Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71176

New password and change forms should have autocomplete="new-password"

    XMLWordPrintable

Details

    • MOODLE_400_STABLE
    • MDL-71176-master_password_autocomplete
    • Hide

      Setup requirements:

      1. Site level setup:
        1. Login to the moodle site as a siteadministrator
        2. Navigate to Site administration > Plugins > Authentication > Manage authentication
        3. Ensure Email-based self-registration is enabled in the Available authentication plugin area, if not, click the eye icon next to it to enable the plugin
        4. On the same page, scroll down to the Common Settings and set 'Self Registration' to 'Email-based self-registration'
        5. On the same page, scroll down and save changes using the Save changes button.
      2. User level setup: (This instruction is created using Firefox v89.0.1)
        1. Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php)
        2. Fill up all the information in the form and create a new account by selecting "Create my new account" button.
        3. At this point, the browser will prompt as "Save login for site:http://urlofhesite"
          Save the password by selecting "Save"
        4. Navigate to the login page (login/index.php)
        5. Confirm the browser either auto-filled the password (if only one saved password saved for this site) or giving an option to select the account to populate password
      3. Test scenario for signup form:
        1. Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php)
        2. Confirm any existing username and password should not be auto populated from the browser or any other password manager
      4. Test scenario for change password form:
        1. Login to your moodle site as a any user having manual authentication
        2. On the top right from the user dropdown, select Preferences
        3. From the User account section, select change password
        4. Confirm the "New password" and "New password (again)" should not populate any saved password from the browser or any other password manager

       

      Show
      Setup requirements: Site level setup: Login to the moodle site as a siteadministrator Navigate to Site administration > Plugins > Authentication > Manage authentication Ensure Email-based self-registration is enabled in the Available authentication plugin area, if not, click the eye icon next to it to enable the plugin On the same page, scroll down to the Common Settings and set 'Self Registration' to 'Email-based self-registration' On the same page, scroll down and save changes using the Save changes button. User level setup: (This instruction is created using Firefox v89.0.1) Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php) Fill up all the information in the form and create a new account by selecting "Create my new account" button. At this point, the browser will prompt as "Save login for site: http://urlofhesite " Save the password by selecting "Save" Navigate to the login page (login/index.php) Confirm the browser either auto-filled the password (if only one saved password saved for this site) or giving an option to select the account to populate password Test scenario for signup form: Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php) Confirm any existing username and password should not be auto populated from the browser or any other password manager Test scenario for change password form: Login to your moodle site as a any user having manual authentication On the top right from the user dropdown, select Preferences From the User account section, select change password Confirm the "New password" and "New password (again)" should not populate any saved password from the browser or any other password manager  

    Description

      What it says on the tin. Best practice is to give the correct html5 markup so that password managers can aid in creating good secure passwords and not get confused with other auto complete types.

      /login/change_password.php

       /login/signup.php?

      https://web.dev/sign-in-form-best-practices/#new-password

       

      Attachments

        Issue Links

          Activity

            People

              safats Safat Shahin
              brendanheywood Brendan Heywood
              Kevin Pham Kevin Pham
              Andrew Lyons Andrew Lyons
              Anna Carissa Sadia Anna Carissa Sadia
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                19/Apr/22

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 10 minutes
                  1h 10m