[#40532] - Multi-factor authentication input field and auto complete issue
- Closed
- 9 May 2023
- Medium
- Build: 4.3.1
- # 40532
Steps to reproduce the issue
When using Chrome or Firefox to sign into a Joomla site that uses Multi-Factor authentication, the input field for the six digit verification code shows previous codes used. The auto complete should be disabled for this input field.
Expected result
The input field should not show the previous values used to sign in.
Actual result
The web browser auto complete feature shows previous values used when typing in the new six digit verification code.
System information (as much as possible)
Joomla 4.3.1, Chrome version 113.0.5672.64, Firefox version 112.0.2
Additional comments
Solution: add autocomplete="off" to the input field
Before:
<input type="text" name="code" value="" placeholder="" id="users-mfa-code" class="form-control" pattern="{0,9}" maxlength="6" inputmode="numeric">
After:
<input type="text" name="code" value="" placeholder="" id="users-mfa-code" class="form-control" pattern="{0,9}" maxlength="6" inputmode="numeric" autocomplete="off">
Votes
| Labels |
Removed:
?
|
||
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
Yet the issue still exists.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40532.
I have noticed this issue since version 3.9.15 but ignored it until today. The #38854 pr goes back to September 2022. Today I updated Joomla to 4.3.1 and the fix has yet to be deployed to the current release. One should not have to modify templates to fix this. Short of editing templates to fix this, I would expect this change to be rolled out to current releases sooner or later.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40532.
@electrosonics As you maybe know, every pull request needs to human tests to get accepted. And maybe you also know that Joomla is not a commercial product, it is a free product made by volunteers. So everybody can help with testing pull requests. Of course if everybody just put their hands in their pocket and wait until someone else does it, then it never will be done. So if you want to help, test that pull request.
Is there a guide to explain how one can test a pull request on a production web site? Once tested and affirmed it works, how does one provide feedback so the change may be considered for released into the next version?
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40532.
@electrosonics There is a description which is a bit outdated, but at the bottom there is a video about testing patches for Joomla 4. Howerver, it should not be done on production sites. It can be cone on a testing site, which can be a copy of a production site either on a local environment (e.g. XAMPP) or in a subdomain on the real host. Test results are then reported back in the issue tracker https://issues.joomla.org/tracker/joomla-cms/38854 by using the blue "Test this" button at the top left corner.
P.S.: As there are just 3 changed files, these can also be downloaded from here https://github.com/joomla/joomla-cms/pull/38854/files by going to each file, select "View file" in the "..." menu at the top right corner of each file, and then switch to "Raw" view and then download and save. Then backup the original files and then apply the downloaded ones.
This issue should be closed as there is a pr
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-05-09 08:49:42 |
| Closed_By | ⇒ | richard67 |
I would suggest the
one-time-code: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete#valueseg: