From 73e60b1d49ba2f4d28aec5325880392765de46d3 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 10 Jan 2025 11:38:16 +1100
Subject: [PATCH] [8.x] [User] Prevent disabled input change by password
 manager (#204269) (#206152)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[User] Prevent disabled input change by password manager
(#204269)](https://github.com/elastic/kibana/pull/204269)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Nick
Partridge","email":"nicholas.partridge@elastic.co"},"sourceCommit":{"committedDate":"2025-01-09T22:48:03Z","message":"[User]
Prevent disabled input change by password manager (#204269)\n\nPrevents
username input from being edited by password manager extensions when
`disabled`","sha":"d96168c64f88547aa2f8aa1f991fbfda899218a0","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","backport:prev-minor"],"title":"[User]
Prevent disabled input change by password
manager","number":204269,"url":"https://github.com/elastic/kibana/pull/204269","mergeCommit":{"message":"[User]
Prevent disabled input change by password manager (#204269)\n\nPrevents
username input from being edited by password manager extensions when
`disabled`","sha":"d96168c64f88547aa2f8aa1f991fbfda899218a0"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204269","number":204269,"mergeCommit":{"message":"[User]
Prevent disabled input change by password manager (#204269)\n\nPrevents
username input from being edited by password manager extensions when
`disabled`","sha":"d96168c64f88547aa2f8aa1f991fbfda899218a0"}}]}]
BACKPORT-->

Co-authored-by: Nick Partridge <nicholas.partridge@elastic.co>
---
 .../users/edit_user/user_form.test.tsx        | 64 +++++++++++++++++++
 .../management/users/edit_user/user_form.tsx  |  2 +-
 2 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.test.tsx

diff --git a/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.test.tsx b/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.test.tsx
new file mode 100644
index 0000000000000..2bdae6fd56311
--- /dev/null
+++ b/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.test.tsx
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { fireEvent, render, screen } from '@testing-library/react';
+import { createMemoryHistory } from 'history';
+import React from 'react';
+
+import { coreMock } from '@kbn/core/public/mocks';
+
+import type { UserFormProps, UserFormValues } from './user_form';
+import { UserForm } from './user_form';
+import { securityMock } from '../../../mocks';
+import { Providers } from '../users_management_app';
+
+const userMock: UserFormValues = {
+  username: 'jdoe',
+  full_name: '',
+  email: '',
+  roles: ['superuser'],
+};
+
+describe('UserForm', () => {
+  const coreStart = coreMock.createStart();
+  const authc = securityMock.createSetup().authc;
+  const history = createMemoryHistory({ initialEntries: ['/edit/jdoe'] });
+
+  const onCancelMock = jest.fn();
+  const onSuccessMock = jest.fn();
+
+  let defaultProps: UserFormProps;
+
+  beforeEach(() => {
+    defaultProps = {
+      isNewUser: true,
+      isReservedUser: false,
+      isCurrentUser: false,
+      defaultValues: userMock,
+      onCancel: onCancelMock,
+      onSuccess: onSuccessMock,
+      disabled: false,
+    };
+  });
+
+  const renderUserForm = (props: Partial<UserFormProps> = {}) => {
+    return render(
+      <Providers services={coreStart} authc={authc} history={history}>
+        <UserForm {...defaultProps} {...props} />
+      </Providers>
+    );
+  };
+
+  it('prevents editing username when disabled', async () => {
+    // See https://github.com/elastic/kibana/issues/204268
+
+    renderUserForm({ disabled: true });
+    const usernameInput = screen.getByTestId<HTMLInputElement>('userFormUserNameInput');
+    fireEvent.change(usernameInput, { target: { value: 'foo' } });
+    expect(usernameInput.value).toBe('jdoe');
+  });
+});
diff --git a/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.tsx b/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.tsx
index d5cfc09819157..3fdbf2ab1bc90 100644
--- a/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.tsx
+++ b/x-pack/platform/plugins/shared/security/public/management/users/edit_user/user_form.tsx
@@ -272,7 +272,7 @@ export const UserForm: FunctionComponent<UserFormProps> = ({
             isLoading={form.isValidating}
             isInvalid={form.touched.username && !!form.errors.username}
             disabled={disabled || !isNewUser}
-            onChange={eventHandlers.onChange}
+            onChange={disabled || !isNewUser ? undefined : eventHandlers.onChange}
             onBlur={eventHandlers.onBlur}
           />
         </EuiFormRow>