debcrafters-packages team mailing list archive

Thread
Date
[Bug 2117396] Re: Accessibility issues with password entries

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Sergio Costas <2117396@xxxxxxxxxxxxxxxxxx>
Date: Tue, 22 Jul 2025 07:34:01 -0000
Reply-to: Bug 2117396 <2117396@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
** Description changed:

  Libnma has, at least, two accessibility problems:
  
  * when an invalid password is typed, the text entry change its color to
  red, but nothing else. This is an invalid behavior because it relies
  exclusively in color to notify an error.
  
  * the password storage options are accessed through the secondary icon
  in the password entry, but those icons aren't accessible, because
  neither can be accessed using only keyboard navigation, nor have a11y
  labels/descriptions.
  
  [ Impact ]
  
  Users that rely on keyboard navigation and/or screen readers won't be
  able to change the password storage options.
  
  Also, color-blind users won't be able to notice that a password is
  invalid.
  
  There are two patches that fix these problems:
  
  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/70
  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/71
  
  Even more: applying the second patch, which fixes the accessibility for
  the password storage options, allows to move the error icon in the first
  patch to the secondary place, which gives a better appearance.
  
  [ Test plan ]
  
  * Open gnome-control-center
  * Go to the Wireless tab (or Network tab if the computer lacks wireless interface)
  * Open the properties of any of the interfaces
  * Go to the `Security` tab
  * For each of the possible security options (from the first expandable menu), and using the TAB key, ensure (with the patch) that it's possible to access all the buttons for setting the password storage.
  * Ensure that, when the password is invalid (for example, because it's empty) the entry not only is red, but also shows the `error` icon.
  
  [ Where problems could occur ]
  
  The first patch is quite simple, so the only problems that could be
  expected to happen are related to the accessibility; for example, an
  incorrect icon when there is an error, or an incorrect description in
  that case.
  
  The second patch, instead, is quite extensive and touches several parts,
  specifically the interface. Several problems could occur if it hasn't
  been correctly done:
  
  * the interface can be left in an inconsistent state (for example, the button to change the password storage could be set to insensitive and, thus, don't allow to change again to sensitive, due to being linked to the sensitivity of the text entry)
  * the interface files have been modified to include an extra button. Although care has been taken to ensure that the appearance is consistent, the buttons are inside a grid, so it could be that, due to a mistake, the rest of the interface wasn't expanded accordingly, and the button appear "outside the margins"
  * since the interface files (.ui) in the current packages' code is different for Gtk3 and Gtk4 (in upstream this is fixed, and both sets have been unified), and gnome-control-center only uses Gtk4, it is possible that the backport made from the upstream patch contain errors in the Gtk3 interface files, which only could be detected with a Gtk3 program that uses this library. Unfortunately, at the moment no such program is known (with the exception of even older versions of gnome-control-center).
+ * there are more differences between upstream and the versions in Noble/Plucky/Questing. Specifically, nma-cert-chooser.ui doesn't exist, and everything is
+ created with code in nma-cert-chooser.c, which results in some extra changes
+ to accommodate what in upstream goes into the .ui file, into the .c code. This
+ is an important point to review and where errors could be made, resulting
+ in errors in the TLS page.

** Description changed:

  Libnma has, at least, two accessibility problems:
  
  * when an invalid password is typed, the text entry change its color to
  red, but nothing else. This is an invalid behavior because it relies
  exclusively in color to notify an error.
  
  * the password storage options are accessed through the secondary icon
  in the password entry, but those icons aren't accessible, because
  neither can be accessed using only keyboard navigation, nor have a11y
  labels/descriptions.
  
  [ Impact ]
  
  Users that rely on keyboard navigation and/or screen readers won't be
  able to change the password storage options.
  
  Also, color-blind users won't be able to notice that a password is
  invalid.
  
  There are two patches that fix these problems:
  
  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/70
  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/71
  
  Even more: applying the second patch, which fixes the accessibility for
  the password storage options, allows to move the error icon in the first
  patch to the secondary place, which gives a better appearance.
  
  [ Test plan ]
  
  * Open gnome-control-center
  * Go to the Wireless tab (or Network tab if the computer lacks wireless interface)
  * Open the properties of any of the interfaces
  * Go to the `Security` tab
  * For each of the possible security options (from the first expandable menu), and using the TAB key, ensure (with the patch) that it's possible to access all the buttons for setting the password storage.
  * Ensure that, when the password is invalid (for example, because it's empty) the entry not only is red, but also shows the `error` icon.
  
  [ Where problems could occur ]
  
  The first patch is quite simple, so the only problems that could be
  expected to happen are related to the accessibility; for example, an
  incorrect icon when there is an error, or an incorrect description in
  that case.
  
