mahara-contributors team mailing list archive

[Aaron Wells <1499164@xxxxxxxxxxxxxxxxxx>]

Well, we're actually already putting autocomplete="off" on that field!
It's apparently in all of pieform's password elements.

But Firefox ignores that, as described here:
https://developer.mozilla.org/en-
US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

Probably the best fix for this would be to move the password reset form
to another page entirely.

But, since this is a low-priority bug and it's right before a major
release, the quicker fix is to put in a hidden decoy password field
before any of the others. Firefox will detect that and fill it in
instead. Then we can just ignore the decoy.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1499164

Title:
  Don't autofill password reset field on user settings page

Status in Mahara:
  Confirmed
Status in Mahara 15.04 series:
  Confirmed
Status in Mahara 15.10 series:
  Confirmed

Bug description:
  Every time I go to my account settings screen to change something,
  Firefox always pre-fills the "Current password" field with some
  obscured text, which is apparently not my current password. And so, if
  I don't go in and manually clear the field, then it gives me a form
  validation failure when I try to submit, because the two password
  fields don't match.

  We need to put a flag on these fields that tells the web browser not
  to pre-fill either of them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1499164/+subscriptions