Vote #62238
未完了views/user/edit, make password fields not-autocomplete (UI fix)
0%
説明
In the user/edit view, Firefox autofills the first password field. This is not useful behavior for a couple reasons:
- It fills in MY password, not the password of the user I'm editing
- The only use for those password fields is for changing passwords -- a user would never want that autofilled
- It fills in only the first password field, not the confirmation, so either I clear the field before I change any attributes on a user, or on validate it tells me the password fields don't match.
I think the best way to fix this is renaming the password form fields so they're not automatically filled in. You could
also clear the fields with javascript onload/dom:ready, and I actually did that at first, but it seemed less elegant.
Pasted the patches for 2 files below... hope this is the right way to do this, it's my first patch.
Index: app/views/users/_form.rhtml¶
--- app/views/users/_form.rhtml (revision 964)
+++ app/views/users/_form.rhtml (working copy)
@@ -22,11 +22,11 @@
<%= f.select :auth_source_id, ([[l(:label_internal), ""]] + @auth_sources.collect { |a| [a.name,
a.id] }), {}, :onchange => "if (this.value=='') {Element.show('password_fields');} else
{Element.hide('password_fields');}" %>
<% end %>
<!--[eoform:user]-->
Index: app/controllers/users_controller.rb¶
--- app/controllers/users_controller.rb (revision 964)
+++ app/controllers/users_controller.rb (working copy)
@@ -57,11 +57,11 @@
@user = User.new(params[:user])
@user.admin = params[:user][:admin] || false
@user.login = params[:user][:login]
- @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
- @user.password, @user.password_confirmation = params[:newpassword], params[:newpassword_confirmation] unless
@user.auth_source_id
@custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect
{ |x| CustomValue.new(:custom_field => x, :customized => @user, :value => (params[:custom_fields]
? params["custom_fields"][x.id.to_s] : nil)) }
@user.custom_values = @custom_values
if @user.save - Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
- Mailer.deliver_account_information(@user, params[:newpassword]) if params[:send_information] flash[:notice] = l(:notice_successful_create) redirect_to :action => 'list' end @@ -76,7 +76,7 @@ else @user.admin = params[:user][:admin] if params[:user][:admin] @user.login = params[:user][:login] if params[:user][:login]
- @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless params[:password].nil? or params[:password].empty? or @user.auth_source_id
- @user.password, @user.password_confirmation = params[:newpassword], params[:newpassword_confirmation] unless params[:newpassword].nil? or params[:newpassword].empty? or @user.auth_source_id if params[:custom_fields] @custom_values = UserCustomField.find(:all, :order => "#{CustomField.table_name}.position").collect { |x| CustomValue.new(:custom_field => x, :customized => @user, :value => params["custom_fields"][x.id.to_s]) } @user.custom_values = @custom_values
journals
I'd rather blame that on the user agent, but it's not the first complaint I read about this (can't find the others though). Could we just rename the password fields where they are not actually intended as authentication?
--------------------------------------------------------------------------------
+1 Yes, please fix this. I'm using Redmine 2.2 / Firefox 17. It might be related to #4043.
--------------------------------------------------------------------------------
Seems to be fixed. Using Redmine 2.3 / Firefox 20 this defect does not occur anymore.
--------------------------------------------------------------------------------
related_issues
relates,New,4043,username/password fields get autocompleted
relates,Closed,12632,Autofilled custom fields in Firefox