  The second patch, instead, is quite extensive and touches several parts,
  specifically the interface. Several problems could occur if it hasn't
  been correctly done:
  
  * the interface can be left in an inconsistent state (for example, the button to change the password storage could be set to insensitive and, thus, don't allow to change again to sensitive, due to being linked to the sensitivity of the text entry)
  * the interface files have been modified to include an extra button. Although care has been taken to ensure that the appearance is consistent, the buttons are inside a grid, so it could be that, due to a mistake, the rest of the interface wasn't expanded accordingly, and the button appear "outside the margins"
  * since the interface files (.ui) in the current packages' code is different for Gtk3 and Gtk4 (in upstream this is fixed, and both sets have been unified), and gnome-control-center only uses Gtk4, it is possible that the backport made from the upstream patch contain errors in the Gtk3 interface files, which only could be detected with a Gtk3 program that uses this library. Unfortunately, at the moment no such program is known (with the exception of even older versions of gnome-control-center).
- * there are more differences between upstream and the versions in Noble/Plucky/Questing. Specifically, nma-cert-chooser.ui doesn't exist, and everything is
- created with code in nma-cert-chooser.c, which results in some extra changes
- to accommodate what in upstream goes into the .ui file, into the .c code. This
- is an important point to review and where errors could be made, resulting
- in errors in the TLS page.
+ * there are more differences between upstream and the versions in Noble/Plucky/Questing. Specifically, nma-cert-chooser.ui doesn't exist, and everything is created with code in nma-cert-chooser.c, which results in some extra changes to accommodate what in upstream goes into the .ui file, into the .c code. This is an important point to review and where errors could be made, resulting in errors in the TLS page.

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to libnma in Ubuntu.
https://bugs.launchpad.net/bugs/2117396

Title:
  Accessibility issues with password entries

Status in libnma package in Ubuntu:
  New
Status in libnma source package in Noble:
  New
Status in libnma source package in Plucky:
  New
Status in libnma source package in Questing:
  New

Bug description:
  Libnma has, at least, two accessibility problems:

  * when an invalid password is typed, the text entry change its color
  to red, but nothing else. This is an invalid behavior because it
  relies exclusively in color to notify an error.

  * the password storage options are accessed through the secondary icon
  in the password entry, but those icons aren't accessible, because
  neither can be accessed using only keyboard navigation, nor have a11y
  labels/descriptions.

  [ Impact ]

  Users that rely on keyboard navigation and/or screen readers won't be
  able to change the password storage options.

  Also, color-blind users won't be able to notice that a password is
  invalid.

  There are two patches that fix these problems:

  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/70
  https://gitlab.gnome.org/GNOME/libnma/-/merge_requests/71

  Even more: applying the second patch, which fixes the accessibility
  for the password storage options, allows to move the error icon in the
  first patch to the secondary place, which gives a better appearance.

  [ Test plan ]

  * Open gnome-control-center
  * Go to the Wireless tab (or Network tab if the computer lacks wireless interface)
  * Open the properties of any of the interfaces
  * Go to the `Security` tab
  * For each of the possible security options (from the first expandable menu), and using the TAB key, ensure (with the patch) that it's possible to access all the buttons for setting the password storage.
  * Ensure that, when the password is invalid (for example, because it's empty) the entry not only is red, but also shows the `error` icon.

  [ Where problems could occur ]

  The first patch is quite simple, so the only problems that could be
  expected to happen are related to the accessibility; for example, an
  incorrect icon when there is an error, or an incorrect description in
  that case.

  The second patch, instead, is quite extensive and touches several
  parts, specifically the interface. Several problems could occur if it
  hasn't been correctly done:

  * the interface can be left in an inconsistent state (for example, the button to change the password storage could be set to insensitive and, thus, don't allow to change again to sensitive, due to being linked to the sensitivity of the text entry)
  * the interface files have been modified to include an extra button. Although care has been taken to ensure that the appearance is consistent, the buttons are inside a grid, so it could be that, due to a mistake, the rest of the interface wasn't expanded accordingly, and the button appear "outside the margins"
  * since the interface files (.ui) in the current packages' code is different for Gtk3 and Gtk4 (in upstream this is fixed, and both sets have been unified), and gnome-control-center only uses Gtk4, it is possible that the backport made from the upstream patch contain errors in the Gtk3 interface files, which only could be detected with a Gtk3 program that uses this library. Unfortunately, at the moment no such program is known (with the exception of even older versions of gnome-control-center).
  * there are more differences between upstream and the versions in Noble/Plucky/Questing. Specifically, nma-cert-chooser.ui doesn't exist, and everything is created with code in nma-cert-chooser.c, which results in some extra changes to accommodate what in upstream goes into the .ui file, into the .c code. This is an important point to review and where errors could be made, resulting in errors in the TLS page.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnma/+bug/2117396/+subscriptions
References

[Bug 2117396] [NEW] Accessibility issues with password entries
From: Sergio Costas, 2025-07-21