {name: 'a', attrs: {href: '/user/password/reset', target: '_blank'}}])}.
 							.form-group
 								input.form-control(
 									type='email',
diff --git a/services/web/app/views/user/setPassword.pug b/services/web/app/views/user/setPassword.pug
index 04c5e02e79..198de711bf 100644
--- a/services/web/app/views/user/setPassword.pug
+++ b/services/web/app/views/user/setPassword.pug
@@ -60,7 +60,7 @@ block content
 								| #{translate('password_cant_be_the_same_as_current_one')}.
 
 							+customValidationMessage('password-must-be-strong')
-								| !{translate('password_was_detected_on_a_public_list_of_known_compromised_passwords', {}, [{name: 'a', attrs: {href: 'https://haveibeenpwned.com', rel: 'noopener noreferrer', target: '_blank'}}])}.
+								| !{translate('password_was_detected_on_a_public_list_of_known_compromised_passwords', {}, [{name: 'a', attrs: {href: 'https://haveibeenpwned.com/passwords', rel: 'noopener noreferrer', target: '_blank'}}])}.
 								| #{translate('use_a_different_password')}.
 
 							input(
diff --git a/services/web/frontend/js/features/settings/components/password-section.tsx b/services/web/frontend/js/features/settings/components/password-section.tsx
index c1f0552210..618744fa68 100644
--- a/services/web/frontend/js/features/settings/components/password-section.tsx
+++ b/services/web/frontend/js/features/settings/components/password-section.tsx
@@ -174,7 +174,7 @@ function PasswordForm() {
                   components={[
                     /* eslint-disable-next-line jsx-a11y/anchor-has-content, react/jsx-key */
                     <a
-                      href="https://haveibeenpwned.com"
+                      href="https://haveibeenpwned.com/passwords"
                       target="_blank"
                       rel="noreferrer noopener"
                     />,
diff --git a/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js b/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
index 2fc477fa1d..54113712f9 100644
--- a/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
+++ b/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
@@ -92,7 +92,7 @@ describe('HaveIBeenPwnedApi', function () {
           message: {
             type: 'error',
             key: 'password-compromised',
-            text: `The password you’ve entered is on a public list of compromised passwords (https://haveibeenpwned.com). Please try logging in from a device you’ve previously used or reset your password (${Settings.siteUrl}/user/password/reset).`,
+            text: `The password you’ve entered is on a public list of compromised passwords (https://haveibeenpwned.com/passwords). Please try logging in from a device you’ve previously used or reset your password (${Settings.siteUrl}/user/password/reset).`,
           },
         })
       }