[#23913] - [4.0] show pass not working in edit account
- Closed
- 4 Nov 2019
- Medium
- Build: 4.0-dev
- # 23913
- Diff
- bahl24:banner_track
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success continuous-integration/appveyor/pr AppVeyor build succeeded Details
- Success continuous-integration/drone/pr the build was successful Details
User tests: Successful: Unsuccessful:
Signed-off-by: Nitish Bahl nitishbahl24@gmail.com
Pull Request for Issue - Go to user menu at top right corner -> Edit account -> see that show pass icon alongside password doesn't work while that alongside confirm pass works.
Summary of Changes
Autocomplete is already false thus extra condition is not required
Expected result
Show pass field works like that in com_users
Actual result
Nothing happens when icon is clicked
Documentation Changes Required
No
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_admin |
@brianteeman You can verify by debugging that autocomplete is already false, thus the commented code is not required. Plus, no such code is there in com_users/edit which serves the same purpose and thus has no extra security feature.
So why was it there?
Sorry but when I see a comment like that then we need to investigate why it was put there and if it is no longer required.. You can';t just delete it
@brianteeman @infograf768 @bahl24 thisis definetely not the way to fix this!!!
The correct fix is to change the autocomplete to new-password in here:
The explanation is here: https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields
or if you're too lazy this part:
@dgrammatiko As mentioned in the last line, this has not been implemented yet.
See https://stackoverflow.com/questions/17719174/autocomplete-off-is-not-working-when-the-input-type-is-password-and-make-the.
I think we have same problem in Users->Manage->edit user. Adding code to disabling autocomplete should be added here as well. Should I do it?
| Labels |
Added:
?
|
||
hey I dont even know if it is desirable to prevent autofill. I was just pointing out that we cant delete code without full investigation of why it was there. Otherwise we end up with bug reports on a new release
@brianteeman As @infograf768 pointed out kindly see pr #7094 in which the following lines of code was added to prevent auto-filling of the forms. But since then many changes have been introduced in firefox such as autocomplete=new-password to get rid of the problem.
Also you can see in Users->Manage->edit user, which provides the same funtionality, that no such code exists in edit.php file
@brianteeman
This is the page I am talking about
No such code exists & show pass icon works properly
@dgrammatiko
changing to
<field
name="password"
type="password"
label="JGLOBAL_PASSWORD"
autocomplete="new-password"
class="validate-password-strength"
filter="raw"
validate="password"
strengthmeter="true"
force="on"
size="30"
/>
<field
name="password2"
type="password"
label="COM_USERS_USER_FIELD_PASSWORD2_LABEL"
autocomplete="new-password"
class="validate-passwordExtra"
filter="raw"
message="COM_USERS_USER_FIELD_PASSWORD1_MESSAGE"
size="30"
validate="equals"
field="password"
/>
just does not work for Firefox in 4.0. for the password fields
The Password field itself is always filled when editing a user (testing as super Admin here), thus forcing to enter again the code
<div class="controls">
<?php if ($field->fieldname == 'password') : ?>
<?php // Disables autocomplete ?> <input type="password" style="display:none">
<?php endif; ?>
<?php echo $field->input; ?>
</div>
Therefore, the feature MAY work in broswers in general, BUT not for Firefox
Any real-world working solution is welcome.
@infograf768 But such code does not exist in https://github.com/joomla/joomla-cms/blob/23d5fb7edc3046f598a8318e80777f8a1ad75985/administrator/components/com_users/tmpl/user/edit.php#L41though both com_user and com_admin give same functionality of changing passwords
I am here talking about the changes I had to do to NOT get the password field already filled in
as, when it is already filled, I have to fill again the Confirm Password field each time I have to modify some details of the user, which is not expected.
the code above concerns
password and not password2
@infograf768 what version of FF are you using?
@infograf768 what version of FF are you using?
last one: 65.0.1 Macintosh Clean branch install
@infograf768 the added HTML markup is not the way forward here. This is: https://gist.github.com/jonathantneal/d462fc2bf761a10c9fca60eb634f6977
@dgrammatiko
I suppose the code you link to would solve the issue. I don’t have the slightest idea on using it to propose a patch.
franz-wohlkoenig
- | Title |
|
||||||
It works for me without applying a patch.
I have tested this item
It worked without applying patch.
Also check on firefox version 69.0.2 and it worked correct.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23913.
If it worked without the patch then it cant be a successsful test of the patch
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23913.
No need to apply patch, it works without it.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23913.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-11-04 18:29:00 |
| Closed_By | ⇒ | Quy |
Closing as the proposed change is in the codebase and the proposed deletion is no longer there.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23913.
While this does work it is removing code that at least according to the comment is there to prevent autocomplete